mobbdev 1.2.56 → 1.2.57

package/dist/args/commands/upload_ai_blame.mjs

@@ -1445,8 +1445,16 @@ var init_analysis = __esm({
         originalUrl: z3.string(),
         reference: z3.string(),
         commitSha: z3.string(),
-        isKnownBranch: z3.boolean().nullable()
-      }),
+        isKnownBranch: z3.boolean().nullish().default(true)
+      }).nullable().transform(
+        (repo) => repo ?? {
+          name: null,
+          originalUrl: "",
+          reference: "",
+          commitSha: "",
+          isKnownBranch: true
+        }
+      ),
       vulnerabilityReport: z3.object({
         id: z3.string().uuid(),
         vendor: z3.nativeEnum(Vulnerability_Report_Vendor_Enum),
@@ -1937,7 +1945,15 @@ var init_types = __esm({
           reference: z7.string(),
           commitSha: z7.string(),
           isKnownBranch: z7.boolean().nullish().default(true)
-        }),
+        }).nullable().transform(
+          (repo) => repo ?? {
+            name: null,
+            originalUrl: "",
+            reference: "",
+            commitSha: "",
+            isKnownBranch: true
+          }
+        ),
         vulnerabilityReportIssuesFixedCount: z7.object({
           vulnerabilityReportIssues_aggregate: z7.object({
             aggregate: z7.object({ count: z7.number() })
@@ -1958,7 +1974,7 @@ var init_types = __esm({
           file: z7.object({
             id: z7.string().uuid(),
             path: z7.string()
-          }),
+          }).nullable(),
           pending: z7.object({
             aggregate: z7.object({
               count: z7.number()
@@ -2159,7 +2175,13 @@ var init_types = __esm({
           originalUrl: z7.string(),
           reference: z7.string(),
           name: z7.string()
-        }),
+        }).nullable().transform(
+          (repo) => repo ?? {
+            originalUrl: "",
+            reference: "",
+            name: ""
+          }
+        ),
         createdByUser: z7.object({
           email: z7.string()
         }).nullable(),
@@ -7323,6 +7345,9 @@ async function sanitizeDataWithCounts(obj) {
   return { sanitizedData, counts };
 }
 
+// src/utils/with-timeout.ts
+import { setTimeout as delay } from "timers/promises";
+
 // src/features/analysis/upload-file.ts
 import Debug7 from "debug";
 import fetch3, { File, fileFrom, FormData } from "node-fetch";

package/dist/index.mjs

@@ -1660,8 +1660,16 @@ var init_analysis = __esm({
         originalUrl: z8.string(),
         reference: z8.string(),
         commitSha: z8.string(),
-        isKnownBranch: z8.boolean().nullable()
-      }),
+        isKnownBranch: z8.boolean().nullish().default(true)
+      }).nullable().transform(
+        (repo) => repo ?? {
+          name: null,
+          originalUrl: "",
+          reference: "",
+          commitSha: "",
+          isKnownBranch: true
+        }
+      ),
       vulnerabilityReport: z8.object({
         id: z8.string().uuid(),
         vendor: z8.nativeEnum(Vulnerability_Report_Vendor_Enum),
@@ -1982,7 +1990,15 @@ var init_types = __esm({
           reference: z11.string(),
           commitSha: z11.string(),
           isKnownBranch: z11.boolean().nullish().default(true)
-        }),
+        }).nullable().transform(
+          (repo) => repo ?? {
+            name: null,
+            originalUrl: "",
+            reference: "",
+            commitSha: "",
+            isKnownBranch: true
+          }
+        ),
         vulnerabilityReportIssuesFixedCount: z11.object({
           vulnerabilityReportIssues_aggregate: z11.object({
             aggregate: z11.object({ count: z11.number() })
@@ -2003,7 +2019,7 @@ var init_types = __esm({
           file: z11.object({
             id: z11.string().uuid(),
             path: z11.string()
-          }),
+          }).nullable(),
           pending: z11.object({
             aggregate: z11.object({
               count: z11.number()
@@ -2204,7 +2220,13 @@ var init_types = __esm({
           originalUrl: z11.string(),
           reference: z11.string(),
           name: z11.string()
-        }),
+        }).nullable().transform(
+          (repo) => repo ?? {
+            originalUrl: "",
+            reference: "",
+            name: ""
+          }
+        ),
         createdByUser: z11.object({
           email: z11.string()
         }).nullable(),
@@ -6695,9 +6717,9 @@ function transformVisualStudioUrl(url) {
 }
 function _getPublicAdoClient({
   orgName,
-  origin: origin2
+  origin
 }) {
-  const orgUrl = `${origin2}/${orgName}`;
+  const orgUrl = `${origin}/${orgName}`;
   const authHandler = api.getPersonalAccessTokenHandler("");
   authHandler.canHandleAuthentication = () => false;
   authHandler.prepareRequest = (_options) => {
@@ -6759,10 +6781,10 @@ async function getAdoConnectData({
         org: tokenOrg
       };
     }
-    const { owner, origin: origin2, prefixPath } = parseAdoOwnerAndRepo(url);
+    const { owner, origin, prefixPath } = parseAdoOwnerAndRepo(url);
     return {
       org: owner,
-      origin: prefixPath ? `${origin2}/${prefixPath}` : origin2
+      origin: prefixPath ? `${origin}/${prefixPath}` : origin
     };
   }
   if (!tokenOrg) {
@@ -6787,17 +6809,17 @@ function isAdoOnCloud(url) {
   return urlObj.origin.toLowerCase() === DEFUALT_ADO_ORIGIN || urlObj.hostname.toLowerCase().endsWith(".visualstudio.com");
 }
 async function getAdoApiClient(params) {
-  const { origin: origin2 = DEFUALT_ADO_ORIGIN, orgName } = params;
+  const { origin = DEFUALT_ADO_ORIGIN, orgName } = params;
   if (params.tokenType === "NONE" /* NONE */ || // note: move to public client if the token is not associated with the PAT org
   // we're only doing it the ado on the cloud
-  params.tokenType === "PAT" /* PAT */ && params.patTokenOrg !== orgName && isAdoOnCloud(origin2)) {
-    return _getPublicAdoClient({ orgName, origin: origin2 });
+  params.tokenType === "PAT" /* PAT */ && params.patTokenOrg !== orgName && isAdoOnCloud(origin)) {
+    return _getPublicAdoClient({ orgName, origin });
   }
-  const orgUrl = `${origin2}/${orgName}`;
+  const orgUrl = `${origin}/${orgName}`;
   if (params.tokenType === "OAUTH" /* OAUTH */) {
-    if (!isAdoOnCloud(origin2)) {
+    if (!isAdoOnCloud(origin)) {
       throw new Error(
-        `Oauth token is not supported for ADO on prem - ${origin2} `
+        `Oauth token is not supported for ADO on prem - ${origin} `
       );
     }
     const connection2 = new api.WebApi(
@@ -6833,7 +6855,7 @@ function getAdoTokenInfo(token) {
 async function getAdoClientParams(params) {
   const { url, accessToken, tokenOrg } = params;
   const adoTokenInfo = getAdoTokenInfo(accessToken);
-  const { org, origin: origin2 } = await getAdoConnectData({
+  const { org, origin } = await getAdoConnectData({
     url,
     tokenOrg,
     adoTokenInfo
@@ -6842,14 +6864,14 @@ async function getAdoClientParams(params) {
     case "NONE" /* NONE */:
       return {
         tokenType: "NONE" /* NONE */,
-        origin: origin2,
+        origin,
         orgName: org.toLowerCase()
       };
     case "OAUTH" /* OAUTH */: {
       return {
         tokenType: "OAUTH" /* OAUTH */,
         accessToken: adoTokenInfo.accessToken,
-        origin: origin2,
+        origin,
         orgName: org.toLowerCase()
       };
     }
@@ -6858,7 +6880,7 @@ async function getAdoClientParams(params) {
         tokenType: "PAT" /* PAT */,
         accessToken: adoTokenInfo.accessToken,
         patTokenOrg: z17.string().parse(tokenOrg).toLowerCase(),
-        origin: origin2,
+        origin,
         orgName: org.toLowerCase()
       };
     }
@@ -7044,7 +7066,7 @@ async function getAdoSdk(params) {
     }) {
       const { owner, repo, projectName, prefixPath } = parseAdoOwnerAndRepo(repoUrl);
       const url = new URL(repoUrl);
-      const origin2 = url.origin.toLowerCase().endsWith(".visualstudio.com") ? DEFUALT_ADO_ORIGIN : url.origin.toLowerCase();
+      const origin = url.origin.toLowerCase().endsWith(".visualstudio.com") ? DEFUALT_ADO_ORIGIN : url.origin.toLowerCase();
       const params2 = `path=/&versionDescriptor[versionOptions]=0&versionDescriptor[versionType]=commit&versionDescriptor[version]=${branch}&resolveLfs=true&$format=zip&api-version=5.0&download=true`;
       const path27 = [
         prefixPath,
@@ -7057,7 +7079,7 @@ async function getAdoSdk(params) {
         "items",
         "items"
       ].filter(Boolean).join("/");
-      return new URL(`${path27}?${params2}`, origin2).toString();
+      return new URL(`${path27}?${params2}`, origin).toString();
     },
     async getAdoBranchList({ repoUrl }) {
       try {
@@ -7338,7 +7360,8 @@ async function getAdoSdk(params) {
 async function getAdoRepoList({
   orgName,
   tokenOrg,
-  accessToken
+  accessToken,
+  url
 }) {
   let orgs = [];
   const adoTokenInfo = getAdoTokenInfo(accessToken);
@@ -7348,10 +7371,11 @@ async function getAdoRepoList({
   if (adoTokenInfo.type === "OAUTH" /* OAUTH */) {
     orgs = await getOrgsForOauthToken({ oauthToken: accessToken });
   }
-  if (orgs.length === 0 && !orgName) {
+  const effectiveOrgName = orgName || tokenOrg;
+  if (orgs.length === 0 && !effectiveOrgName) {
     throw new Error(`no orgs for ADO`);
-  } else if (orgs.length === 0 && orgName) {
-    orgs = [orgName];
+  } else if (orgs.length === 0 && effectiveOrgName) {
+    orgs = [effectiveOrgName];
   }
   const repos = (await Promise.allSettled(
     orgs.map(async (org) => {
@@ -7359,7 +7383,7 @@ async function getAdoRepoList({
         ...await getAdoClientParams({
           accessToken,
           tokenOrg: tokenOrg || org,
-          url: void 0
+          url
         }),
         orgName: org
       });
@@ -7627,15 +7651,11 @@ var AdoSCMLib = class extends SCMLib {
   }
   async getRepoList(scmOrg) {
     this._validateAccessToken();
-    if (this.url && new URL(this.url).origin !== scmCloudUrl.Ado) {
-      throw new Error(
-        `Oauth token is not supported for ADO on prem - ${origin} `
-      );
-    }
     return getAdoRepoList({
       orgName: scmOrg,
       accessToken: this.accessToken,
-      tokenOrg: this.scmOrg
+      tokenOrg: this.scmOrg,
+      url: this.url
     });
   }
   async getBranchList() {
@@ -7840,15 +7860,11 @@ var AdoSCMLib = class extends SCMLib {
   // getRepositoriesPaged() API per-project for true server-side pagination.
   async searchRepos(params) {
     this._validateAccessToken();
-    if (this.url && new URL(this.url).origin !== scmCloudUrl.Ado) {
-      throw new Error(
-        `Oauth token is not supported for ADO on prem - ${this.url}`
-      );
-    }
     const allRepos = await getAdoRepoList({
       orgName: params.scmOrg,
       accessToken: this.accessToken,
-      tokenOrg: this.scmOrg
+      tokenOrg: this.scmOrg,
+      url: this.url
     });
     allRepos.sort((a, b) => {
       const dateA = a.repoUpdatedAt ? new Date(a.repoUpdatedAt).getTime() : 0;
@@ -8945,17 +8961,30 @@ function getGithubSdk(params = {}) {
     },
     async getGithubRepoList() {
       try {
-        const githubRepos = await octokit.request(GET_USER_REPOS, {
-          sort: "updated"
-        });
-        return githubRepos.data.map((repo) => ({
-          repoName: repo.name,
-          repoUrl: repo.html_url,
-          repoOwner: repo.owner.login,
-          repoLanguages: repo.language ? [repo.language] : [],
-          repoIsPublic: !repo.private,
-          repoUpdatedAt: repo.updated_at
-        }));
+        const allRepos = [];
+        let page = 1;
+        const perPage = 100;
+        let hasMore = true;
+        while (hasMore) {
+          const githubRepos = await octokit.request(GET_USER_REPOS, {
+            sort: "updated",
+            per_page: perPage,
+            page
+          });
+          for (const repo of githubRepos.data) {
+            allRepos.push({
+              repoName: repo.name,
+              repoUrl: repo.html_url,
+              repoOwner: repo.owner.login,
+              repoLanguages: repo.language ? [repo.language] : [],
+              repoIsPublic: !repo.private,
+              repoUpdatedAt: repo.updated_at
+            });
+          }
+          hasMore = githubRepos.data.length >= perPage;
+          page++;
+        }
+        return allRepos;
       } catch (e) {
         if (e instanceof RequestError && e.status === 401) {
           console.warn(
@@ -9378,7 +9407,7 @@ function getGithubSdk(params = {}) {
       if (!org) {
         throw new Error("Organization is required for repository search");
       }
-      const query = `org:${org}`;
+      const query = `org:${org} fork:true`;
       const githubSortField = sort.field === "name" ? void 0 : "updated";
       const response = await octokit.rest.search.repos({
         q: query,
@@ -10139,7 +10168,9 @@ async function searchGitlabProjects({
   url,
   accessToken,
   perPage = 20,
-  page = 1
+  page = 1,
+  orderBy = "created_at",
+  sort = "desc"
 }) {
   if (perPage > GITLAB_MAX_PER_PAGE) {
     throw new Error(
@@ -10147,31 +10178,28 @@ async function searchGitlabProjects({
     );
   }
   const api2 = getGitBeaker({ url, gitlabAuthToken: accessToken });
+  const fetchProjects = (effectiveOrderBy) => api2.Projects.all({
+    membership: true,
+    orderBy: effectiveOrderBy,
+    sort,
+    pagination: "offset",
+    perPage,
+    page,
+    showExpanded: true
+  });
   let response;
-  try {
-    response = await api2.Projects.all({
-      membership: true,
-      orderBy: "last_activity_at",
-      sort: "desc",
-      pagination: "offset",
-      perPage,
-      page,
-      showExpanded: true
-    });
-  } catch (e) {
-    debug4(
-      "[searchGitlabProjects] order_by=last_activity_at failed, falling back to created_at: %s",
-      e instanceof Error ? e.message : String(e)
-    );
-    response = await api2.Projects.all({
-      membership: true,
-      orderBy: "created_at",
-      sort: "desc",
-      pagination: "offset",
-      perPage,
-      page,
-      showExpanded: true
-    });
+  if (orderBy === "last_activity_at") {
+    try {
+      response = await fetchProjects("last_activity_at");
+    } catch (e) {
+      debug4(
+        "[searchGitlabProjects] order_by=last_activity_at failed, falling back to created_at: %s",
+        e instanceof Error ? e.message : String(e)
+      );
+      response = await fetchProjects("created_at");
+    }
+  } else {
+    response = await fetchProjects(orderBy);
   }
   const projects = response.data.map((p) => ({
     id: p.id,
@@ -10933,11 +10961,15 @@ var GitlabSCMLib = class extends SCMLib {
     }
     const page = parseCursorSafe(params.cursor, 1);
     const perPage = params.limit || 10;
+    const sort = params.sort || { field: "updated", order: "desc" };
+    const orderBy = sort.field === "updated" ? "last_activity_at" : "created_at";
     const { projects, hasMore } = await searchGitlabProjects({
       url: this.url,
       accessToken: this.accessToken,
       perPage,
-      page
+      page,
+      orderBy,
+      sort: sort.order
     });
     const includeLanguages = params.includeLanguages !== false;
     const languageMap = /* @__PURE__ */ new Map();
@@ -11127,29 +11159,29 @@ var StubSCMLib = class extends SCMLib {
 };
 
 // src/features/analysis/scm/scmFactory.ts
-async function createScmLib({ url, accessToken, scmType, scmOrg }, { propagateExceptions = false } = {}) {
+async function createScmLib({ url, accessToken, scmType, scmOrg }, { propagateExceptions = false, skipValidation = false } = {}) {
   const trimmedUrl = url ? url.trim().replace(/\/$/, "").replace(/.git$/i, "") : void 0;
   try {
     switch (scmType) {
       case "GITHUB" /* GITHUB */: {
         const scm = new GithubSCMLib(trimmedUrl, accessToken, scmOrg);
-        await scm.validateParams();
+        if (!skipValidation) await scm.validateParams();
         return scm;
       }
       case "GITLAB" /* GITLAB */: {
         const scm = new GitlabSCMLib(trimmedUrl, accessToken, scmOrg);
-        await scm.validateParams();
+        if (!skipValidation) await scm.validateParams();
         return scm;
       }
       case "ADO" /* ADO */: {
         const scm = new AdoSCMLib(trimmedUrl, accessToken, scmOrg);
         await scm.getAdoSdk();
-        await scm.validateParams();
+        if (!skipValidation) await scm.validateParams();
         return scm;
       }
       case "BITBUCKET" /* BITBUCKET */: {
         const scm = new BitbucketSCMLib(trimmedUrl, accessToken, scmOrg);
-        await scm.validateParams();
+        if (!skipValidation) await scm.validateParams();
         return scm;
       }
     }
@@ -13659,8 +13691,21 @@ async function uploadAiBlameCommandHandler(args) {
   await uploadAiBlameHandler({ args });
 }
 
+// src/utils/with-timeout.ts
+import { setTimeout as delay } from "timers/promises";
+function withTimeout(promise, ms, label) {
+  const ac = new AbortController();
+  return Promise.race([
+    promise.finally(() => ac.abort()),
+    delay(ms, void 0, { signal: ac.signal }).then(() => {
+      throw new Error(`${label} timed out after ${ms}ms`);
+    })
+  ]);
+}
+
 // src/features/analysis/graphql/tracy-batch-upload.ts
 var debug10 = Debug9("mobbdev:tracy-batch-upload");
+var BATCH_TIMEOUT_MS = 3e4;
 async function sanitizeRawData(rawData) {
   try {
     const sanitized = await sanitizeData(rawData);
@@ -13677,6 +13722,7 @@ async function prepareAndSendTracyRecords(client, rawRecords, workingDir) {
   const repositoryUrl = await getRepositoryUrl(workingDir);
   const { computerName, userName } = getSystemInfo();
   const clientVersion = packageJson.version;
+  debug10("[step:sanitize] Sanitizing %d records", rawRecords.length);
   const serializedRawDataByIndex = /* @__PURE__ */ new Map();
   const records = await Promise.all(
     rawRecords.map(async (record, index) => {
@@ -13696,21 +13742,47 @@ async function prepareAndSendTracyRecords(client, rawRecords, workingDir) {
   );
   const recordsWithRawData = rawRecords.map((r, i) => ({ recordId: r.recordId, index: i })).filter((entry) => serializedRawDataByIndex.has(entry.index));
   if (recordsWithRawData.length > 0) {
-    debug10("Uploading %d rawData files to S3...", recordsWithRawData.length);
-    const uploadUrlResult = await client.getTracyRawDataUploadUrl();
+    debug10(
+      "[step:s3-url] Requesting presigned URL for %d rawData files",
+      recordsWithRawData.length
+    );
+    let uploadUrlResult;
+    try {
+      uploadUrlResult = await withTimeout(
+        client.getTracyRawDataUploadUrl(),
+        BATCH_TIMEOUT_MS,
+        "[step:s3-url] getTracyRawDataUploadUrl"
+      );
+    } catch (err) {
+      return {
+        ok: false,
+        errors: [
+          `[step:s3-url] Failed to fetch S3 upload URL: ${err.message}`
+        ]
+      };
+    }
     const { url, uploadFieldsJSON, keyPrefix } = uploadUrlResult.getTracyRawDataUploadUrl;
     if (!url || !uploadFieldsJSON || !keyPrefix) {
       return {
         ok: false,
-        errors: ["Failed to get S3 upload URL for rawData"]
+        errors: [
+          `[step:s3-url] Missing S3 upload fields (url=${!!url}, fields=${!!uploadFieldsJSON}, prefix=${!!keyPrefix})`
+        ]
       };
     }
     let uploadFields;
     try {
       uploadFields = JSON.parse(uploadFieldsJSON);
     } catch {
-      return { ok: false, errors: ["Malformed uploadFieldsJSON from server"] };
+      return {
+        ok: false,
+        errors: ["[step:s3-url] Malformed uploadFieldsJSON from server"]
+      };
     }
+    debug10(
+      "[step:s3-upload] Uploading %d files to S3",
+      recordsWithRawData.length
+    );
     const uploadResults = await Promise.allSettled(
       recordsWithRawData.map(async (entry) => {
         const rawDataJson = serializedRawDataByIndex.get(entry.index);
@@ -13719,48 +13791,59 @@ async function prepareAndSendTracyRecords(client, rawRecords, workingDir) {
           return;
         }
         const uploadKey = `${keyPrefix}${entry.recordId}.json`;
-        await uploadFile({
-          file: Buffer.from(rawDataJson, "utf-8"),
-          url,
-          uploadKey,
-          uploadFields
-        });
+        await withTimeout(
+          uploadFile({
+            file: Buffer.from(rawDataJson, "utf-8"),
+            url,
+            uploadKey,
+            uploadFields
+          }),
+          BATCH_TIMEOUT_MS,
+          `[step:s3-upload] uploadFile ${entry.recordId}`
+        );
         records[entry.index].rawDataS3Key = uploadKey;
       })
     );
     const uploadErrors = uploadResults.filter((r) => r.status === "rejected").map((r) => r.reason.message);
     if (uploadErrors.length > 0) {
-      debug10("S3 upload errors: %O", uploadErrors);
+      debug10("[step:s3-upload] S3 upload errors: %O", uploadErrors);
     }
     const missingS3Keys = recordsWithRawData.filter(
       (entry) => !records[entry.index].rawDataS3Key
     );
     if (missingS3Keys.length > 0) {
       const missingIds = missingS3Keys.map((e) => e.recordId);
-      debug10("Records missing S3 keys after upload: %O", missingIds);
+      debug10("[step:s3-upload] Records missing S3 keys: %O", missingIds);
       return {
         ok: false,
         errors: [
-          `Failed to upload rawData to S3 for ${missingS3Keys.length} record(s): ${missingIds.join(", ")}`,
+          `[step:s3-upload] Failed to upload rawData for ${missingS3Keys.length} record(s): ${missingIds.join(", ")}`,
           ...uploadErrors
         ]
       };
     }
-    debug10("S3 uploads complete");
+    debug10("[step:s3-upload] S3 uploads complete");
   }
+  debug10("[step:gql-submit] Submitting %d records via GraphQL", records.length);
   try {
-    const result = await client.uploadTracyRecords({ records });
+    const result = await withTimeout(
+      client.uploadTracyRecords({ records }),
+      BATCH_TIMEOUT_MS,
+      "[step:gql-submit] uploadTracyRecords"
+    );
     if (result.uploadTracyRecords.status !== "OK") {
       return {
         ok: false,
-        errors: [result.uploadTracyRecords.error ?? "Unknown server error"]
+        errors: [
+          `[step:gql-submit] Server rejected: ${result.uploadTracyRecords.error ?? "Unknown server error"}`
+        ]
       };
     }
   } catch (err) {
-    debug10("Upload failed: %s", err.message);
+    debug10("[step:gql-submit] Upload failed: %s", err.message);
     return {
       ok: false,
-      errors: [err.message]
+      errors: [`[step:gql-submit] ${err.message}`]
     };
   }
   return { ok: true, errors: null };
@@ -16297,7 +16380,7 @@ async function analyzeHandler(args) {
 
 // src/features/claude_code/data_collector.ts
 import { createHash as createHash2 } from "crypto";
-import { open as open4, readdir, readFile, unlink } from "fs/promises";
+import { access, open as open4, readdir, readFile, unlink } from "fs/promises";
 import path13 from "path";
 import { z as z33 } from "zod";
 init_client_generates();
@@ -16583,7 +16666,7 @@ function createLogger(config2) {
 
 // src/features/claude_code/hook_logger.ts
 var DD_RUM_TOKEN = true ? "pubf59c0182545bfb4c299175119f1abf9b" : "";
-var CLI_VERSION = true ? "1.2.56" : "unknown";
+var CLI_VERSION = true ? "1.2.57" : "unknown";
 var NAMESPACE = "mobbdev-claude-code-hook-logs";
 function createHookLogger(scopePath) {
   return createLogger({
@@ -16622,10 +16705,15 @@ function createScopedHookLog(scopePath) {
 }
 
 // src/features/claude_code/data_collector.ts
+var GLOBAL_COOLDOWN_MS = 5e3;
 var HOOK_COOLDOWN_MS = 1e4;
+var ACTIVE_LOCK_TTL_MS = 6e4;
+var GQL_AUTH_TIMEOUT_MS = 15e3;
 var STALE_KEY_MAX_AGE_MS = 14 * 24 * 60 * 60 * 1e3;
 var CLEANUP_INTERVAL_MS = 24 * 60 * 60 * 1e3;
+var MAX_ENTRIES_PER_INVOCATION = 100;
 var COOLDOWN_KEY = "lastHookRunAt";
+var ACTIVE_KEY = "hookActiveAt";
 var HookDataSchema = z33.object({
   session_id: z33.string(),
   transcript_path: z33.string(),
@@ -16658,9 +16746,12 @@ async function readStdinData() {
       clearTimeout(timer);
       try {
         const parsedData = JSON.parse(inputData);
-        hookLog.debug("Parsed stdin data", {
-          keys: Object.keys(parsedData)
-        });
+        hookLog.debug(
+          {
+            data: { keys: Object.keys(parsedData) }
+          },
+          "Parsed stdin data"
+        );
         resolve(parsedData);
       } catch (error) {
         const msg = `Failed to parse JSON from stdin: ${error.message}`;
@@ -16672,7 +16763,10 @@ async function readStdinData() {
       if (settled) return;
       settled = true;
       clearTimeout(timer);
-      hookLog.error("Error reading from stdin", { error: error.message });
+      hookLog.error(
+        { data: { error: error.message } },
+        "Error reading from stdin"
+      );
       reject(new Error(`Error reading from stdin: ${error.message}`));
     });
   });
@@ -16689,7 +16783,63 @@ function getCursorKey(transcriptPath) {
   const hash = createHash2("sha256").update(transcriptPath).digest("hex").slice(0, 12);
   return `cursor.${hash}`;
 }
+async function resolveTranscriptPath(transcriptPath, sessionId) {
+  try {
+    await access(transcriptPath);
+    return transcriptPath;
+  } catch {
+  }
+  const filename = path13.basename(transcriptPath);
+  const dirName = path13.basename(path13.dirname(transcriptPath));
+  const projectsDir = path13.dirname(path13.dirname(transcriptPath));
+  const baseDirName = dirName.replace(/[-.]claude-worktrees-.+$/, "");
+  if (baseDirName !== dirName) {
+    const candidate = path13.join(projectsDir, baseDirName, filename);
+    try {
+      await access(candidate);
+      hookLog.info(
+        {
+          data: {
+            original: transcriptPath,
+            resolved: candidate,
+            sessionId,
+            method: "worktree-strip"
+          }
+        },
+        "Transcript path resolved via fallback"
+      );
+      return candidate;
+    } catch {
+    }
+  }
+  try {
+    const dirs = await readdir(projectsDir);
+    for (const dir of dirs) {
+      if (dir === dirName) continue;
+      const candidate = path13.join(projectsDir, dir, filename);
+      try {
+        await access(candidate);
+        hookLog.info(
+          {
+            data: {
+              original: transcriptPath,
+              resolved: candidate,
+              sessionId,
+              method: "sibling-scan"
+            }
+          },
+          "Transcript path resolved via fallback"
+        );
+        return candidate;
+      } catch {
+      }
+    }
+  } catch {
+  }
+  return transcriptPath;
+}
 async function readNewTranscriptEntries(transcriptPath, sessionId, sessionStore) {
+  transcriptPath = await resolveTranscriptPath(transcriptPath, sessionId);
   const cursor = sessionStore.get(getCursorKey(transcriptPath));
   let content;
   let fileSize;
@@ -16700,8 +16850,8 @@ async function readNewTranscriptEntries(transcriptPath, sessionId, sessionStore)
       const stat = await fh.stat();
       fileSize = stat.size;
       if (cursor.byteOffset >= stat.size) {
-        hookLog.info("No new data in transcript file", { sessionId });
-        return { entries: [], fileSize };
+        hookLog.info({ data: { sessionId } }, "No new data in transcript file");
+        return { entries: [], endByteOffset: fileSize };
       }
       const buf = Buffer.alloc(stat.size - cursor.byteOffset);
       await fh.read(buf, 0, buf.length, cursor.byteOffset);
@@ -16710,53 +16860,84 @@ async function readNewTranscriptEntries(transcriptPath, sessionId, sessionStore)
       await fh.close();
     }
     lineIndexOffset = cursor.byteOffset;
-    hookLog.debug("Read transcript file from offset", {
-      transcriptPath,
-      byteOffset: cursor.byteOffset,
-      bytesRead: content.length
-    });
+    hookLog.debug(
+      {
+        data: {
+          transcriptPath,
+          byteOffset: cursor.byteOffset,
+          bytesRead: content.length
+        }
+      },
+      "Read transcript file from offset"
+    );
   } else {
     content = await readFile(transcriptPath, "utf-8");
     fileSize = Buffer.byteLength(content, "utf-8");
     lineIndexOffset = 0;
-    hookLog.debug("Read full transcript file", {
-      transcriptPath,
-      totalBytes: fileSize
-    });
+    hookLog.debug(
+      { data: { transcriptPath, totalBytes: fileSize } },
+      "Read full transcript file"
+    );
   }
-  const lines = content.split("\n").filter((line) => line.trim().length > 0);
+  const startOffset = cursor?.byteOffset ?? 0;
+  const allLines = content.split("\n");
   const parsed = [];
   let malformedLines = 0;
-  for (let i = 0; i < lines.length; i++) {
+  let bytesConsumed = 0;
+  let parsedLineIndex = 0;
+  for (let i = 0; i < allLines.length; i++) {
+    const line = allLines[i];
+    const lineBytes = Buffer.byteLength(line, "utf-8") + (i < allLines.length - 1 ? 1 : 0);
+    if (parsed.length >= MAX_ENTRIES_PER_INVOCATION) break;
+    bytesConsumed += lineBytes;
+    if (line.trim().length === 0) continue;
     try {
-      const entry = JSON.parse(lines[i]);
+      const entry = JSON.parse(line);
       const recordId = entry.uuid ?? generateSyntheticId(
         entry.sessionId,
         entry.timestamp,
         entry.type,
-        lineIndexOffset + i
+        lineIndexOffset + parsedLineIndex
       );
       parsed.push({ ...entry, _recordId: recordId });
     } catch {
       malformedLines++;
     }
+    parsedLineIndex++;
   }
+  const endByteOffset = startOffset + bytesConsumed;
+  const capped = parsed.length >= MAX_ENTRIES_PER_INVOCATION;
   if (malformedLines > 0) {
-    hookLog.warn("Skipped malformed lines", { malformedLines, transcriptPath });
+    hookLog.warn(
+      { data: { malformedLines, transcriptPath } },
+      "Skipped malformed lines"
+    );
   }
-  if (!cursor) {
-    hookLog.info("First invocation for session \u2014 uploading all entries", {
-      sessionId,
-      totalEntries: parsed.length
-    });
+  if (capped) {
+    hookLog.info(
+      {
+        data: {
+          sessionId,
+          entriesParsed: parsed.length,
+          totalLines: allLines.length
+        }
+      },
+      "Capped at MAX_ENTRIES_PER_INVOCATION, remaining entries deferred"
+    );
+  } else if (!cursor) {
+    hookLog.info(
+      { data: { sessionId, totalEntries: parsed.length } },
+      "First invocation for session \u2014 uploading all entries"
+    );
   } else {
-    hookLog.info("Resuming from byte offset", {
-      sessionId,
-      byteOffset: cursor.byteOffset,
-      newEntries: parsed.length
-    });
+    hookLog.info(
+      {
+        data: { sessionId, byteOffset: startOffset, newEntries: parsed.length }
+      },
+      "Resuming from byte offset"
+    );
   }
-  return { entries: parsed, fileSize };
+  return { entries: parsed, endByteOffset };
 }
 var FILTERED_PROGRESS_SUBTYPES = /* @__PURE__ */ new Set([
   // Incremental streaming output from running bash commands, emitted every
@@ -16851,7 +17032,7 @@ async function cleanupStaleSessions(sessionStore) {
       }
     }
     if (deletedCount > 0) {
-      hookLog.info("Cleaned up stale session files", { deletedCount });
+      hookLog.info({ data: { deletedCount } }, "Cleaned up stale session files");
     }
   } catch {
   }
@@ -16859,31 +17040,61 @@ async function cleanupStaleSessions(sessionStore) {
 }
 async function processAndUploadTranscriptEntries() {
   hookLog.info("Hook invoked");
+  const globalLastRun = configStore.get("claudeCode.globalLastHookRunAt");
+  const globalNow = Date.now();
+  if (globalLastRun && globalNow - globalLastRun < GLOBAL_COOLDOWN_MS) {
+    return { entriesUploaded: 0, entriesSkipped: 0, errors: 0 };
+  }
+  configStore.set("claudeCode.globalLastHookRunAt", globalNow);
   const rawData = await readStdinData();
   const hookData = validateHookData(rawData);
   const sessionStore = createSessionConfigStore(hookData.session_id);
   await cleanupStaleSessions(sessionStore);
+  const now = Date.now();
   const lastRunAt = sessionStore.get(COOLDOWN_KEY);
-  if (lastRunAt && Date.now() - lastRunAt < HOOK_COOLDOWN_MS) {
+  if (lastRunAt && now - lastRunAt < HOOK_COOLDOWN_MS) {
+    return { entriesUploaded: 0, entriesSkipped: 0, errors: 0 };
+  }
+  const activeAt = sessionStore.get(ACTIVE_KEY);
+  if (activeAt && now - activeAt < ACTIVE_LOCK_TTL_MS) {
+    const activeDuration = now - activeAt;
+    if (activeDuration > HOOK_COOLDOWN_MS) {
+      hookLog.warn(
+        {
+          data: {
+            activeDurationMs: activeDuration,
+            sessionId: hookData.session_id
+          }
+        },
+        "Hook still active \u2014 possible slow upload or hung process"
+      );
+    }
     return { entriesUploaded: 0, entriesSkipped: 0, errors: 0 };
   }
-  sessionStore.set(COOLDOWN_KEY, Date.now());
+  sessionStore.set(ACTIVE_KEY, now);
+  sessionStore.set(COOLDOWN_KEY, now);
   const log2 = createScopedHookLog(hookData.cwd);
-  log2.info("Hook data validated", {
-    sessionId: hookData.session_id,
-    toolName: hookData.tool_name,
-    hookEvent: hookData.hook_event_name,
-    cwd: hookData.cwd
-  });
+  log2.info(
+    {
+      data: {
+        sessionId: hookData.session_id,
+        toolName: hookData.tool_name,
+        hookEvent: hookData.hook_event_name,
+        cwd: hookData.cwd
+      }
+    },
+    "Hook data validated"
+  );
   try {
     return await processTranscript(hookData, sessionStore, log2);
   } finally {
+    sessionStore.delete(ACTIVE_KEY);
     log2.flushLogs();
   }
 }
 async function processTranscript(hookData, sessionStore, log2) {
   const cursorKey = getCursorKey(hookData.transcript_path);
-  const { entries: rawEntries, fileSize } = await readNewTranscriptEntries(
+  const { entries: rawEntries, endByteOffset } = await readNewTranscriptEntries(
     hookData.transcript_path,
     hookData.session_id,
     sessionStore
@@ -16894,10 +17105,10 @@ async function processTranscript(hookData, sessionStore, log2) {
   }
   const { filtered: entries, filteredOut } = filterEntries(rawEntries);
   if (filteredOut > 0) {
-    log2.info("Filtered out noise entries", {
-      filteredOut,
-      remaining: entries.length
-    });
+    log2.info(
+      { data: { filteredOut, remaining: entries.length } },
+      "Filtered out noise entries"
+    );
   }
   if (entries.length === 0) {
     log2.info("All entries filtered out, nothing to upload");
@@ -16905,7 +17116,7 @@ async function processTranscript(hookData, sessionStore, log2) {
     const prevCursor = sessionStore.get(cursorKey);
     const cursor = {
       id: lastEntry._recordId,
-      byteOffset: fileSize,
+      byteOffset: endByteOffset,
       updatedAt: Date.now(),
       lastModel: prevCursor?.lastModel
     };
@@ -16916,10 +17127,32 @@ async function processTranscript(hookData, sessionStore, log2) {
       errors: 0
     };
   }
-  const gqlClient = await log2.timed(
-    "GQL auth",
-    () => getAuthenticatedGQLClient({ isSkipPrompts: true })
-  );
+  let gqlClient;
+  try {
+    gqlClient = await log2.timed(
+      "GQL auth",
+      () => withTimeout(
+        getAuthenticatedGQLClient({ isSkipPrompts: true }),
+        GQL_AUTH_TIMEOUT_MS,
+        "GQL auth"
+      )
+    );
+  } catch (err) {
+    log2.error(
+      {
+        data: {
+          error: String(err),
+          stack: err instanceof Error ? err.stack : void 0
+        }
+      },
+      "GQL auth failed"
+    );
+    return {
+      entriesUploaded: 0,
+      entriesSkipped: filteredOut,
+      errors: entries.length
+    };
+  }
   const cursorForModel = sessionStore.get(cursorKey);
   let lastSeenModel = cursorForModel?.lastModel ?? null;
   const records = entries.map((entry) => {
@@ -16943,12 +17176,17 @@ async function processTranscript(hookData, sessionStore, log2) {
       rawData: rawEntry
     };
   });
-  log2.info("Uploading batch", {
-    count: records.length,
-    skipped: filteredOut,
-    firstRecordId: records[0]?.recordId,
-    lastRecordId: records[records.length - 1]?.recordId
-  });
+  log2.info(
+    {
+      data: {
+        count: records.length,
+        skipped: filteredOut,
+        firstRecordId: records[0]?.recordId,
+        lastRecordId: records[records.length - 1]?.recordId
+      }
+    },
+    "Uploading batch"
+  );
   const result = await log2.timed(
     "Batch upload",
     () => prepareAndSendTracyRecords(gqlClient, records, hookData.cwd)
@@ -16957,7 +17195,7 @@ async function processTranscript(hookData, sessionStore, log2) {
     const lastRawEntry = rawEntries[rawEntries.length - 1];
     const cursor = {
       id: lastRawEntry._recordId,
-      byteOffset: fileSize,
+      byteOffset: endByteOffset,
       updatedAt: Date.now(),
       lastModel: lastSeenModel ?? void 0
     };
@@ -16972,7 +17210,10 @@ async function processTranscript(hookData, sessionStore, log2) {
       errors: 0
     };
   }
-  log2.error("Batch upload had errors", { errors: result.errors });
+  log2.error(
+    { data: { errors: result.errors, recordCount: entries.length } },
+    "Batch upload had errors"
+  );
   return {
     entriesUploaded: 0,
     entriesSkipped: filteredOut,
@@ -17115,33 +17356,48 @@ var claudeCodeProcessHookHandler = async () => {
     }
   }
   process.on("uncaughtException", (error) => {
-    hookLog.error("Uncaught exception in hook", {
-      error: String(error),
-      stack: error.stack
-    });
+    hookLog.error(
+      { data: { error: String(error), stack: error.stack } },
+      "Uncaught exception in hook"
+    );
     void flushAndExit(1);
   });
   process.on("unhandledRejection", (reason) => {
-    hookLog.error("Unhandled rejection in hook", {
-      error: String(reason),
-      stack: reason instanceof Error ? reason.stack : void 0
-    });
+    hookLog.error(
+      {
+        data: {
+          error: String(reason),
+          stack: reason instanceof Error ? reason.stack : void 0
+        }
+      },
+      "Unhandled rejection in hook"
+    );
     void flushAndExit(1);
   });
   let exitCode = 0;
   try {
     const result = await processAndUploadTranscriptEntries();
-    hookLog.info("Claude Code upload complete", {
-      entriesUploaded: result.entriesUploaded,
-      entriesSkipped: result.entriesSkipped,
-      errors: result.errors
-    });
+    hookLog.info(
+      {
+        data: {
+          entriesUploaded: result.entriesUploaded,
+          entriesSkipped: result.entriesSkipped,
+          errors: result.errors
+        }
+      },
+      "Claude Code upload complete"
+    );
   } catch (error) {
     exitCode = 1;
-    hookLog.error("Failed to process Claude Code hook", {
-      error: String(error),
-      stack: error instanceof Error ? error.stack : void 0
-    });
+    hookLog.error(
+      {
+        data: {
+          error: String(error),
+          stack: error instanceof Error ? error.stack : void 0
+        }
+      },
+      "Failed to process Claude Code hook"
+    );
   }
   await flushAndExit(exitCode);
 };

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "mobbdev",
-  "version": "1.2.56",
+  "version": "1.2.57",
   "description": "Automated secure code remediation tool",
   "repository": "git+https://github.com/mobb-dev/bugsy.git",
   "main": "dist/index.mjs",