npm - mobbdev - Versions diffs - 1.3.4 → 1.3.7 - Mend

mobbdev 1.3.4 → 1.3.7

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (4) hide show

package/dist/args/commands/upload_ai_blame.d.mts +33 -39
package/dist/args/commands/upload_ai_blame.mjs +29 -18
package/dist/index.mjs +874 -268
package/package.json +1 -1

package/dist/args/commands/upload_ai_blame.d.mts CHANGED Viewed

@@ -56,32 +56,22 @@ declare const PromptItemZ: z.ZodObject<{
         name: string;
         parameters: string;
         result: string;
-        accepted?: boolean | undefined;
         rawArguments?: string | undefined;
+        accepted?: boolean | undefined;
         mcpServer?: string | undefined;
         mcpToolName?: string | undefined;
     }, {
         name: string;
         parameters: string;
         result: string;
-        accepted?: boolean | undefined;
         rawArguments?: string | undefined;
+        accepted?: boolean | undefined;
         mcpServer?: string | undefined;
         mcpToolName?: string | undefined;
     }>>;
 }, "strip", z.ZodTypeAny, {
     type: "USER_PROMPT" | "AI_RESPONSE" | "TOOL_EXECUTION" | "AI_THINKING" | "MCP_TOOL_CALL";
-    tool?: {
-        name: string;
-        parameters: string;
-        result: string;
-        accepted?: boolean | undefined;
-        rawArguments?: string | undefined;
-        mcpServer?: string | undefined;
-        mcpToolName?: string | undefined;
-    } | undefined;
     date?: Date | undefined;
-    text?: string | undefined;
     attachedFiles?: {
         relativePath: string;
         startLine?: number | undefined;
@@ -90,19 +80,19 @@ declare const PromptItemZ: z.ZodObject<{
         inputCount: number;
         outputCount: number;
     } | undefined;
-}, {
-    type: "USER_PROMPT" | "AI_RESPONSE" | "TOOL_EXECUTION" | "AI_THINKING" | "MCP_TOOL_CALL";
+    text?: string | undefined;
     tool?: {
         name: string;
         parameters: string;
         result: string;
-        accepted?: boolean | undefined;
         rawArguments?: string | undefined;
+        accepted?: boolean | undefined;
         mcpServer?: string | undefined;
         mcpToolName?: string | undefined;
     } | undefined;
+}, {
+    type: "USER_PROMPT" | "AI_RESPONSE" | "TOOL_EXECUTION" | "AI_THINKING" | "MCP_TOOL_CALL";
     date?: Date | undefined;
-    text?: string | undefined;
     attachedFiles?: {
         relativePath: string;
         startLine?: number | undefined;
@@ -111,6 +101,16 @@ declare const PromptItemZ: z.ZodObject<{
         inputCount: number;
         outputCount: number;
     } | undefined;
+    text?: string | undefined;
+    tool?: {
+        name: string;
+        parameters: string;
+        result: string;
+        rawArguments?: string | undefined;
+        accepted?: boolean | undefined;
+        mcpServer?: string | undefined;
+        mcpToolName?: string | undefined;
+    } | undefined;
 }>;
 type PromptItem = z.infer<typeof PromptItemZ>;
 declare const PromptItemArrayZ: z.ZodArray<z.ZodObject<{
@@ -149,32 +149,22 @@ declare const PromptItemArrayZ: z.ZodArray<z.ZodObject<{
         name: string;
         parameters: string;
         result: string;
-        accepted?: boolean | undefined;
         rawArguments?: string | undefined;
+        accepted?: boolean | undefined;
         mcpServer?: string | undefined;
         mcpToolName?: string | undefined;
     }, {
         name: string;
         parameters: string;
         result: string;
-        accepted?: boolean | undefined;
         rawArguments?: string | undefined;
+        accepted?: boolean | undefined;
         mcpServer?: string | undefined;
         mcpToolName?: string | undefined;
     }>>;
 }, "strip", z.ZodTypeAny, {
     type: "USER_PROMPT" | "AI_RESPONSE" | "TOOL_EXECUTION" | "AI_THINKING" | "MCP_TOOL_CALL";
-    tool?: {
-        name: string;
-        parameters: string;
-        result: string;
-        accepted?: boolean | undefined;
-        rawArguments?: string | undefined;
-        mcpServer?: string | undefined;
-        mcpToolName?: string | undefined;
-    } | undefined;
     date?: Date | undefined;
-    text?: string | undefined;
     attachedFiles?: {
         relativePath: string;
         startLine?: number | undefined;
@@ -183,19 +173,19 @@ declare const PromptItemArrayZ: z.ZodArray<z.ZodObject<{
         inputCount: number;
         outputCount: number;
     } | undefined;
-}, {
-    type: "USER_PROMPT" | "AI_RESPONSE" | "TOOL_EXECUTION" | "AI_THINKING" | "MCP_TOOL_CALL";
+    text?: string | undefined;
     tool?: {
         name: string;
         parameters: string;
         result: string;
-        accepted?: boolean | undefined;
         rawArguments?: string | undefined;
+        accepted?: boolean | undefined;
         mcpServer?: string | undefined;
         mcpToolName?: string | undefined;
     } | undefined;
+}, {
+    type: "USER_PROMPT" | "AI_RESPONSE" | "TOOL_EXECUTION" | "AI_THINKING" | "MCP_TOOL_CALL";
     date?: Date | undefined;
-    text?: string | undefined;
     attachedFiles?: {
         relativePath: string;
         startLine?: number | undefined;
@@ -204,6 +194,16 @@ declare const PromptItemArrayZ: z.ZodArray<z.ZodObject<{
         inputCount: number;
         outputCount: number;
     } | undefined;
+    text?: string | undefined;
+    tool?: {
+        name: string;
+        parameters: string;
+        result: string;
+        rawArguments?: string | undefined;
+        accepted?: boolean | undefined;
+        mcpServer?: string | undefined;
+        mcpToolName?: string | undefined;
+    } | undefined;
 }>, "many">;
 type PromptItemArray = z.infer<typeof PromptItemArrayZ>;
 /**
@@ -211,12 +211,6 @@ type PromptItemArray = z.infer<typeof PromptItemArrayZ>;
  * Returns null if not in a git repository or if not a GitHub repository.
  */
 declare function getRepositoryUrl(workingDir?: string): Promise<string | null>;
-/**
- * Gets the absolute git root path of the working directory's git checkout.
- * Used by Tracy uploads to let the server filter out events whose filePath
- * falls outside the repo (e.g., /tmp scratchpads, ~/.zshrc).
- */
-declare function getRepoGitRoot(workingDir?: string): Promise<string | null>;
 /**
  * Get system information for tracking inference source.
  * Works cross-platform (Windows, macOS, Linux).
@@ -271,4 +265,4 @@ type UploadAiBlameHandlerOptions = {
 declare function uploadAiBlameHandler(options: UploadAiBlameHandlerOptions): Promise<void>;
 declare function uploadAiBlameCommandHandler(args: UploadAiBlameOptions): Promise<void>;
-export { type PromptItem, type PromptItemArray, type UploadAiBlameOptions, type UploadAiBlameResult, getRepoGitRoot, getRepositoryUrl, getSystemInfo, uploadAiBlameBuilder, uploadAiBlameCommandHandler, uploadAiBlameHandler, uploadAiBlameHandlerFromExtension };
+export { type PromptItem, type PromptItemArray, type UploadAiBlameOptions, type UploadAiBlameResult, getRepositoryUrl, getSystemInfo, uploadAiBlameBuilder, uploadAiBlameCommandHandler, uploadAiBlameHandler, uploadAiBlameHandlerFromExtension };

package/dist/args/commands/upload_ai_blame.mjs CHANGED Viewed

@@ -326,6 +326,7 @@ var init_client_generates = __esm({
       IssueType_Enum2["SystemExitShouldReraise"] = "SYSTEM_EXIT_SHOULD_RERAISE";
       IssueType_Enum2["SystemInformationLeak"] = "SYSTEM_INFORMATION_LEAK";
       IssueType_Enum2["SystemInformationLeakExternal"] = "SYSTEM_INFORMATION_LEAK_EXTERNAL";
+      IssueType_Enum2["TaintedNumericCast"] = "TAINTED_NUMERIC_CAST";
       IssueType_Enum2["TarSlip"] = "TAR_SLIP";
       IssueType_Enum2["TrustBoundaryViolation"] = "TRUST_BOUNDARY_VIOLATION";
       IssueType_Enum2["TypeConfusion"] = "TYPE_CONFUSION";
@@ -1758,7 +1759,8 @@ var init_getIssueType = __esm({
       ["DJANGO_BLANK_FIELD_NEEDS_NULL_OR_DEFAULT" /* DjangoBlankFieldNeedsNullOrDefault */]: "Django Blank Field Needs Null or Default",
       ["REDUNDANT_NIL_ERROR_CHECK" /* RedundantNilErrorCheck */]: "Redundant Nil Error Check",
       ["MISSING_WORKFLOW_PERMISSIONS" /* MissingWorkflowPermissions */]: "Missing Workflow Permissions",
-      ["EXCESSIVE_SECRETS_EXPOSURE" /* ExcessiveSecretsExposure */]: "Excessive Secrets Exposure"
+      ["EXCESSIVE_SECRETS_EXPOSURE" /* ExcessiveSecretsExposure */]: "Excessive Secrets Exposure",
+      ["TAINTED_NUMERIC_CAST" /* TaintedNumericCast */]: "Tainted Numeric Cast"
     };
     issueTypeZ = z5.nativeEnum(IssueType_Enum);
     getIssueTypeFriendlyString = (issueType) => {
@@ -4924,7 +4926,8 @@ var fixDetailsData = {
   ["DJANGO_BLANK_FIELD_NEEDS_NULL_OR_DEFAULT" /* DjangoBlankFieldNeedsNullOrDefault */]: void 0,
   ["REDUNDANT_NIL_ERROR_CHECK" /* RedundantNilErrorCheck */]: void 0,
   ["MISSING_WORKFLOW_PERMISSIONS" /* MissingWorkflowPermissions */]: void 0,
-  ["EXCESSIVE_SECRETS_EXPOSURE" /* ExcessiveSecretsExposure */]: void 0
+  ["EXCESSIVE_SECRETS_EXPOSURE" /* ExcessiveSecretsExposure */]: void 0,
+  ["TAINTED_NUMERIC_CAST" /* TaintedNumericCast */]: void 0
 };
 // src/features/analysis/scm/shared/src/commitDescriptionMarkup.ts
@@ -6369,6 +6372,17 @@ var openRedirect3 = {
   }
 };
+// src/features/analysis/scm/shared/src/storedQuestionData/python/ssrf.ts
+var ssrf5 = {
+  domainsAllowlist: {
+    content: () => "Allowed URL prefixes",
+    description: () => `The security risk of this issue is the ability of an attacker to provide input that shoots HTTP requests from your server to arbitrary URLs, including internal ones, like \`https://admin.mycompany.com\`
+&nbsp;
+&nbsp;    To eliminate the risk and fix the issue, check out your app logic and make a whitelist of URLs this API should be allowed to call.`,
+    guidance: () => ""
+  }
+};
 // src/features/analysis/scm/shared/src/storedQuestionData/python/uncheckedLoopCondition.ts
 var uncheckedLoopCondition3 = {
   loopLimit: {
@@ -6390,7 +6404,8 @@ var vulnerabilities14 = {
   ["OPEN_REDIRECT" /* OpenRedirect */]: openRedirect3,
   ["UNCHECKED_LOOP_CONDITION" /* UncheckedLoopCondition */]: uncheckedLoopCondition3,
   ["DUPLICATED_STRINGS" /* DuplicatedStrings */]: duplicatedStrings2,
-  ["MISSING_ENCODING_FILE_OPEN" /* MissingEncodingFileOpen */]: missingEncoding
+  ["MISSING_ENCODING_FILE_OPEN" /* MissingEncodingFileOpen */]: missingEncoding,
+  ["SSRF" /* Ssrf */]: ssrf5
 };
 var python_default2 = vulnerabilities14;
@@ -6601,6 +6616,15 @@ var BitbucketParseResultZ = z21.object({
   repoName: z21.string(),
   hostname: z21.literal(BITBUCKET_HOSTNAME)
 });
+var UserWorkspacePermissionsRepositoriesResponseZ = z21.object({
+  values: z21.array(
+    z21.object({
+      repository: z21.object({
+        full_name: z21.string().optional()
+      }).optional()
+    })
+  ).optional()
+});
 // src/features/analysis/scm/bitbucket/BitbucketSCMLib.ts
 import { setTimeout as setTimeout3 } from "timers/promises";
@@ -7320,13 +7344,13 @@ function maskString(str, showStart = 2, showEnd = 2) {
   }
   return str.slice(0, showStart) + "*".repeat(str.length - showStart - showEnd) + str.slice(-showEnd);
 }
-async function sanitizeDataWithCounts(obj) {
+async function sanitizeDataWithCounts(obj, options) {
   const counts = {
     detections: { total: 0, high: 0, medium: 0, low: 0 }
   };
   const MAX_SCAN_LENGTH = 1e5;
   const sanitizeString = async (str) => {
-    if (str.length > MAX_SCAN_LENGTH) {
+    if (!options?.noSizeLimit && str.length > MAX_SCAN_LENGTH) {
       return str;
     }
     let result = str;
@@ -7941,18 +7965,6 @@ async function getRepositoryUrl(workingDir) {
     return null;
   }
 }
-async function getRepoGitRoot(workingDir) {
-  try {
-    const gitService = new GitService(workingDir ?? process.cwd());
-    const isRepo = await gitService.isGitRepository();
-    if (!isRepo) {
-      return null;
-    }
-    return await gitService.getGitRoot();
-  } catch {
-    return null;
-  }
-}
 function getSystemInfo() {
   let userName;
   try {
@@ -8231,7 +8243,6 @@ async function uploadAiBlameCommandHandler(args) {
   await uploadAiBlameHandler({ args });
 }
 export {
-  getRepoGitRoot,
   getRepositoryUrl,
   getSystemInfo,
   uploadAiBlameBuilder,