mobbdev 1.2.60 → 1.2.65

package/dist/args/commands/upload_ai_blame.mjs

@@ -5518,21 +5518,6 @@ Make sure the input is not:
   - \`Runtime.getRuntime().exec(new String[] {"perl", "-e", "print '" + input + "'"});\``,
     guidance: () => ""
   },
-  isPlainCommandArgument: {
-    content: () => "Is the input an argument of a plain command?",
-    description: () => `Examples for "yes" answer:
-
-  - \`Runtime.getRuntime().exec("git clone " + input);\`
-  - \`Runtime.getRuntime().exec("curl " + input);\`
-  - \`Runtime.getRuntime().exec("cat " + input);\`
-  
-Examples for "no" answer:
-
-  - \`Runtime.getRuntime().exec("cmd /c " + input);\`
-  - \`Runtime.getRuntime().exec("sh -c " + input);\`
-  - \`Runtime.getRuntime().exec("perl -e " + input);\``,
-    guidance: () => ""
-  },
   installApacheCommonsText: {
     content: () => "Is the Apache Commons library (org.apache.commons) included in your project, if not, can you add it?",
     description: () => "Apache Commons Text is a library focused on algorithms working on strings.",
@@ -7209,7 +7194,17 @@ import Debug8 from "debug";
 
 // src/utils/sanitize-sensitive-data.ts
 import { OpenRedaction } from "@openredaction/openredaction";
+var ADO_PAT_PATTERN = {
+  type: "AZURE_DEVOPS_PAT",
+  regex: /\b[a-zA-Z0-9]{20,}JQQJ99[a-zA-Z0-9]{10,52}\b/g,
+  priority: 95,
+  placeholder: "[ADO_PAT_{n}]",
+  description: "Azure DevOps Personal Access Token",
+  severity: "high",
+  validator: (match) => match.length >= 52 && match.length <= 100
+};
 var openRedaction = new OpenRedaction({
+  customPatterns: [ADO_PAT_PATTERN],
   patterns: [
     // Core Personal Data
     // Removed EMAIL - causes false positives in code/test snippets (e.g. --author="Eve Author <eve@example.com>")
@@ -7280,7 +7275,9 @@ var openRedaction = new OpenRedaction({
     "STRIPE_API_KEY",
     "GOOGLE_API_KEY",
     "FIREBASE_API_KEY",
-    "HEROKU_API_KEY",
+    // Removed HEROKU_API_KEY - its regex matches ALL UUIDs ([a-f0-9]{8}-[a-f0-9]{4}-...)
+    // and the validator triggers on "auth" anywhere in context (e.g. "oauth2" in user IDs).
+    // This causes false positives on every UUID when OAuth-related strings are nearby.
     "MAILGUN_API_KEY",
     "SENDGRID_API_KEY",
     "TWILIO_API_KEY",
@@ -7305,7 +7302,11 @@ async function sanitizeDataWithCounts(obj) {
   const counts = {
     detections: { total: 0, high: 0, medium: 0, low: 0 }
   };
+  const MAX_SCAN_LENGTH = 1e5;
   const sanitizeString = async (str) => {
+    if (str.length > MAX_SCAN_LENGTH) {
+      return str;
+    }
     let result = str;
     const piiDetections = openRedaction.scan(str);
     if (piiDetections && piiDetections.total > 0) {

package/dist/index.mjs

@@ -5269,21 +5269,6 @@ Make sure the input is not:
   - \`Runtime.getRuntime().exec(new String[] {"perl", "-e", "print '" + input + "'"});\``,
     guidance: () => ""
   },
-  isPlainCommandArgument: {
-    content: () => "Is the input an argument of a plain command?",
-    description: () => `Examples for "yes" answer:
-
-  - \`Runtime.getRuntime().exec("git clone " + input);\`
-  - \`Runtime.getRuntime().exec("curl " + input);\`
-  - \`Runtime.getRuntime().exec("cat " + input);\`
-  
-Examples for "no" answer:
-
-  - \`Runtime.getRuntime().exec("cmd /c " + input);\`
-  - \`Runtime.getRuntime().exec("sh -c " + input);\`
-  - \`Runtime.getRuntime().exec("perl -e " + input);\``,
-    guidance: () => ""
-  },
   installApacheCommonsText: {
     content: () => "Is the Apache Commons library (org.apache.commons) included in your project, if not, can you add it?",
     description: () => "Apache Commons Text is a library focused on algorithms working on strings.",
@@ -13186,7 +13171,17 @@ function getStableComputerName() {
 
 // src/utils/sanitize-sensitive-data.ts
 import { OpenRedaction } from "@openredaction/openredaction";
+var ADO_PAT_PATTERN = {
+  type: "AZURE_DEVOPS_PAT",
+  regex: /\b[a-zA-Z0-9]{20,}JQQJ99[a-zA-Z0-9]{10,52}\b/g,
+  priority: 95,
+  placeholder: "[ADO_PAT_{n}]",
+  description: "Azure DevOps Personal Access Token",
+  severity: "high",
+  validator: (match) => match.length >= 52 && match.length <= 100
+};
 var openRedaction = new OpenRedaction({
+  customPatterns: [ADO_PAT_PATTERN],
   patterns: [
     // Core Personal Data
     // Removed EMAIL - causes false positives in code/test snippets (e.g. --author="Eve Author <eve@example.com>")
@@ -13257,7 +13252,9 @@ var openRedaction = new OpenRedaction({
     "STRIPE_API_KEY",
     "GOOGLE_API_KEY",
     "FIREBASE_API_KEY",
-    "HEROKU_API_KEY",
+    // Removed HEROKU_API_KEY - its regex matches ALL UUIDs ([a-f0-9]{8}-[a-f0-9]{4}-...)
+    // and the validator triggers on "auth" anywhere in context (e.g. "oauth2" in user IDs).
+    // This causes false positives on every UUID when OAuth-related strings are nearby.
     "MAILGUN_API_KEY",
     "SENDGRID_API_KEY",
     "TWILIO_API_KEY",
@@ -13282,7 +13279,11 @@ async function sanitizeDataWithCounts(obj) {
   const counts = {
     detections: { total: 0, high: 0, medium: 0, low: 0 }
   };
+  const MAX_SCAN_LENGTH = 1e5;
   const sanitizeString = async (str) => {
+    if (str.length > MAX_SCAN_LENGTH) {
+      return str;
+    }
     let result = str;
     const piiDetections = openRedaction.scan(str);
     if (piiDetections && piiDetections.total > 0) {
@@ -16394,9 +16395,11 @@ async function analyzeHandler(args) {
 }
 
 // src/features/claude_code/data_collector.ts
+import { execFile } from "child_process";
 import { createHash as createHash2 } from "crypto";
 import { access, open as open4, readdir, readFile, unlink } from "fs/promises";
 import path14 from "path";
+import { promisify } from "util";
 import { z as z33 } from "zod";
 init_client_generates();
 
@@ -16552,7 +16555,10 @@ function createDdBatch(config2) {
       }
     });
   }
-  return { enqueue, flush, flushAsync, dispose, createPinoStream };
+  function updateDdTags(ddtags) {
+    config2.ddtags = ddtags;
+  }
+  return { enqueue, flush, flushAsync, dispose, createPinoStream, updateDdTags };
 }
 
 // src/utils/shared-logger/hostname.ts
@@ -16665,6 +16671,11 @@ function createLogger(config2) {
       ddBatch.dispose();
     }
   }
+  function updateDdTags(newDdTags) {
+    if (ddBatch) {
+      ddBatch.updateDdTags(newDdTags);
+    }
+  }
   return {
     info,
     warn,
@@ -16675,14 +16686,23 @@ function createLogger(config2) {
     flushLogs: flushLogs2,
     flushDdAsync,
     disposeDd,
-    setScopePath: csStream.setScopePath
+    setScopePath: csStream.setScopePath,
+    updateDdTags
   };
 }
 
 // src/features/claude_code/hook_logger.ts
 var DD_RUM_TOKEN = true ? "pubf59c0182545bfb4c299175119f1abf9b" : "";
-var CLI_VERSION = true ? "1.2.60" : "unknown";
+var CLI_VERSION = true ? "1.2.65" : "unknown";
 var NAMESPACE = "mobbdev-claude-code-hook-logs";
+var claudeCodeVersion;
+function buildDdTags() {
+  const tags = [`version:${CLI_VERSION}`];
+  if (claudeCodeVersion) {
+    tags.push(`cc_version:${claudeCodeVersion}`);
+  }
+  return tags.join(",");
+}
 function createHookLogger(scopePath) {
   return createLogger({
     namespace: NAMESPACE,
@@ -16691,7 +16711,7 @@ function createHookLogger(scopePath) {
       apiKey: DD_RUM_TOKEN,
       ddsource: "mobbdev-cli",
       service: "mobbdev-cli-hook",
-      ddtags: `version:${CLI_VERSION}`,
+      ddtags: buildDdTags(),
       hostnameMode: "hashed",
       unrefTimer: true
     }
@@ -16700,6 +16720,13 @@ function createHookLogger(scopePath) {
 var logger = createHookLogger();
 var activeScopedLoggers = [];
 var hookLog = logger;
+function setClaudeCodeVersion(version) {
+  claudeCodeVersion = version;
+  logger.updateDdTags(buildDdTags());
+}
+function getClaudeCodeVersion() {
+  return claudeCodeVersion;
+}
 function flushLogs() {
   logger.flushLogs();
   for (const scoped of activeScopedLoggers) {
@@ -16725,8 +16752,7 @@ import os5 from "os";
 import path13 from "path";
 import chalk11 from "chalk";
 var CLAUDE_SETTINGS_PATH = path13.join(os5.homedir(), ".claude", "settings.json");
-var RECOMMENDED_MATCHER = "Bash|Write|Edit|Agent|Read";
-var STALE_MATCHERS = /* @__PURE__ */ new Set(["", "*", "Edit|Write"]);
+var RECOMMENDED_MATCHER = "Write|Edit";
 async function claudeSettingsExists() {
   try {
     await fsPromises4.access(CLAUDE_SETTINGS_PATH);
@@ -16758,12 +16784,19 @@ async function autoUpgradeMatcherIfStale() {
     let upgraded = false;
     for (const hook of hooks) {
       const isMobbHook = hook.hooks.some(
-        (h) => h.command?.includes("claude-code-process-hook") && (h.command?.includes("mobbdev") || h.command?.includes("mobbdev@"))
+        (h) => h.command?.includes("claude-code-process-hook")
       );
-      if (isMobbHook && STALE_MATCHERS.has(hook.matcher)) {
+      if (!isMobbHook) continue;
+      if (hook.matcher !== RECOMMENDED_MATCHER) {
         hook.matcher = RECOMMENDED_MATCHER;
         upgraded = true;
       }
+      for (const h of hook.hooks) {
+        if (!h.async) {
+          h.async = true;
+          upgraded = true;
+        }
+      }
     }
     if (upgraded) {
       await writeClaudeSettings(settings);
@@ -16817,7 +16850,8 @@ async function installMobbHooks(options = {}) {
     hooks: [
       {
         type: "command",
-        command
+        command,
+        async: true
       }
     ]
   };
@@ -16842,6 +16876,8 @@ async function installMobbHooks(options = {}) {
 }
 
 // src/features/claude_code/data_collector.ts
+var CC_VERSION_CACHE_KEY = "claudeCode.detectedCCVersion";
+var CC_VERSION_CLI_KEY = "claudeCode.detectedCCVersionCli";
 var GLOBAL_COOLDOWN_MS = 5e3;
 var HOOK_COOLDOWN_MS = 15e3;
 var ACTIVE_LOCK_TTL_MS = 6e4;
@@ -16852,14 +16888,35 @@ var MAX_ENTRIES_PER_INVOCATION = 50;
 var COOLDOWN_KEY = "lastHookRunAt";
 var ACTIVE_KEY = "hookActiveAt";
 var HookDataSchema = z33.object({
-  session_id: z33.string(),
-  transcript_path: z33.string(),
-  cwd: z33.string(),
+  session_id: z33.string().nullish(),
+  transcript_path: z33.string().nullish(),
+  cwd: z33.string().nullish(),
   hook_event_name: z33.string(),
   tool_name: z33.string(),
   tool_input: z33.unknown(),
   tool_response: z33.unknown()
 });
+var execFileAsync = promisify(execFile);
+async function detectClaudeCodeVersion() {
+  const cachedCliVersion = configStore.get(CC_VERSION_CLI_KEY);
+  if (cachedCliVersion === packageJson.version) {
+    return configStore.get(CC_VERSION_CACHE_KEY);
+  }
+  try {
+    const { stdout: stdout2 } = await execFileAsync("claude", ["--version"], {
+      timeout: 3e3,
+      encoding: "utf-8"
+    });
+    const version = stdout2.trim().split(/\s/)[0] || stdout2.trim();
+    configStore.set(CC_VERSION_CACHE_KEY, version);
+    configStore.set(CC_VERSION_CLI_KEY, packageJson.version);
+    return version;
+  } catch {
+    configStore.set(CC_VERSION_CACHE_KEY, void 0);
+    configStore.set(CC_VERSION_CLI_KEY, packageJson.version);
+    return void 0;
+  }
+}
 var STDIN_TIMEOUT_MS = 1e4;
 async function readStdinData() {
   hookLog.debug("Reading stdin data");
@@ -16911,6 +16968,24 @@ async function readStdinData() {
 function validateHookData(data) {
   return HookDataSchema.parse(data);
 }
+async function extractSessionIdFromTranscript(transcriptPath) {
+  try {
+    const fh = await open4(transcriptPath, "r");
+    try {
+      const buf = Buffer.alloc(4096);
+      const { bytesRead } = await fh.read(buf, 0, 4096, 0);
+      const chunk = buf.toString("utf-8", 0, bytesRead);
+      const firstLine = chunk.split("\n").find((l) => l.trim().length > 0);
+      if (!firstLine) return null;
+      const entry = JSON.parse(firstLine);
+      return entry.sessionId ?? null;
+    } finally {
+      await fh.close();
+    }
+  } catch {
+    return null;
+  }
+}
 function generateSyntheticId(sessionId, timestamp, type2, lineIndex) {
   const input = `${sessionId ?? ""}:${timestamp ?? ""}:${type2 ?? ""}:${lineIndex}`;
   const hash = createHash2("sha256").update(input).digest("hex").slice(0, 16);
@@ -17201,9 +17276,94 @@ async function processAndUploadTranscriptEntries() {
       hookLog.info("Auto-upgraded hook matcher to reduce CPU usage");
     }
   }
+  try {
+    const ccVersion = await detectClaudeCodeVersion();
+    setClaudeCodeVersion(ccVersion);
+  } catch {
+  }
   const rawData = await readStdinData();
-  const hookData = validateHookData(rawData);
-  const sessionStore = createSessionConfigStore(hookData.session_id);
+  const rawObj = rawData;
+  const hookData = (() => {
+    try {
+      return validateHookData(rawData);
+    } catch (err) {
+      hookLog.error(
+        {
+          data: {
+            hook_event_name: rawObj?.["hook_event_name"],
+            tool_name: rawObj?.["tool_name"],
+            session_id: rawObj?.["session_id"],
+            cwd: rawObj?.["cwd"],
+            keys: rawObj ? Object.keys(rawObj) : []
+          }
+        },
+        `Hook validation failed: ${err.message?.slice(0, 200)}`
+      );
+      throw err;
+    }
+  })();
+  if (!hookData.transcript_path) {
+    hookLog.warn(
+      {
+        data: {
+          hook_event_name: hookData.hook_event_name,
+          tool_name: hookData.tool_name,
+          session_id: hookData.session_id,
+          cwd: hookData.cwd
+        }
+      },
+      "Missing transcript_path \u2014 cannot process hook"
+    );
+    return { entriesUploaded: 0, entriesSkipped: 0, errors: 0 };
+  }
+  let sessionId = hookData.session_id;
+  if (!sessionId) {
+    sessionId = await extractSessionIdFromTranscript(hookData.transcript_path);
+    if (sessionId) {
+      hookLog.warn(
+        {
+          data: {
+            hook_event_name: hookData.hook_event_name,
+            tool_name: hookData.tool_name,
+            cwd: hookData.cwd,
+            extractedSessionId: sessionId
+          }
+        },
+        "Missing session_id in hook data \u2014 extracted from transcript"
+      );
+    } else {
+      hookLog.warn(
+        {
+          data: {
+            hook_event_name: hookData.hook_event_name,
+            tool_name: hookData.tool_name,
+            transcript_path: hookData.transcript_path
+          }
+        },
+        "Missing session_id and could not extract from transcript \u2014 cannot process hook"
+      );
+      return { entriesUploaded: 0, entriesSkipped: 0, errors: 0 };
+    }
+  }
+  if (!hookData.cwd) {
+    hookLog.warn(
+      {
+        data: {
+          hook_event_name: hookData.hook_event_name,
+          tool_name: hookData.tool_name,
+          session_id: sessionId
+        }
+      },
+      "Missing cwd in hook data \u2014 scoped logging and repo URL detection disabled"
+    );
+  }
+  const resolvedHookData = {
+    ...hookData,
+    session_id: sessionId,
+    transcript_path: hookData.transcript_path,
+    cwd: hookData.cwd ?? void 0
+  };
+  const sessionStore = createSessionConfigStore(resolvedHookData.session_id);
   await cleanupStaleSessions(sessionStore);
   const now = Date.now();
   const lastRunAt = sessionStore.get(COOLDOWN_KEY);
@@ -17218,7 +17378,7 @@ async function processAndUploadTranscriptEntries() {
         {
           data: {
             activeDurationMs: activeDuration,
-            sessionId: hookData.session_id
+            sessionId: resolvedHookData.session_id
           }
         },
         "Hook still active \u2014 possible slow upload or hung process"
@@ -17228,20 +17388,21 @@ async function processAndUploadTranscriptEntries() {
   }
   sessionStore.set(ACTIVE_KEY, now);
   sessionStore.set(COOLDOWN_KEY, now);
-  const log2 = createScopedHookLog(hookData.cwd);
+  const log2 = createScopedHookLog(resolvedHookData.cwd ?? process.cwd());
   log2.info(
     {
       data: {
-        sessionId: hookData.session_id,
-        toolName: hookData.tool_name,
-        hookEvent: hookData.hook_event_name,
-        cwd: hookData.cwd
+        sessionId: resolvedHookData.session_id,
+        toolName: resolvedHookData.tool_name,
+        hookEvent: resolvedHookData.hook_event_name,
+        cwd: resolvedHookData.cwd,
+        claudeCodeVersion: getClaudeCodeVersion()
       }
     },
     "Hook data validated"
   );
   try {
-    return await processTranscript(hookData, sessionStore, log2);
+    return await processTranscript(resolvedHookData, sessionStore, log2);
   } finally {
     sessionStore.delete(ACTIVE_KEY);
     log2.flushLogs();
@@ -17330,6 +17491,9 @@ async function processTranscript(hookData, sessionStore, log2) {
         rawEntry["message"] = { model: lastSeenModel };
       }
     }
+    if (!rawEntry["sessionId"]) {
+      rawEntry["sessionId"] = hookData.session_id;
+    }
     return {
       platform: "CLAUDE_CODE" /* ClaudeCode */,
       recordId: _recordId,
@@ -17371,7 +17535,8 @@ async function processTranscript(hookData, sessionStore, log2) {
     sessionStore.set(cursorKey, cursor);
     log2.heartbeat("Upload ok", {
       entriesUploaded: entries.length,
-      entriesSkipped: filteredOut
+      entriesSkipped: filteredOut,
+      claudeCodeVersion: getClaudeCodeVersion()
     });
     return {
       entriesUploaded: entries.length,

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "mobbdev",
-  "version": "1.2.60",
+  "version": "1.2.65",
   "description": "Automated secure code remediation tool",
   "repository": "git+https://github.com/mobb-dev/bugsy.git",
   "main": "dist/index.mjs",