mobbdev 1.3.4 → 1.3.7

package/dist/index.mjs

@@ -326,6 +326,7 @@ var init_client_generates = __esm({
       IssueType_Enum2["SystemExitShouldReraise"] = "SYSTEM_EXIT_SHOULD_RERAISE";
       IssueType_Enum2["SystemInformationLeak"] = "SYSTEM_INFORMATION_LEAK";
       IssueType_Enum2["SystemInformationLeakExternal"] = "SYSTEM_INFORMATION_LEAK_EXTERNAL";
+      IssueType_Enum2["TaintedNumericCast"] = "TAINTED_NUMERIC_CAST";
       IssueType_Enum2["TarSlip"] = "TAR_SLIP";
       IssueType_Enum2["TrustBoundaryViolation"] = "TRUST_BOUNDARY_VIOLATION";
       IssueType_Enum2["TypeConfusion"] = "TYPE_CONFUSION";
@@ -1450,7 +1451,8 @@ var init_getIssueType = __esm({
       ["DJANGO_BLANK_FIELD_NEEDS_NULL_OR_DEFAULT" /* DjangoBlankFieldNeedsNullOrDefault */]: "Django Blank Field Needs Null or Default",
       ["REDUNDANT_NIL_ERROR_CHECK" /* RedundantNilErrorCheck */]: "Redundant Nil Error Check",
       ["MISSING_WORKFLOW_PERMISSIONS" /* MissingWorkflowPermissions */]: "Missing Workflow Permissions",
-      ["EXCESSIVE_SECRETS_EXPOSURE" /* ExcessiveSecretsExposure */]: "Excessive Secrets Exposure"
+      ["EXCESSIVE_SECRETS_EXPOSURE" /* ExcessiveSecretsExposure */]: "Excessive Secrets Exposure",
+      ["TAINTED_NUMERIC_CAST" /* TaintedNumericCast */]: "Tainted Numeric Cast"
     };
     issueTypeZ = z.nativeEnum(IssueType_Enum);
     getIssueTypeFriendlyString = (issueType) => {
@@ -3577,8 +3579,8 @@ var init_FileUtils = __esm({
           const fullPath = path.join(dir, item);
           try {
             await fsPromises.access(fullPath, fs.constants.R_OK);
-            const stat2 = await fsPromises.stat(fullPath);
-            if (stat2.isDirectory()) {
+            const stat3 = await fsPromises.stat(fullPath);
+            if (stat3.isDirectory()) {
               if (isRootLevel && excludedRootDirectories.includes(item)) {
                 continue;
               }
@@ -3590,7 +3592,7 @@ var init_FileUtils = __esm({
                 name: item,
                 fullPath,
                 relativePath: path.relative(rootDir, fullPath),
-                time: stat2.mtime.getTime(),
+                time: stat3.mtime.getTime(),
                 isFile: true
               });
             }
@@ -4642,7 +4644,8 @@ var fixDetailsData = {
   ["DJANGO_BLANK_FIELD_NEEDS_NULL_OR_DEFAULT" /* DjangoBlankFieldNeedsNullOrDefault */]: void 0,
   ["REDUNDANT_NIL_ERROR_CHECK" /* RedundantNilErrorCheck */]: void 0,
   ["MISSING_WORKFLOW_PERMISSIONS" /* MissingWorkflowPermissions */]: void 0,
-  ["EXCESSIVE_SECRETS_EXPOSURE" /* ExcessiveSecretsExposure */]: void 0
+  ["EXCESSIVE_SECRETS_EXPOSURE" /* ExcessiveSecretsExposure */]: void 0,
+  ["TAINTED_NUMERIC_CAST" /* TaintedNumericCast */]: void 0
 };
 
 // src/features/analysis/scm/shared/src/commitDescriptionMarkup.ts
@@ -6174,6 +6177,17 @@ var openRedirect3 = {
   }
 };
 
+// src/features/analysis/scm/shared/src/storedQuestionData/python/ssrf.ts
+var ssrf5 = {
+  domainsAllowlist: {
+    content: () => "Allowed URL prefixes",
+    description: () => `The security risk of this issue is the ability of an attacker to provide input that shoots HTTP requests from your server to arbitrary URLs, including internal ones, like \`https://admin.mycompany.com\`    
+     
+     To eliminate the risk and fix the issue, check out your app logic and make a whitelist of URLs this API should be allowed to call.`,
+    guidance: () => ""
+  }
+};
+
 // src/features/analysis/scm/shared/src/storedQuestionData/python/uncheckedLoopCondition.ts
 var uncheckedLoopCondition3 = {
   loopLimit: {
@@ -6195,7 +6209,8 @@ var vulnerabilities14 = {
   ["OPEN_REDIRECT" /* OpenRedirect */]: openRedirect3,
   ["UNCHECKED_LOOP_CONDITION" /* UncheckedLoopCondition */]: uncheckedLoopCondition3,
   ["DUPLICATED_STRINGS" /* DuplicatedStrings */]: duplicatedStrings2,
-  ["MISSING_ENCODING_FILE_OPEN" /* MissingEncodingFileOpen */]: missingEncoding
+  ["MISSING_ENCODING_FILE_OPEN" /* MissingEncodingFileOpen */]: missingEncoding,
+  ["SSRF" /* Ssrf */]: ssrf5
 };
 var python_default2 = vulnerabilities14;
 
@@ -7117,7 +7132,7 @@ async function getAdoSdk(params) {
       const url = new URL(repoUrl);
       const origin = url.origin.toLowerCase().endsWith(".visualstudio.com") ? DEFUALT_ADO_ORIGIN : url.origin.toLowerCase();
       const params2 = `path=/&versionDescriptor[versionOptions]=0&versionDescriptor[versionType]=commit&versionDescriptor[version]=${branch}&resolveLfs=true&$format=zip&api-version=5.0&download=true`;
-      const path30 = [
+      const path32 = [
         prefixPath,
         owner,
         projectName,
@@ -7128,7 +7143,7 @@ async function getAdoSdk(params) {
         "items",
         "items"
       ].filter(Boolean).join("/");
-      return new URL(`${path30}?${params2}`, origin).toString();
+      return new URL(`${path32}?${params2}`, origin).toString();
     },
     async getAdoBranchList({ repoUrl }) {
       try {
@@ -7217,8 +7232,8 @@ async function getAdoSdk(params) {
         const changeType = entry.changeType;
         return changeType !== 16 && entry.item?.path;
       }).map((entry) => {
-        const path30 = entry.item.path;
-        return path30.startsWith("/") ? path30.slice(1) : path30;
+        const path32 = entry.item.path;
+        return path32.startsWith("/") ? path32.slice(1) : path32;
       });
     },
     async searchAdoPullRequests({
@@ -8091,6 +8106,15 @@ var BitbucketParseResultZ = z20.object({
   repoName: z20.string(),
   hostname: z20.literal(BITBUCKET_HOSTNAME)
 });
+var UserWorkspacePermissionsRepositoriesResponseZ = z20.object({
+  values: z20.array(
+    z20.object({
+      repository: z20.object({
+        full_name: z20.string().optional()
+      }).optional()
+    })
+  ).optional()
+});
 function parseBitbucketOrganizationAndRepo(bitbucketUrl) {
   const parsedGitHubUrl = normalizeUrl(bitbucketUrl);
   const parsingResult = parseScmURL(parsedGitHubUrl, "Bitbucket" /* Bitbucket */);
@@ -8155,12 +8179,17 @@ function getBitbucketSdk(params) {
       const { repoUrl } = params2;
       const { repo_slug, workspace } = parseBitbucketOrganizationAndRepo(repoUrl);
       const fullRepoName = `${workspace}/${repo_slug}`;
-      const res = await bitbucketClient.user.listPermissionsForRepos({
+      const res = await bitbucketClient.request({
+        method: "GET",
+        url: "/user/workspaces/{workspace}/permissions/repositories",
+        workspace,
         q: `repository.full_name~"${fullRepoName}"`
       });
-      return res.data.values?.some(
-        (res2) => res2.repository?.full_name === fullRepoName
-      ) ?? false;
+      const parsed = UserWorkspacePermissionsRepositoriesResponseZ.safeParse(
+        res.data
+      );
+      const values = parsed.success ? parsed.data.values : void 0;
+      return values?.some((v) => v.repository?.full_name === fullRepoName) ?? false;
     },
     async createPullRequest(params2) {
       const { repo_slug, workspace } = parseBitbucketOrganizationAndRepo(
@@ -8926,12 +8955,18 @@ function getOctoKit(options) {
       timeout: 1e4
       // 10 second timeout
     },
-    retry: options?.isEnableRetries ? {
-      doNotRetry: [400, 401, 403, 404, 422],
-      // Don't retry on these status codes
+    // Always retry on transient failures. 401 is intentionally retryable:
+    // GitHub briefly returns 401 for an OAuth token in the first few seconds
+    // after it is minted, and without this, validateRepoUrl and every
+    // downstream SCM call can fail permanently on that propagation glitch.
+    // Trade-off: a genuinely revoked/invalid token surfaces after ~14s of
+    // backoff (@octokit/plugin-retry uses retryCount^2 * 1000 ms: 1s, 4s, 9s)
+    // instead of immediately. Acceptable given the alternative is permanent
+    // failure / 10-minute test timeouts.
+    retry: {
+      doNotRetry: [400, 403, 404, 422],
       retries: 3
-      // Retry up to 3 times
-    } : { enabled: false },
+    },
     throttle: options?.isEnableRetries ? {
       onRateLimit: (retryAfter, options2, octokit, retryCount) => {
         octokit.log.warn(
@@ -9593,10 +9628,13 @@ function getGithubSdk(params = {}) {
       return res;
     },
     /**
-     * Search PRs using GitHub's Search API with sorting
-     * https://docs.github.com/en/rest/search/search?apiVersion=2022-11-28#search-issues-and-pull-requests
+     * List PRs using GitHub's REST `/repos/{owner}/{repo}/pulls` endpoint.
+     * https://docs.github.com/en/rest/pulls/pulls?apiVersion=2022-11-28#list-pull-requests
+     *
+     * Uses the 5000/hr core rate-limit bucket and reads freshly-created PRs
+     * without the indexing lag of the Search API.
      */
-    async searchPullRequests(params2) {
+    async listPullRequests(params2) {
       const {
         owner,
         repo,
@@ -9606,26 +9644,22 @@ function getGithubSdk(params = {}) {
         perPage = 10,
         page = 1
       } = params2;
-      let query = `repo:${owner}/${repo} is:pr`;
-      if (updatedAfter) {
-        const dateStr = updatedAfter.toISOString().split("T")[0];
-        query += ` updated:>=${dateStr}`;
-      }
-      if (state !== "all") {
-        query += ` is:${state}`;
-      }
-      const githubSortField = sort.field === "updated" || sort.field === "created" ? sort.field : "comments";
-      const response = await octokit.rest.search.issuesAndPullRequests({
-        q: query,
-        sort: githubSortField,
-        order: sort.order,
+      const restSortField = sort.field === "updated" || sort.field === "created" ? sort.field : "popularity";
+      const response = await octokit.rest.pulls.list({
+        owner,
+        repo,
+        state,
+        sort: restSortField,
+        direction: sort.order,
         per_page: perPage,
         page
       });
+      const filtered = updatedAfter ? response.data.filter((pr) => new Date(pr.updated_at) >= updatedAfter) : response.data;
+      const hitDescCutoff = sort.order === "desc" && updatedAfter !== void 0 && filtered.length < response.data.length;
+      const hasMore = response.data.length === perPage && !hitDescCutoff;
       return {
-        items: response.data.items,
-        totalCount: response.data.total_count,
-        hasMore: page * perPage < response.data.total_count
+        items: filtered,
+        hasMore
       };
     },
     /**
@@ -10225,8 +10259,12 @@ var GithubSCMLib = class extends SCMLib {
     }).map((file) => file.filename);
   }
   /**
-   * Override searchSubmitRequests to use GitHub's Search API for efficient pagination.
-   * This is much faster than fetching all PRs and filtering in-memory.
+   * Override searchSubmitRequests to use GitHub's REST `/pulls` endpoint.
+   *
+   * The Search API we used previously has a separate 30/min secondary rate
+   * limit and an async index that lags on just-created PRs. `/pulls` hits
+   * GitHub's primary datastore, uses the 5000/hr core bucket, and returns
+   * `head.ref` / `base.ref` so we can populate sourceBranch / targetBranch.
    */
   async searchSubmitRequests(params) {
     this._validateAccessToken();
@@ -10234,7 +10272,7 @@ var GithubSCMLib = class extends SCMLib {
     const page = parseCursorSafe(params.cursor, 1);
     const perPage = params.limit || 10;
     const sort = params.sort || { field: "updated", order: "desc" };
-    const searchResult = await this.githubSdk.searchPullRequests({
+    const listResult = await this.githubSdk.listPullRequests({
       owner,
       repo,
       updatedAfter: params.filters?.updatedAfter,
@@ -10243,38 +10281,33 @@ var GithubSCMLib = class extends SCMLib {
       perPage,
       page
     });
-    const results = searchResult.items.map((issue) => {
+    const results = listResult.items.map((pr) => {
       let status = "open";
-      if (issue.state === "closed") {
-        status = issue.pull_request?.merged_at ? "merged" : "closed";
-      } else if (issue.draft) {
+      if (pr.state === "closed") {
+        status = pr.merged_at ? "merged" : "closed";
+      } else if (pr.draft) {
         status = "draft";
       }
       return {
-        submitRequestId: String(issue.number),
-        submitRequestNumber: issue.number,
-        title: issue.title,
+        submitRequestId: String(pr.number),
+        submitRequestNumber: pr.number,
+        title: pr.title,
         status,
-        sourceBranch: "",
-        // Not available in search API
-        targetBranch: "",
-        // Not available in search API
-        authorName: issue.user?.login,
+        sourceBranch: pr.head?.ref ?? "",
+        targetBranch: pr.base?.ref ?? "",
+        authorName: pr.user?.login,
         authorEmail: void 0,
-        // Not available in search API
-        createdAt: new Date(issue.created_at),
-        updatedAt: new Date(issue.updated_at),
-        description: issue.body || void 0,
+        createdAt: new Date(pr.created_at),
+        updatedAt: new Date(pr.updated_at),
+        description: pr.body || void 0,
         tickets: [],
-        // Would need separate parsing
         changedLines: { added: 0, removed: 0 }
-        // Not available in search API
       };
     });
     return {
       results,
-      nextCursor: searchResult.hasMore ? String(page + 1) : void 0,
-      hasMore: searchResult.hasMore
+      nextCursor: listResult.hasMore ? String(page + 1) : void 0,
+      hasMore: listResult.hasMore
     };
   }
   /**
@@ -13893,13 +13926,13 @@ function maskString(str, showStart = 2, showEnd = 2) {
   }
   return str.slice(0, showStart) + "*".repeat(str.length - showStart - showEnd) + str.slice(-showEnd);
 }
-async function sanitizeDataWithCounts(obj) {
+async function sanitizeDataWithCounts(obj, options) {
   const counts = {
     detections: { total: 0, high: 0, medium: 0, low: 0 }
   };
   const MAX_SCAN_LENGTH = 1e5;
   const sanitizeString = async (str) => {
-    if (str.length > MAX_SCAN_LENGTH) {
+    if (!options?.noSizeLimit && str.length > MAX_SCAN_LENGTH) {
       return str;
     }
     let result = str;
@@ -14016,18 +14049,6 @@ async function getRepositoryUrl(workingDir) {
     return null;
   }
 }
-async function getRepoGitRoot(workingDir) {
-  try {
-    const gitService = new GitService(workingDir ?? process.cwd());
-    const isRepo = await gitService.isGitRepository();
-    if (!isRepo) {
-      return null;
-    }
-    return await gitService.getGitRoot();
-  } catch {
-    return null;
-  }
-}
 function getSystemInfo() {
   let userName;
   try {
@@ -14360,7 +14381,6 @@ async function prepareAndSendTracyRecords(client, rawRecords, workingDir, option
   const defaultClientVersion = packageJson.version;
   const shouldSanitize = options?.sanitize ?? true;
   const defaultRepoUrl = rawRecords[0]?.repositoryUrl ? void 0 : await getRepositoryUrl(workingDir) ?? void 0;
-  const defaultGitRoot = rawRecords[0]?.gitRoot ? void 0 : await getRepoGitRoot(workingDir) ?? void 0;
   debug10(
     "[step:sanitize] %s %d records",
     shouldSanitize ? "Sanitizing" : "Serializing",
@@ -14371,7 +14391,7 @@ async function prepareAndSendTracyRecords(client, rawRecords, workingDir, option
     `${shouldSanitize ? "sanitize" : "serialize"} ${rawRecords.length} records`,
     () => Promise.all(
       rawRecords.map(async (record, index) => {
-        if (record.rawData != null) {
+        if (record.rawData != null && record.rawDataS3Key == null) {
           const serialized = shouldSanitize ? await sanitizeRawData(record.rawData) : JSON.stringify(record.rawData);
           serializedRawDataByIndex.set(index, serialized);
         }
@@ -14379,7 +14399,6 @@ async function prepareAndSendTracyRecords(client, rawRecords, workingDir, option
         return {
           ...rest,
           repositoryUrl: record.repositoryUrl ?? defaultRepoUrl,
-          gitRoot: record.gitRoot ?? defaultGitRoot,
           computerName,
           userName,
           clientVersion: record.clientVersion ?? defaultClientVersion
@@ -15042,7 +15061,7 @@ async function postIssueComment(params) {
     fpDescription
   } = params;
   const {
-    path: path30,
+    path: path32,
     startLine,
     vulnerabilityReportIssue: {
       vulnerabilityReportIssueTags,
@@ -15057,7 +15076,7 @@ async function postIssueComment(params) {
 Refresh the page in order to see the changes.`,
     pull_number: pullRequest,
     commit_id: commitSha,
-    path: path30,
+    path: path32,
     line: startLine
   });
   const commentId = commentRes.data.id;
@@ -15091,7 +15110,7 @@ async function postFixComment(params) {
     scanner
   } = params;
   const {
-    path: path30,
+    path: path32,
     startLine,
     vulnerabilityReportIssue: { fixId, vulnerabilityReportIssueTags, category },
     vulnerabilityReportIssueId
@@ -15109,7 +15128,7 @@ async function postFixComment(params) {
 Refresh the page in order to see the changes.`,
     pull_number: pullRequest,
     commit_id: commitSha,
-    path: path30,
+    path: path32,
     line: startLine
   });
   const commentId = commentRes.data.id;
@@ -16631,8 +16650,8 @@ async function resolveSkillScanInput(skillInput) {
   if (!fs11.existsSync(resolvedPath)) {
     return skillInput;
   }
-  const stat2 = fs11.statSync(resolvedPath);
-  if (!stat2.isDirectory()) {
+  const stat3 = fs11.statSync(resolvedPath);
+  if (!stat3.isDirectory()) {
     throw new CliError(
       "Local skill input must be a directory containing SKILL.md"
     );
@@ -17030,8 +17049,10 @@ async function analyzeHandler(args) {
 import { spawn } from "child_process";
 
 // src/features/claude_code/daemon.ts
-import path17 from "path";
+import { readFileSync, writeFileSync as writeFileSync2 } from "fs";
+import path19 from "path";
 import { setTimeout as sleep2 } from "timers/promises";
+import Configstore3 from "configstore";
 
 // src/features/claude_code/daemon_pid_file.ts
 import fs13 from "fs";
@@ -17123,10 +17144,455 @@ var DaemonPidFile = class {
 
 // src/features/claude_code/data_collector.ts
 import { execFile } from "child_process";
-import { createHash as createHash2 } from "crypto";
-import { access, open as open4, readdir, readFile, unlink } from "fs/promises";
-import path14 from "path";
+import { createHash as createHash3 } from "crypto";
+import { access, open as open4, readdir, readFile as readFile2, unlink } from "fs/promises";
+import path16 from "path";
 import { promisify } from "util";
+
+// src/features/analysis/context_file_processor.ts
+import { createHash } from "crypto";
+import path14 from "path";
+import AdmZip3 from "adm-zip";
+import pLimit6 from "p-limit";
+var SANITIZE_CONCURRENCY = 5;
+function md5Hex(data) {
+  return createHash("md5").update(typeof data === "string" ? Buffer.from(data, "utf-8") : data).digest("hex");
+}
+async function sanitizeFileContent(content) {
+  const { sanitizedData } = await sanitizeDataWithCounts(content, {
+    noSizeLimit: true
+  });
+  return sanitizedData;
+}
+async function processContextFiles(regularFiles, skillGroups) {
+  const limit = pLimit6(SANITIZE_CONCURRENCY);
+  const processedFiles = await Promise.all(
+    regularFiles.map(
+      (entry) => limit(async () => {
+        const sanitizedContent = await sanitizeFileContent(entry.content);
+        const md5 = md5Hex(sanitizedContent);
+        const sizeBytes = Buffer.byteLength(sanitizedContent, "utf-8");
+        return { entry, sanitizedContent, md5, sizeBytes };
+      })
+    )
+  );
+  const processedSkills = await Promise.all(
+    skillGroups.filter((group) => group.files.length > 0).map(
+      (group) => limit(async () => {
+        const zip = new AdmZip3();
+        const sortedFiles = [...group.files].sort(
+          (a, b) => a.path.localeCompare(b.path)
+        );
+        for (const file of sortedFiles) {
+          const sanitizedContent = await sanitizeFileContent(file.content);
+          const zipEntryName = group.isFolder ? path14.relative(group.skillPath, file.path).replace(/\\/g, "/") : path14.basename(file.path);
+          zip.addFile(zipEntryName, Buffer.from(sanitizedContent, "utf-8"));
+        }
+        const zipBuffer = zip.toBuffer();
+        const md5 = md5Hex(zipBuffer);
+        return { group, zipBuffer, md5, sizeBytes: zipBuffer.byteLength };
+      })
+    )
+  );
+  return { files: processedFiles, skills: processedSkills };
+}
+
+// src/features/analysis/context_file_scanner.ts
+import { readFile, stat } from "fs/promises";
+import { homedir } from "os";
+import path15 from "path";
+import { globby as globby2 } from "globby";
+var MAX_CONTEXT_FILE_SIZE = 20 * 1024 * 1024;
+var SKILL_CATEGORY = "skill";
+var SESSION_TTL_MS = 24 * 60 * 60 * 1e3;
+var sessionMtimes = /* @__PURE__ */ new Map();
+function markContextFilesUploaded(sessionId, files, skills) {
+  let entry = sessionMtimes.get(sessionId);
+  if (!entry) {
+    entry = { files: /* @__PURE__ */ new Map(), skills: /* @__PURE__ */ new Map(), lastUpdatedAt: Date.now() };
+    sessionMtimes.set(sessionId, entry);
+  }
+  for (const f of files) {
+    entry.files.set(f.path, f.mtimeMs);
+  }
+  if (skills) {
+    for (const sg of skills) {
+      entry.skills.set(sg.sessionKey, sg.maxMtimeMs);
+    }
+  }
+  entry.lastUpdatedAt = Date.now();
+}
+var SCAN_PATHS = {
+  "claude-code": [
+    { glob: "CLAUDE.md", category: "rule", root: "workspace" },
+    { glob: "CLAUDE.local.md", category: "rule", root: "workspace" },
+    { glob: "INSIGHTS.md", category: "rule", root: "workspace" },
+    { glob: "AGENTS.md", category: "rule", root: "workspace" },
+    { glob: ".claude/rules/**/*.md", category: "rule", root: "workspace" },
+    { glob: ".claude/CLAUDE.md", category: "rule", root: "home" },
+    { glob: ".claude/INSIGHTS.md", category: "rule", root: "home" },
+    { glob: ".claude/rules/**/*.md", category: "rule", root: "home" },
+    {
+      glob: ".claude/projects/*/memory/*.md",
+      category: "memory",
+      root: "home"
+    },
+    {
+      glob: ".claude/skills/**/*",
+      category: SKILL_CATEGORY,
+      root: "workspace"
+    },
+    { glob: ".claude/commands/*.md", category: "command", root: "workspace" },
+    {
+      glob: ".claude/agents/*.md",
+      category: "agent-config",
+      root: "workspace"
+    },
+    { glob: ".claude/skills/**/*", category: SKILL_CATEGORY, root: "home" },
+    { glob: ".claude/commands/*.md", category: "command", root: "home" },
+    { glob: ".claude/agents/*.md", category: "agent-config", root: "home" },
+    { glob: ".claude/settings.json", category: "config", root: "workspace" },
+    {
+      glob: ".claude/settings.local.json",
+      category: "config",
+      root: "workspace"
+    },
+    { glob: ".mcp.json", category: "mcp-config", root: "workspace" },
+    { glob: ".claude/.mcp.json", category: "mcp-config", root: "workspace" },
+    { glob: ".claude/settings.json", category: "config", root: "home" },
+    { glob: ".claudeignore", category: "ignore", root: "workspace" }
+  ],
+  cursor: [
+    { glob: ".cursorrules", category: "rule", root: "workspace" },
+    { glob: ".cursor/rules/**/*.mdc", category: "rule", root: "workspace" },
+    { glob: ".cursor/mcp.json", category: "mcp-config", root: "workspace" },
+    { glob: ".cursor/mcp.json", category: "mcp-config", root: "home" },
+    { glob: ".cursorignore", category: "ignore", root: "workspace" }
+  ],
+  copilot: [
+    {
+      glob: ".github/copilot-instructions.md",
+      category: "rule",
+      root: "workspace"
+    },
+    {
+      glob: ".github/instructions/*.instructions.md",
+      category: "rule",
+      root: "workspace"
+    },
+    {
+      glob: ".github/prompts/*.prompt.md",
+      category: SKILL_CATEGORY,
+      root: "workspace"
+    },
+    {
+      glob: ".github/chatmodes/*.chatmode.md",
+      category: SKILL_CATEGORY,
+      root: "workspace"
+    },
+    {
+      glob: ".config/github-copilot/global-copilot-instructions.md",
+      category: "rule",
+      root: "home"
+    }
+  ]
+};
+function groupSkills(files, root, baseDir) {
+  const skillFiles = files.filter((f) => f.category === SKILL_CATEGORY);
+  const folderMap = /* @__PURE__ */ new Map();
+  const standalone = [];
+  for (const f of skillFiles) {
+    const rel = path15.relative(baseDir, f.path).replace(/\\/g, "/");
+    const skillsMarker = "skills/";
+    const skillsIdx = rel.indexOf(skillsMarker);
+    if (skillsIdx === -1) {
+      standalone.push(f);
+      continue;
+    }
+    const relFromSkills = rel.slice(skillsIdx + skillsMarker.length);
+    const slashIdx = relFromSkills.indexOf("/");
+    if (slashIdx === -1) {
+      standalone.push(f);
+    } else {
+      const folderName = relFromSkills.slice(0, slashIdx);
+      if (!folderMap.has(folderName)) {
+        folderMap.set(folderName, []);
+      }
+      folderMap.get(folderName).push(f);
+    }
+  }
+  const groups = [];
+  for (const f of standalone) {
+    const name = path15.basename(f.path, path15.extname(f.path));
+    const sessionKey = `skill:${root}:${name}`;
+    groups.push({
+      name,
+      root,
+      skillPath: f.path,
+      files: [f],
+      isFolder: false,
+      maxMtimeMs: f.mtimeMs,
+      sessionKey
+    });
+  }
+  for (const [folderName, folderFiles] of folderMap) {
+    const maxMtimeMs = Math.max(...folderFiles.map((f) => f.mtimeMs));
+    const anyFile = folderFiles[0];
+    const rel = path15.relative(baseDir, anyFile.path).replace(/\\/g, "/");
+    const skillsIdx = rel.indexOf("skills/");
+    const skillRelPath = rel.slice(
+      0,
+      skillsIdx + "skills/".length + folderName.length
+    );
+    const skillPath = path15.join(baseDir, skillRelPath);
+    const sessionKey = `skill:${root}:${folderName}`;
+    groups.push({
+      name: folderName,
+      root,
+      skillPath,
+      files: folderFiles,
+      isFolder: true,
+      maxMtimeMs,
+      sessionKey
+    });
+  }
+  return groups;
+}
+async function scanContextFiles(workspaceRoot, platform2, sessionId) {
+  const entries = SCAN_PATHS[platform2];
+  if (!entries || entries.length === 0) {
+    return { regularFiles: [], skillGroups: [] };
+  }
+  const now = Date.now();
+  for (const [sid, entry] of sessionMtimes) {
+    if (now - entry.lastUpdatedAt > SESSION_TTL_MS) {
+      sessionMtimes.delete(sid);
+    }
+  }
+  const home = homedir();
+  const sessionEntry = sessionId ? sessionMtimes.get(sessionId) : void 0;
+  const allFiles = [];
+  const skillFilesByRoot = /* @__PURE__ */ new Map();
+  const seenPaths = /* @__PURE__ */ new Set();
+  for (const entry of entries) {
+    const baseDir = entry.root === "home" ? home : workspaceRoot;
+    const matchedFiles = await globby2(entry.glob, {
+      cwd: baseDir,
+      absolute: true,
+      onlyFiles: true,
+      dot: true
+    });
+    for (const filePath of matchedFiles) {
+      if (seenPaths.has(filePath)) {
+        continue;
+      }
+      seenPaths.add(filePath);
+      try {
+        const fileStat = await stat(filePath);
+        if (fileStat.size === 0 || fileStat.size > MAX_CONTEXT_FILE_SIZE || !fileStat.isFile()) {
+          continue;
+        }
+        const content = await readFile(filePath, "utf-8");
+        const sizeBytes = Buffer.byteLength(content, "utf-8");
+        const name = deriveIdentifier(filePath, baseDir);
+        const fileEntry = {
+          name,
+          path: filePath,
+          content,
+          sizeBytes,
+          category: entry.category,
+          mtimeMs: fileStat.mtimeMs
+        };
+        if (entry.category === SKILL_CATEGORY) {
+          let rootFiles = skillFilesByRoot.get(entry.root);
+          if (!rootFiles) {
+            rootFiles = [];
+            skillFilesByRoot.set(entry.root, rootFiles);
+          }
+          rootFiles.push(fileEntry);
+        } else {
+          const prevMtime = sessionEntry?.files.get(filePath);
+          if (prevMtime !== void 0 && fileStat.mtimeMs <= prevMtime) {
+            continue;
+          }
+          allFiles.push(fileEntry);
+        }
+      } catch (_err) {
+      }
+    }
+  }
+  const allSkillGroups = [];
+  for (const [root, files] of skillFilesByRoot) {
+    const baseDir = root === "home" ? home : workspaceRoot;
+    const groups = groupSkills(files, root, baseDir);
+    for (const group of groups) {
+      if (sessionEntry) {
+        const prevMtime = sessionEntry.skills.get(group.sessionKey);
+        if (prevMtime !== void 0 && group.maxMtimeMs <= prevMtime) {
+          continue;
+        }
+      }
+      allSkillGroups.push(group);
+    }
+  }
+  return { regularFiles: allFiles, skillGroups: allSkillGroups };
+}
+function deriveIdentifier(filePath, baseDir) {
+  const relative2 = path15.relative(baseDir, filePath);
+  if (!relative2.startsWith("..")) {
+    return relative2.replace(/\\/g, "/");
+  }
+  return path15.basename(filePath);
+}
+
+// src/features/analysis/context_file_uploader.ts
+import pLimit7 from "p-limit";
+init_client_generates();
+var UPLOAD_CONCURRENCY = 5;
+async function uploadContextRecords(opts) {
+  const {
+    processedFiles,
+    processedSkills,
+    keyPrefix,
+    url,
+    uploadFields,
+    sessionId,
+    now,
+    platform: platform2,
+    repositoryUrl,
+    clientVersion,
+    onFileError,
+    onSkillError
+  } = opts;
+  const records = [];
+  const uploadedFiles = [];
+  const uploadedSkillGroups = [];
+  const limit = pLimit7(UPLOAD_CONCURRENCY);
+  const extraFields = {
+    ...repositoryUrl !== void 0 && { repositoryUrl },
+    ...clientVersion !== void 0 && { clientVersion }
+  };
+  const tasks = [
+    ...processedFiles.map(
+      (pf) => limit(async () => {
+        const s3Key = `${keyPrefix}ctx-${pf.md5}.bin`;
+        try {
+          await uploadFile({
+            file: Buffer.from(pf.sanitizedContent, "utf-8"),
+            url,
+            uploadKey: s3Key,
+            uploadFields
+          });
+        } catch (err) {
+          onFileError?.(pf.entry.name, err);
+          return;
+        }
+        records.push({
+          // eslint-disable-next-line @typescript-eslint/no-explicit-any
+          platform: platform2,
+          recordId: `ctx:${sessionId}:${pf.md5}`,
+          recordTimestamp: now,
+          blameType: "CHAT" /* Chat */,
+          rawDataS3Key: s3Key,
+          ...extraFields,
+          context: {
+            md5: pf.md5,
+            category: pf.entry.category,
+            name: pf.entry.name,
+            sizeBytes: pf.sizeBytes,
+            filePath: pf.entry.path,
+            sessionId
+          }
+        });
+        uploadedFiles.push(pf.entry);
+      })
+    ),
+    ...processedSkills.map(
+      (ps) => limit(async () => {
+        const s3Key = `${keyPrefix}skill-${ps.md5}.zip`;
+        try {
+          await uploadFile({
+            file: ps.zipBuffer,
+            url,
+            uploadKey: s3Key,
+            uploadFields
+          });
+        } catch (err) {
+          onSkillError?.(ps.group.name, err);
+          return;
+        }
+        records.push({
+          // eslint-disable-next-line @typescript-eslint/no-explicit-any
+          platform: platform2,
+          recordId: `ctx:${sessionId}:${ps.md5}`,
+          recordTimestamp: now,
+          blameType: "CHAT" /* Chat */,
+          rawDataS3Key: s3Key,
+          ...extraFields,
+          context: {
+            md5: ps.md5,
+            category: SKILL_CATEGORY,
+            name: ps.group.name,
+            sizeBytes: ps.sizeBytes,
+            filePath: ps.group.skillPath,
+            sessionId
+          }
+        });
+        uploadedSkillGroups.push(ps.group);
+      })
+    )
+  ];
+  await Promise.allSettled(tasks);
+  return { records, uploadedFiles, uploadedSkillGroups };
+}
+async function runContextFileUploadPipeline(opts) {
+  const {
+    processedFiles,
+    processedSkills,
+    sessionId,
+    platform: platform2,
+    url,
+    uploadFieldsJSON,
+    keyPrefix,
+    repositoryUrl,
+    clientVersion,
+    submitRecords,
+    onFileError,
+    onSkillError
+  } = opts;
+  let uploadFields;
+  try {
+    uploadFields = JSON.parse(uploadFieldsJSON);
+  } catch {
+    return null;
+  }
+  const now = (/* @__PURE__ */ new Date()).toISOString();
+  const { records, uploadedFiles, uploadedSkillGroups } = await uploadContextRecords({
+    processedFiles,
+    processedSkills,
+    keyPrefix,
+    url,
+    uploadFields,
+    sessionId,
+    now,
+    platform: platform2,
+    repositoryUrl,
+    clientVersion,
+    onFileError,
+    onSkillError
+  });
+  if (records.length === 0) {
+    return { fileCount: 0, skillCount: 0 };
+  }
+  await submitRecords(records);
+  markContextFilesUploaded(sessionId, uploadedFiles, uploadedSkillGroups);
+  return {
+    fileCount: uploadedFiles.length,
+    skillCount: uploadedSkillGroups.length
+  };
+}
+
+// src/features/claude_code/data_collector.ts
 init_client_generates();
 
 // src/utils/shared-logger/create-logger.ts
@@ -17140,6 +17606,8 @@ var DEFAULT_MAX_LOGS = 1e3;
 var DEFAULT_MAX_HEARTBEAT = 100;
 var LOGS_KEY = "logs";
 var HEARTBEAT_KEY = "heartbeat";
+var MAX_DATA_CHARS = 2048;
+var MAX_SCOPE_KEYS = 20;
 function createConfigstoreStream(store, opts) {
   const maxLogs = opts.maxLogs ?? DEFAULT_MAX_LOGS;
   const maxHeartbeat = opts.maxHeartbeat ?? DEFAULT_MAX_HEARTBEAT;
@@ -17155,6 +17623,10 @@ function createConfigstoreStream(store, opts) {
       existing.push(...entries);
       const trimmed = existing.length > max ? existing.slice(-max) : existing;
       store.set(key, trimmed);
+      const prefix = key.includes(":") ? key.split(":")[0] : null;
+      if (prefix) {
+        pruneStaleScopes(prefix);
+      }
     } catch {
       try {
         const lines = `${entries.map((e) => JSON.stringify(e)).join("\n")}
@@ -17164,11 +17636,40 @@ function createConfigstoreStream(store, opts) {
       }
     }
   }
+  function pruneStaleScopes(prefix) {
+    const allKeys = Object.keys(store.all);
+    const scopedKeys = allKeys.filter(
+      (k) => k.startsWith(`${prefix}:`) && Array.isArray(store.get(k))
+    );
+    if (scopedKeys.length <= MAX_SCOPE_KEYS) {
+      return;
+    }
+    const withTimestamp = scopedKeys.map((k) => {
+      const entries = store.get(k);
+      const last = entries.length > 0 ? entries[entries.length - 1] : void 0;
+      return { key: k, lastTs: last?.timestamp ?? "" };
+    });
+    withTimestamp.sort((a, b) => a.lastTs.localeCompare(b.lastTs));
+    const toDelete = withTimestamp.slice(
+      0,
+      withTimestamp.length - MAX_SCOPE_KEYS
+    );
+    for (const { key: k } of toDelete) {
+      store.delete(k);
+    }
+  }
   const writable = new stream.Writable({
     write(chunk, _encoding, callback) {
       callback();
       try {
         const parsed = JSON.parse(chunk.toString());
+        let data = parsed.data;
+        if (data !== void 0) {
+          const serialized = JSON.stringify(data);
+          if (serialized.length > MAX_DATA_CHARS) {
+            data = `${serialized.slice(0, MAX_DATA_CHARS)}... [truncated, ${serialized.length} chars]`;
+          }
+        }
         const entry = {
           timestamp: parsed.time ? new Date(parsed.time).toISOString() : (/* @__PURE__ */ new Date()).toISOString(),
           level: parsed.level ?? "info",
@@ -17176,7 +17677,7 @@ function createConfigstoreStream(store, opts) {
           ...parsed.durationMs !== void 0 && {
             durationMs: parsed.durationMs
           },
-          ...parsed.data !== void 0 && { data: parsed.data }
+          ...data !== void 0 && { data }
         };
         const isHeartbeat = parsed.heartbeat === true;
         if (opts.buffered) {
@@ -17206,8 +17707,8 @@ function createConfigstoreStream(store, opts) {
       heartbeatBuffer.length = 0;
     }
   }
-  function setScopePath(path30) {
-    scopePath = path30;
+  function setScopePath(path32) {
+    scopePath = path32;
   }
   return { writable, flush, setScopePath };
 }
@@ -17288,10 +17789,10 @@ function createDdBatch(config2) {
 }
 
 // src/utils/shared-logger/hostname.ts
-import { createHash } from "crypto";
+import { createHash as createHash2 } from "crypto";
 import os5 from "os";
 function hashString(input) {
-  return createHash("sha256").update(input).digest("hex").slice(0, 16);
+  return createHash2("sha256").update(input).digest("hex").slice(0, 16);
 }
 function getPlainHostname() {
   try {
@@ -17431,7 +17932,7 @@ function createLogger(config2) {
 
 // src/features/claude_code/hook_logger.ts
 var DD_RUM_TOKEN = true ? "pubf59c0182545bfb4c299175119f1abf9b" : "";
-var CLI_VERSION = true ? "1.3.4" : "unknown";
+var CLI_VERSION = true ? "1.3.7" : "unknown";
 var NAMESPACE = "mobbdev-claude-code-hook-logs";
 var claudeCodeVersion;
 function buildDdTags() {
@@ -17509,11 +18010,11 @@ async function detectClaudeCodeVersion() {
 }
 function generateSyntheticId(sessionId, timestamp, type2, lineIndex) {
   const input = `${sessionId ?? ""}:${timestamp ?? ""}:${type2 ?? ""}:${lineIndex}`;
-  const hash = createHash2("sha256").update(input).digest("hex").slice(0, 16);
+  const hash = createHash3("sha256").update(input).digest("hex").slice(0, 16);
   return `synth:${hash}`;
 }
 function getCursorKey(transcriptPath) {
-  const hash = createHash2("sha256").update(transcriptPath).digest("hex").slice(0, 12);
+  const hash = createHash3("sha256").update(transcriptPath).digest("hex").slice(0, 12);
   return `cursor.${hash}`;
 }
 async function resolveTranscriptPath(transcriptPath, sessionId) {
@@ -17522,12 +18023,12 @@ async function resolveTranscriptPath(transcriptPath, sessionId) {
     return transcriptPath;
   } catch {
   }
-  const filename = path14.basename(transcriptPath);
-  const dirName = path14.basename(path14.dirname(transcriptPath));
-  const projectsDir = path14.dirname(path14.dirname(transcriptPath));
+  const filename = path16.basename(transcriptPath);
+  const dirName = path16.basename(path16.dirname(transcriptPath));
+  const projectsDir = path16.dirname(path16.dirname(transcriptPath));
   const baseDirName = dirName.replace(/[-.]claude-worktrees-.+$/, "");
   if (baseDirName !== dirName) {
-    const candidate = path14.join(projectsDir, baseDirName, filename);
+    const candidate = path16.join(projectsDir, baseDirName, filename);
     try {
       await access(candidate);
       hookLog.info(
@@ -17549,7 +18050,7 @@ async function resolveTranscriptPath(transcriptPath, sessionId) {
     const dirs = await readdir(projectsDir);
     for (const dir of dirs) {
       if (dir === dirName) continue;
-      const candidate = path14.join(projectsDir, dir, filename);
+      const candidate = path16.join(projectsDir, dir, filename);
       try {
         await access(candidate);
         hookLog.info(
@@ -17580,9 +18081,9 @@ async function readNewTranscriptEntries(transcriptPath, sessionId, sessionStore,
   if (cursor?.byteOffset) {
     const fh = await open4(transcriptPath, "r");
     try {
-      const stat2 = await fh.stat();
-      fileSize = stat2.size;
-      if (cursor.byteOffset >= stat2.size) {
+      const stat3 = await fh.stat();
+      fileSize = stat3.size;
+      if (cursor.byteOffset >= stat3.size) {
         hookLog.info({ data: { sessionId } }, "No new data in transcript file");
         return {
           entries: [],
@@ -17590,7 +18091,7 @@ async function readNewTranscriptEntries(transcriptPath, sessionId, sessionStore,
           resolvedTranscriptPath: transcriptPath
         };
       }
-      const buf = Buffer.alloc(stat2.size - cursor.byteOffset);
+      const buf = Buffer.alloc(stat3.size - cursor.byteOffset);
       await fh.read(buf, 0, buf.length, cursor.byteOffset);
       content = buf.toString("utf-8");
     } finally {
@@ -17608,7 +18109,7 @@ async function readNewTranscriptEntries(transcriptPath, sessionId, sessionStore,
       "Read transcript file from offset"
     );
   } else {
-    content = await readFile(transcriptPath, "utf-8");
+    content = await readFile2(transcriptPath, "utf-8");
     fileSize = Buffer.byteLength(content, "utf-8");
     lineIndexOffset = 0;
     hookLog.debug(
@@ -17707,14 +18208,6 @@ var FILTERED_ENTRY_TYPES = /* @__PURE__ */ new Set([
   // Redundant — the actual user prompt is already captured in the 'user' entry.
   "last-prompt"
 ]);
-var FILTERED_ASSISTANT_TOOLS = /* @__PURE__ */ new Set([
-  // Polls for a sub-agent result. The input is just task_id + boilerplate
-  // (block, timeout). The actual result is captured in the user:tool_result.
-  "TaskOutput",
-  // Discovers available deferred/MCP tools. The input is just a search query.
-  // The discovered tools are captured in the user:tool_result.
-  "ToolSearch"
-]);
 function filterEntries(entries) {
   const filtered = entries.filter((entry) => {
     const entryType = entry.type ?? "";
@@ -17726,16 +18219,6 @@ function filterEntries(entries) {
       const subtype = typeof data?.["type"] === "string" ? data["type"] : "";
       return !FILTERED_PROGRESS_SUBTYPES.has(subtype);
     }
-    if (entryType === "assistant") {
-      const message = entry["message"];
-      const content = message?.["content"];
-      if (Array.isArray(content) && content.length > 0) {
-        const block = content[0];
-        if (block["type"] === "tool_use" && typeof block["name"] === "string" && FILTERED_ASSISTANT_TOOLS.has(block["name"])) {
-          return false;
-        }
-      }
-    }
     return true;
   });
   return { filtered, filteredOut: entries.length - filtered.length };
@@ -17752,9 +18235,9 @@ async function cleanupStaleSessions(configDir) {
     let deletedCount = 0;
     for (const file of files) {
       if (!file.startsWith(prefix) || !file.endsWith(".json")) continue;
-      const filePath = path14.join(configDir, file);
+      const filePath = path16.join(configDir, file);
       try {
-        const content = JSON.parse(await readFile(filePath, "utf-8"));
+        const content = JSON.parse(await readFile2(filePath, "utf-8"));
         let newest = 0;
         const cursors = content["cursor"];
         if (cursors && typeof cursors === "object") {
@@ -17904,6 +18387,16 @@ async function processTranscript(input, sessionStore, log2, maxEntries = DAEMON_
       entriesSkipped: filteredOut,
       claudeCodeVersion: getClaudeCodeVersion()
     });
+    if (input.cwd) {
+      uploadContextFilesIfNeeded(
+        input.session_id,
+        input.cwd,
+        gqlClient,
+        log2
+      ).catch((err) => {
+        log2.error({ data: { err } }, "uploadContextFilesIfNeeded failed");
+      });
+    }
     return {
       entriesUploaded: entries.length,
       entriesSkipped: filteredOut,
@@ -17920,19 +18413,84 @@ async function processTranscript(input, sessionStore, log2, maxEntries = DAEMON_
     errors: entries.length
   };
 }
+async function uploadContextFilesIfNeeded(sessionId, cwd, gqlClient, log2) {
+  const { regularFiles, skillGroups } = await scanContextFiles(
+    cwd,
+    "claude-code",
+    sessionId
+  );
+  if (regularFiles.length === 0 && skillGroups.length === 0) {
+    return;
+  }
+  const { files: processedFiles, skills: processedSkills } = await processContextFiles(regularFiles, skillGroups);
+  if (processedFiles.length === 0 && processedSkills.length === 0) {
+    return;
+  }
+  const uploadUrlResult = await gqlClient.getTracyRawDataUploadUrl();
+  const { url, uploadFieldsJSON, keyPrefix } = uploadUrlResult.getTracyRawDataUploadUrl;
+  if (!url || !uploadFieldsJSON || !keyPrefix) {
+    log2.error(
+      { data: { sessionId } },
+      "Failed to get S3 upload URL for context files"
+    );
+    return;
+  }
+  const pipelineResult = await runContextFileUploadPipeline({
+    processedFiles,
+    processedSkills,
+    sessionId,
+    platform: "CLAUDE_CODE" /* ClaudeCode */,
+    url,
+    uploadFieldsJSON,
+    keyPrefix,
+    submitRecords: async (records) => {
+      const r = await prepareAndSendTracyRecords(gqlClient, records, cwd);
+      if (!r.ok) {
+        throw new Error(r.errors?.join(", ") ?? "batch upload failed");
+      }
+    },
+    onFileError: (name, err) => log2.error(
+      { data: { sessionId, name, err } },
+      "Failed to upload context file to S3"
+    ),
+    onSkillError: (name, err) => log2.error(
+      { data: { sessionId, name, err } },
+      "Failed to upload skill zip to S3"
+    )
+  });
+  if (pipelineResult === null) {
+    log2.error(
+      { data: { sessionId } },
+      "Malformed uploadFieldsJSON for context files"
+    );
+    return;
+  }
+  if (pipelineResult.fileCount > 0 || pipelineResult.skillCount > 0) {
+    log2.info(
+      {
+        data: {
+          sessionId,
+          fileCount: pipelineResult.fileCount,
+          skillCount: pipelineResult.skillCount
+        }
+      },
+      "Uploaded context files and skills for session"
+    );
+  }
+}
 
 // src/features/claude_code/install_hook.ts
 import fs14 from "fs";
 import fsPromises4 from "fs/promises";
 import os6 from "os";
-import path15 from "path";
+import path17 from "path";
 import chalk11 from "chalk";
 
 // src/features/claude_code/daemon-check-shim.tmpl.js
 var daemon_check_shim_tmpl_default = "// Mobb daemon shim \u2014 checks if daemon is alive, spawns if dead.\n// Auto-generated by mobbdev CLI. Do not edit.\nvar fs = require('fs')\nvar spawn = require('child_process').spawn\nvar path = require('path')\nvar os = require('os')\n\nvar pidFile = path.join(os.homedir(), '.mobbdev', 'daemon.pid')\nvar HEARTBEAT_STALE_MS = __HEARTBEAT_STALE_MS__\n\ntry {\n  var data = JSON.parse(fs.readFileSync(pidFile, 'utf8'))\n  if (Date.now() - data.heartbeat > HEARTBEAT_STALE_MS) throw new Error('stale')\n  process.kill(data.pid, 0) // throws ESRCH if the process is gone\n} catch (e) {\n  var localCli = process.env.MOBBDEV_LOCAL_CLI\n  var child = localCli\n    ? spawn('node', [localCli, 'claude-code-daemon'], { detached: true, stdio: 'ignore', windowsHide: true })\n    : spawn('npx', ['--yes', 'mobbdev@latest', 'claude-code-daemon'], { detached: true, stdio: 'ignore', shell: true, windowsHide: true })\n  child.unref()\n}\n";
 
 // src/features/claude_code/install_hook.ts
-var CLAUDE_SETTINGS_PATH = path15.join(os6.homedir(), ".claude", "settings.json");
+var CLAUDE_SETTINGS_PATH = path17.join(os6.homedir(), ".claude", "settings.json");
 var RECOMMENDED_MATCHER = "*";
 async function claudeSettingsExists() {
   try {
@@ -18078,18 +18636,18 @@ async function installMobbHooks(options = {}) {
 }
 
 // src/features/claude_code/transcript_scanner.ts
-import { open as open5, readdir as readdir2, stat } from "fs/promises";
+import { open as open5, readdir as readdir2, stat as stat2 } from "fs/promises";
 import os7 from "os";
-import path16 from "path";
+import path18 from "path";
 var UUID_RE = /^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$/i;
 function getClaudeProjectsDirs() {
   const dirs = [];
   const configDir = process.env["CLAUDE_CONFIG_DIR"];
   if (configDir) {
-    dirs.push(path16.join(configDir, "projects"));
+    dirs.push(path18.join(configDir, "projects"));
   }
-  dirs.push(path16.join(os7.homedir(), ".config", "claude", "projects"));
-  dirs.push(path16.join(os7.homedir(), ".claude", "projects"));
+  dirs.push(path18.join(os7.homedir(), ".config", "claude", "projects"));
+  dirs.push(path18.join(os7.homedir(), ".claude", "projects"));
   return dirs;
 }
 async function collectJsonlFiles(files, dir, projectDir, seen, now, results) {
@@ -18097,12 +18655,12 @@ async function collectJsonlFiles(files, dir, projectDir, seen, now, results) {
     if (!file.endsWith(".jsonl")) continue;
     const sessionId = file.replace(".jsonl", "");
     if (!UUID_RE.test(sessionId)) continue;
-    const filePath = path16.join(dir, file);
+    const filePath = path18.join(dir, file);
     if (seen.has(filePath)) continue;
     seen.add(filePath);
     let fileStat;
     try {
-      fileStat = await stat(filePath);
+      fileStat = await stat2(filePath);
     } catch {
       continue;
     }
@@ -18128,10 +18686,10 @@ async function scanForTranscripts(projectsDirs = getClaudeProjectsDirs()) {
       continue;
     }
     for (const projName of projectDirs) {
-      const projPath = path16.join(projectsDir, projName);
+      const projPath = path18.join(projectsDir, projName);
       let projStat;
       try {
-        projStat = await stat(projPath);
+        projStat = await stat2(projPath);
       } catch {
         continue;
       }
@@ -18145,9 +18703,9 @@ async function scanForTranscripts(projectsDirs = getClaudeProjectsDirs()) {
       await collectJsonlFiles(files, projPath, projPath, seen, now, results);
       for (const entry of files) {
         if (!UUID_RE.test(entry)) continue;
-        const subagentsDir = path16.join(projPath, entry, "subagents");
+        const subagentsDir = path18.join(projPath, entry, "subagents");
         try {
-          const s = await stat(subagentsDir);
+          const s = await stat2(subagentsDir);
           if (!s.isDirectory()) continue;
           const subFiles = await readdir2(subagentsDir);
           await collectJsonlFiles(
@@ -18199,6 +18757,7 @@ async function extractCwdFromTranscript(filePath) {
 // src/features/claude_code/daemon.ts
 async function startDaemon() {
   hookLog.info("Daemon starting");
+  pruneHookLogFile();
   const pidFile = await acquirePidFile();
   async function gracefulExit(code, reason) {
     hookLog.info({ data: { code } }, `Daemon exiting: ${reason}`);
@@ -18245,7 +18804,7 @@ async function startDaemon() {
       for (const transcript of changed) {
         const sessionStore = createSessionConfigStore(transcript.sessionId);
         if (!cleanupConfigDir) {
-          cleanupConfigDir = path17.dirname(sessionStore.path);
+          cleanupConfigDir = path19.dirname(sessionStore.path);
         }
         await drainTranscript(transcript, sessionStore, gqlClient);
       }
@@ -18360,6 +18919,53 @@ async function tryAutoUpgradeHooks() {
     hookLog.warn({ err }, "Failed to auto-upgrade hook matcher");
   }
 }
+var HOOK_LOG_MAX_SCOPE_KEYS = 20;
+var HOOK_LOG_MAX_ENTRIES_PER_KEY = 200;
+function pruneHookLogFile() {
+  const logFilePath = new Configstore3("mobbdev-claude-code-hook-logs").path;
+  try {
+    const raw = readFileSync(logFilePath, "utf-8");
+    const data = JSON.parse(raw);
+    const prefixes = /* @__PURE__ */ new Map();
+    for (const key of Object.keys(data)) {
+      const colonIdx = key.indexOf(":");
+      const prefix = colonIdx > 0 ? key.slice(0, colonIdx) : key;
+      const group = prefixes.get(prefix) ?? [];
+      group.push(key);
+      prefixes.set(prefix, group);
+    }
+    let changed = false;
+    for (const [, keys] of prefixes) {
+      if (keys.length <= HOOK_LOG_MAX_SCOPE_KEYS) {
+        continue;
+      }
+      const withTs = keys.map((k) => {
+        const val = data[k];
+        if (!Array.isArray(val) || val.length === 0) {
+          return { key: k, lastTs: "" };
+        }
+        const last = val[val.length - 1];
+        return { key: k, lastTs: last?.timestamp ?? "" };
+      }).sort((a, b) => a.lastTs.localeCompare(b.lastTs));
+      const toDelete = withTs.slice(0, withTs.length - HOOK_LOG_MAX_SCOPE_KEYS);
+      for (const { key } of toDelete) {
+        delete data[key];
+        changed = true;
+      }
+    }
+    for (const [key, val] of Object.entries(data)) {
+      if (Array.isArray(val) && val.length > HOOK_LOG_MAX_ENTRIES_PER_KEY) {
+        data[key] = val.slice(-HOOK_LOG_MAX_ENTRIES_PER_KEY);
+        changed = true;
+      }
+    }
+    if (changed) {
+      writeFileSync2(logFilePath, JSON.stringify(data, null, "	"));
+      hookLog.info("Pruned hook log file");
+    }
+  } catch {
+  }
+}
 
 // src/args/commands/claude_code.ts
 var claudeCodeInstallHookBuilder = (yargs2) => {
@@ -18448,7 +19054,7 @@ import {
 } from "@modelcontextprotocol/sdk/types.js";
 
 // src/mcp/Logger.ts
-import Configstore3 from "configstore";
+import Configstore4 from "configstore";
 
 // src/mcp/services/WorkspaceService.ts
 var WorkspaceService = class {
@@ -18456,8 +19062,8 @@ var WorkspaceService = class {
    * Sets a known workspace path that was discovered through successful validation
    * @param path The validated workspace path to store
    */
-  static setKnownWorkspacePath(path30) {
-    this.knownWorkspacePath = path30;
+  static setKnownWorkspacePath(path32) {
+    this.knownWorkspacePath = path32;
   }
   /**
    * Gets the known workspace path that was previously validated
@@ -18534,7 +19140,7 @@ var Logger = class {
     __publicField(this, "lastKnownPath", null);
     this.host = WorkspaceService.getHost();
     this.unknownPathSuffix = Math.floor(1e3 + Math.random() * 9e3).toString();
-    this.mobbConfigStore = new Configstore3("mobb-logs", {});
+    this.mobbConfigStore = new Configstore4("mobb-logs", {});
     this.mobbConfigStore.set("version", packageJson.version);
   }
   /**
@@ -19318,7 +19924,7 @@ async function createAuthenticatedMcpGQLClient({
 import { execSync as execSync2 } from "child_process";
 import fs15 from "fs";
 import os8 from "os";
-import path18 from "path";
+import path20 from "path";
 var IDEs = ["cursor", "windsurf", "webstorm", "vscode", "claude"];
 var runCommand = (cmd) => {
   try {
@@ -19333,7 +19939,7 @@ var gitInfo = {
 };
 var getClaudeWorkspacePaths = () => {
   const home = os8.homedir();
-  const claudeIdePath = path18.join(home, ".claude", "ide");
+  const claudeIdePath = path20.join(home, ".claude", "ide");
   const workspacePaths = [];
   if (!fs15.existsSync(claudeIdePath)) {
     return workspacePaths;
@@ -19341,7 +19947,7 @@ var getClaudeWorkspacePaths = () => {
   try {
     const lockFiles = fs15.readdirSync(claudeIdePath).filter((file) => file.endsWith(".lock"));
     for (const lockFile of lockFiles) {
-      const lockFilePath = path18.join(claudeIdePath, lockFile);
+      const lockFilePath = path20.join(claudeIdePath, lockFile);
       try {
         const lockContent = JSON.parse(fs15.readFileSync(lockFilePath, "utf8"));
         if (lockContent.workspaceFolders && Array.isArray(lockContent.workspaceFolders)) {
@@ -19366,24 +19972,24 @@ var getMCPConfigPaths = (hostName) => {
   switch (hostName.toLowerCase()) {
     case "cursor":
       return [
-        path18.join(currentDir, ".cursor", "mcp.json"),
+        path20.join(currentDir, ".cursor", "mcp.json"),
         // local first
-        path18.join(home, ".cursor", "mcp.json")
+        path20.join(home, ".cursor", "mcp.json")
       ];
     case "windsurf":
       return [
-        path18.join(currentDir, ".codeium", "mcp_config.json"),
+        path20.join(currentDir, ".codeium", "mcp_config.json"),
         // local first
-        path18.join(home, ".codeium", "windsurf", "mcp_config.json")
+        path20.join(home, ".codeium", "windsurf", "mcp_config.json")
       ];
     case "webstorm":
       return [];
     case "visualstudiocode":
     case "vscode":
       return [
-        path18.join(currentDir, ".vscode", "mcp.json"),
+        path20.join(currentDir, ".vscode", "mcp.json"),
         // local first
-        process.platform === "win32" ? path18.join(home, "AppData", "Roaming", "Code", "User", "mcp.json") : path18.join(
+        process.platform === "win32" ? path20.join(home, "AppData", "Roaming", "Code", "User", "mcp.json") : path20.join(
           home,
           "Library",
           "Application Support",
@@ -19394,13 +20000,13 @@ var getMCPConfigPaths = (hostName) => {
       ];
     case "claude": {
       const claudePaths = [
-        path18.join(currentDir, ".claude.json"),
+        path20.join(currentDir, ".claude.json"),
         // local first
-        path18.join(home, ".claude.json")
+        path20.join(home, ".claude.json")
       ];
       const workspacePaths = getClaudeWorkspacePaths();
       for (const workspacePath of workspacePaths) {
-        claudePaths.push(path18.join(workspacePath, ".mcp.json"));
+        claudePaths.push(path20.join(workspacePath, ".mcp.json"));
       }
       return claudePaths;
     }
@@ -19561,10 +20167,10 @@ var getHostInfo = (additionalMcpList) => {
   const ideConfigPaths = /* @__PURE__ */ new Set();
   for (const ide of IDEs) {
     const configPaths = getMCPConfigPaths(ide);
-    configPaths.forEach((path30) => ideConfigPaths.add(path30));
+    configPaths.forEach((path32) => ideConfigPaths.add(path32));
   }
   const uniqueAdditionalPaths = additionalMcpList.filter(
-    (path30) => !ideConfigPaths.has(path30)
+    (path32) => !ideConfigPaths.has(path32)
   );
   for (const ide of IDEs) {
     const cfg = readMCPConfig(ide);
@@ -19686,7 +20292,7 @@ init_configs();
 init_configs();
 import fs16 from "fs";
 import os9 from "os";
-import path19 from "path";
+import path21 from "path";
 var MAX_DEPTH = 2;
 var patterns = ["mcp", "claude"];
 var isFileMatch = (fileName) => {
@@ -19706,7 +20312,7 @@ var searchDir = async (dir, depth = 0) => {
   if (depth > MAX_DEPTH) return results;
   const entries = await fs16.promises.readdir(dir, { withFileTypes: true }).catch(() => []);
   for (const entry of entries) {
-    const fullPath = path19.join(dir, entry.name);
+    const fullPath = path21.join(dir, entry.name);
     if (entry.isFile() && isFileMatch(entry.name)) {
       results.push(fullPath);
     } else if (entry.isDirectory()) {
@@ -19723,14 +20329,14 @@ var findSystemMCPConfigs = async () => {
     const home = os9.homedir();
     const platform2 = os9.platform();
     const knownDirs = platform2 === "win32" ? [
-      path19.join(home, ".cursor"),
-      path19.join(home, "Documents"),
-      path19.join(home, "Downloads")
+      path21.join(home, ".cursor"),
+      path21.join(home, "Documents"),
+      path21.join(home, "Downloads")
     ] : [
-      path19.join(home, ".cursor"),
-      process.env["XDG_CONFIG_HOME"] || path19.join(home, ".config"),
-      path19.join(home, "Documents"),
-      path19.join(home, "Downloads")
+      path21.join(home, ".cursor"),
+      process.env["XDG_CONFIG_HOME"] || path21.join(home, ".config"),
+      path21.join(home, "Documents"),
+      path21.join(home, "Downloads")
     ];
     const timeoutPromise = new Promise(
       (resolve) => setTimeout(() => {
@@ -22146,13 +22752,13 @@ For a complete security audit workflow, use the \`full-security-audit\` prompt.
 // src/mcp/services/McpDetectionService/CursorMcpDetectionService.ts
 import * as fs19 from "fs";
 import * as os12 from "os";
-import * as path21 from "path";
+import * as path23 from "path";
 
 // src/mcp/services/McpDetectionService/BaseMcpDetectionService.ts
 init_configs();
 import * as fs18 from "fs";
 import fetch7 from "node-fetch";
-import * as path20 from "path";
+import * as path22 from "path";
 
 // src/mcp/services/McpDetectionService/McpDetectionServiceUtils.ts
 import * as fs17 from "fs";
@@ -22161,14 +22767,14 @@ import * as os11 from "os";
 // src/mcp/services/McpDetectionService/VscodeMcpDetectionService.ts
 import * as fs20 from "fs";
 import * as os13 from "os";
-import * as path22 from "path";
+import * as path24 from "path";
 
 // src/mcp/tools/checkForNewAvailableFixes/CheckForNewAvailableFixesTool.ts
 import { z as z42 } from "zod";
 
 // src/mcp/services/PathValidation.ts
 import fs21 from "fs";
-import path23 from "path";
+import path25 from "path";
 async function validatePath(inputPath) {
   logDebug("Validating MCP path", { inputPath });
   if (/^\/[a-zA-Z]:\//.test(inputPath)) {
@@ -22200,7 +22806,7 @@ async function validatePath(inputPath) {
     logError(error);
     return { isValid: false, error, path: inputPath };
   }
-  const normalizedPath = path23.normalize(inputPath);
+  const normalizedPath = path25.normalize(inputPath);
   if (normalizedPath.includes("..")) {
     const error = `Normalized path contains path traversal patterns: ${inputPath}`;
     logError(error);
@@ -22852,7 +23458,7 @@ init_configs();
 import fs22 from "fs/promises";
 import nodePath from "path";
 var getLocalFiles = async ({
-  path: path30,
+  path: path32,
   maxFileSize = MCP_MAX_FILE_SIZE,
   maxFiles,
   isAllFilesScan,
@@ -22860,17 +23466,17 @@ var getLocalFiles = async ({
   scanRecentlyChangedFiles
 }) => {
   logDebug(`[${scanContext}] Starting getLocalFiles`, {
-    path: path30,
+    path: path32,
     maxFileSize,
     maxFiles,
     isAllFilesScan,
     scanRecentlyChangedFiles
   });
   try {
-    const resolvedRepoPath = await fs22.realpath(path30);
+    const resolvedRepoPath = await fs22.realpath(path32);
     logDebug(`[${scanContext}] Resolved repository path`, {
       resolvedRepoPath,
-      originalPath: path30
+      originalPath: path32
     });
     const gitService = new GitService(resolvedRepoPath, log);
     const gitValidation = await gitService.validateRepository();
@@ -22883,7 +23489,7 @@ var getLocalFiles = async ({
     if (!gitValidation.isValid || isAllFilesScan) {
       try {
         files = await FileUtils.getLastChangedFiles({
-          dir: path30,
+          dir: path32,
           maxFileSize,
           maxFiles,
           isAllFilesScan
@@ -22975,7 +23581,7 @@ var getLocalFiles = async ({
     logError(`${scanContext}Unexpected error in getLocalFiles`, {
       error: error instanceof Error ? error.message : String(error),
       stack: error instanceof Error ? error.stack : void 0,
-      path: path30
+      path: path32
     });
     throw error;
   }
@@ -22985,7 +23591,7 @@ var getLocalFiles = async ({
 init_client_generates();
 init_GitService();
 import fs23 from "fs";
-import path24 from "path";
+import path26 from "path";
 import { z as z41 } from "zod";
 function extractPathFromPatch(patch) {
   const match = patch?.match(/diff --git a\/([^\s]+) b\//);
@@ -23071,7 +23677,7 @@ var LocalMobbFolderService = class {
           "[LocalMobbFolderService] Non-git repository detected, skipping .gitignore operations"
         );
       }
-      const mobbFolderPath = path24.join(
+      const mobbFolderPath = path26.join(
         this.repoPath,
         this.defaultMobbFolderName
       );
@@ -23243,7 +23849,7 @@ var LocalMobbFolderService = class {
         mobbFolderPath,
         baseFileName
       );
-      const filePath = path24.join(mobbFolderPath, uniqueFileName);
+      const filePath = path26.join(mobbFolderPath, uniqueFileName);
       await fs23.promises.writeFile(filePath, patch, "utf8");
       logInfo("[LocalMobbFolderService] Patch saved successfully", {
         filePath,
@@ -23301,11 +23907,11 @@ var LocalMobbFolderService = class {
    * @returns Unique filename that doesn't conflict with existing files
    */
   getUniqueFileName(folderPath, baseFileName) {
-    const baseName = path24.parse(baseFileName).name;
-    const extension = path24.parse(baseFileName).ext;
+    const baseName = path26.parse(baseFileName).name;
+    const extension = path26.parse(baseFileName).ext;
     let uniqueFileName = baseFileName;
     let index = 1;
-    while (fs23.existsSync(path24.join(folderPath, uniqueFileName))) {
+    while (fs23.existsSync(path26.join(folderPath, uniqueFileName))) {
       uniqueFileName = `${baseName}-${index}${extension}`;
       index++;
       if (index > 1e3) {
@@ -23336,7 +23942,7 @@ var LocalMobbFolderService = class {
     logDebug("[LocalMobbFolderService] Logging patch info", { fixId: fix.id });
     try {
       const mobbFolderPath = await this.getFolder();
-      const patchInfoPath = path24.join(mobbFolderPath, "patchInfo.md");
+      const patchInfoPath = path26.join(mobbFolderPath, "patchInfo.md");
       const markdownContent = this.generateFixMarkdown(fix, savedPatchFileName);
       let existingContent = "";
       if (fs23.existsSync(patchInfoPath)) {
@@ -23378,7 +23984,7 @@ var LocalMobbFolderService = class {
     const timestamp = (/* @__PURE__ */ new Date()).toISOString();
     const patch = this.extractPatchFromFix(fix);
     const relativePatchedFilePath = patch ? extractPathFromPatch(patch) : null;
-    const patchedFilePath = relativePatchedFilePath ? path24.resolve(this.repoPath, relativePatchedFilePath) : null;
+    const patchedFilePath = relativePatchedFilePath ? path26.resolve(this.repoPath, relativePatchedFilePath) : null;
     const fixIdentifier = savedPatchFileName ? savedPatchFileName.replace(".patch", "") : fix.id;
     let markdown = `# Fix ${fixIdentifier}
 
@@ -23716,20 +24322,20 @@ init_configs();
 import {
   existsSync as existsSync6,
   mkdirSync,
-  readFileSync as readFileSync3,
+  readFileSync as readFileSync4,
   unlinkSync,
-  writeFileSync as writeFileSync2
+  writeFileSync as writeFileSync3
 } from "fs";
 import fs24 from "fs/promises";
 import parseDiff2 from "parse-diff";
-import path25 from "path";
+import path27 from "path";
 var PatchApplicationService = class {
   /**
    * Gets the appropriate comment syntax for a file based on its extension
    */
   static getCommentSyntax(filePath) {
-    const ext = path25.extname(filePath).toLowerCase();
-    const basename2 = path25.basename(filePath);
+    const ext = path27.extname(filePath).toLowerCase();
+    const basename2 = path27.basename(filePath);
     const commentMap = {
       // C-style languages (single line comments)
       ".js": "//",
@@ -23937,18 +24543,18 @@ var PatchApplicationService = class {
         }
       );
     }
-    const dirPath = path25.dirname(normalizedFilePath);
+    const dirPath = path27.dirname(normalizedFilePath);
     mkdirSync(dirPath, { recursive: true });
-    writeFileSync2(normalizedFilePath, finalContent, "utf8");
+    writeFileSync3(normalizedFilePath, finalContent, "utf8");
     return normalizedFilePath;
   }
   static resolvePathWithinRepo({
     repositoryPath,
     targetPath
   }) {
-    const repoRoot = path25.resolve(repositoryPath);
-    const normalizedPath = path25.resolve(repoRoot, targetPath);
-    const repoRootWithSep = repoRoot.endsWith(path25.sep) ? repoRoot : `${repoRoot}${path25.sep}`;
+    const repoRoot = path27.resolve(repositoryPath);
+    const normalizedPath = path27.resolve(repoRoot, targetPath);
+    const repoRootWithSep = repoRoot.endsWith(path27.sep) ? repoRoot : `${repoRoot}${path27.sep}`;
     if (normalizedPath !== repoRoot && !normalizedPath.startsWith(repoRootWithSep)) {
       throw new Error(
         `Security violation: target path ${targetPath} resolves outside repository`
@@ -23957,7 +24563,7 @@ var PatchApplicationService = class {
     return {
       repoRoot,
       normalizedPath,
-      relativePath: path25.relative(repoRoot, normalizedPath)
+      relativePath: path27.relative(repoRoot, normalizedPath)
     };
   }
   /**
@@ -24239,7 +24845,7 @@ var PatchApplicationService = class {
         continue;
       }
       try {
-        const absolutePath = path25.resolve(repositoryPath, targetFile);
+        const absolutePath = path27.resolve(repositoryPath, targetFile);
         if (existsSync6(absolutePath)) {
           const stats = await fs24.stat(absolutePath);
           const fileModTime = stats.mtime.getTime();
@@ -24465,7 +25071,7 @@ var PatchApplicationService = class {
       fix,
       scanContext
     });
-    appliedFiles.push(path25.relative(repositoryPath, actualPath));
+    appliedFiles.push(path27.relative(repositoryPath, actualPath));
     logDebug(`[${scanContext}] Created new file: ${relativePath}`);
   }
   /**
@@ -24501,7 +25107,7 @@ var PatchApplicationService = class {
         `Target file does not exist: ${targetFile} (resolved to: ${absoluteFilePath})`
       );
     }
-    const originalContent = readFileSync3(absoluteFilePath, "utf8");
+    const originalContent = readFileSync4(absoluteFilePath, "utf8");
     const modifiedContent = this.applyHunksToFile(
       originalContent,
       fileDiff.chunks
@@ -24514,7 +25120,7 @@ var PatchApplicationService = class {
         fix,
         scanContext
       });
-      appliedFiles.push(path25.relative(repositoryPath, actualPath));
+      appliedFiles.push(path27.relative(repositoryPath, actualPath));
       logDebug(`[${scanContext}] Modified file: ${relativePath}`);
     }
   }
@@ -24711,8 +25317,8 @@ init_configs();
 // src/mcp/services/FileOperations.ts
 init_FileUtils();
 import fs25 from "fs";
-import path26 from "path";
-import AdmZip3 from "adm-zip";
+import path28 from "path";
+import AdmZip4 from "adm-zip";
 var FileOperations = class {
   /**
    * Creates a ZIP archive containing the specified source files
@@ -24727,14 +25333,14 @@ var FileOperations = class {
     maxFileSize
   }) {
     logDebug("[FileOperations] Packing files");
-    const zip = new AdmZip3();
+    const zip = new AdmZip4();
     let packedFilesCount = 0;
     const packedFiles = [];
     const excludedFiles = [];
-    const resolvedRepoPath = path26.resolve(repositoryPath);
+    const resolvedRepoPath = path28.resolve(repositoryPath);
     for (const filepath of fileList) {
-      const absoluteFilepath = path26.join(repositoryPath, filepath);
-      const resolvedFilePath = path26.resolve(absoluteFilepath);
+      const absoluteFilepath = path28.join(repositoryPath, filepath);
+      const resolvedFilePath = path28.resolve(absoluteFilepath);
       if (!resolvedFilePath.startsWith(resolvedRepoPath)) {
         const reason = "potential path traversal security risk";
         logDebug(`[FileOperations] Skipping ${filepath} due to ${reason}`);
@@ -24781,11 +25387,11 @@ var FileOperations = class {
     fileList,
     repositoryPath
   }) {
-    const resolvedRepoPath = path26.resolve(repositoryPath);
+    const resolvedRepoPath = path28.resolve(repositoryPath);
     const validatedPaths = [];
     for (const filepath of fileList) {
-      const absoluteFilepath = path26.join(repositoryPath, filepath);
-      const resolvedFilePath = path26.resolve(absoluteFilepath);
+      const absoluteFilepath = path28.join(repositoryPath, filepath);
+      const resolvedFilePath = path28.resolve(absoluteFilepath);
       if (!resolvedFilePath.startsWith(resolvedRepoPath)) {
         logDebug(
           `[FileOperations] Rejecting ${filepath} - path traversal attempt detected`
@@ -24813,7 +25419,7 @@ var FileOperations = class {
     for (const absolutePath of filePaths) {
       try {
         const content = await fs25.promises.readFile(absolutePath);
-        const relativePath = path26.basename(absolutePath);
+        const relativePath = path28.basename(absolutePath);
         fileDataArray.push({
           relativePath,
           absolutePath,
@@ -25125,14 +25731,14 @@ var _CheckForNewAvailableFixesService = class _CheckForNewAvailableFixesService
    * since the last scan.
    */
   async scanForSecurityVulnerabilities({
-    path: path30,
+    path: path32,
     isAllDetectionRulesScan,
     isAllFilesScan,
     scanContext
   }) {
     this.hasAuthenticationFailed = false;
     logDebug(`[${scanContext}] Scanning for new security vulnerabilities`, {
-      path: path30
+      path: path32
     });
     if (!this.gqlClient) {
       logInfo(`[${scanContext}] No GQL client found, skipping scan`);
@@ -25148,11 +25754,11 @@ var _CheckForNewAvailableFixesService = class _CheckForNewAvailableFixesService
       }
       logDebug(
         `[${scanContext}] Connected to the API, assembling list of files to scan`,
-        { path: path30 }
+        { path: path32 }
       );
       const isBackgroundScan = scanContext === ScanContext.BACKGROUND_INITIAL || scanContext === ScanContext.BACKGROUND_PERIODIC;
       const files = await getLocalFiles({
-        path: path30,
+        path: path32,
         isAllFilesScan,
         scanContext,
         scanRecentlyChangedFiles: !isBackgroundScan
@@ -25178,13 +25784,13 @@ var _CheckForNewAvailableFixesService = class _CheckForNewAvailableFixesService
       });
       const { fixReportId, projectId } = await scanFiles({
         fileList: filesToScan.map((file) => file.relativePath),
-        repositoryPath: path30,
+        repositoryPath: path32,
         gqlClient: this.gqlClient,
         isAllDetectionRulesScan,
         scanContext
       });
       logInfo(
-        `[${scanContext}] Security scan completed for ${path30} reportId: ${fixReportId} projectId: ${projectId}`
+        `[${scanContext}] Security scan completed for ${path32} reportId: ${fixReportId} projectId: ${projectId}`
       );
       if (isAllFilesScan) {
         return;
@@ -25478,13 +26084,13 @@ var _CheckForNewAvailableFixesService = class _CheckForNewAvailableFixesService
     });
     return scannedFiles.some((file) => file.relativePath === fixFile);
   }
-  async getFreshFixes({ path: path30 }) {
+  async getFreshFixes({ path: path32 }) {
     const scanContext = ScanContext.USER_REQUEST;
-    logDebug(`[${scanContext}] Getting fresh fixes`, { path: path30 });
-    if (this.path !== path30) {
-      this.path = path30;
+    logDebug(`[${scanContext}] Getting fresh fixes`, { path: path32 });
+    if (this.path !== path32) {
+      this.path = path32;
       this.reset();
-      logInfo(`[${scanContext}] Reset service state for new path`, { path: path30 });
+      logInfo(`[${scanContext}] Reset service state for new path`, { path: path32 });
     }
     try {
       const loginContext = createMcpLoginContext("check_new_fixes");
@@ -25503,7 +26109,7 @@ var _CheckForNewAvailableFixesService = class _CheckForNewAvailableFixesService
       }
       throw error;
     }
-    this.triggerScan({ path: path30, gqlClient: this.gqlClient });
+    this.triggerScan({ path: path32, gqlClient: this.gqlClient });
     let isMvsAutoFixEnabled = null;
     try {
       isMvsAutoFixEnabled = await this.gqlClient.getMvsAutoFixSettings();
@@ -25537,33 +26143,33 @@ var _CheckForNewAvailableFixesService = class _CheckForNewAvailableFixesService
     return noFreshFixesPrompt;
   }
   triggerScan({
-    path: path30,
+    path: path32,
     gqlClient
   }) {
-    if (this.path !== path30) {
-      this.path = path30;
+    if (this.path !== path32) {
+      this.path = path32;
       this.reset();
-      logInfo(`Reset service state for new path in triggerScan`, { path: path30 });
+      logInfo(`Reset service state for new path in triggerScan`, { path: path32 });
     }
     this.gqlClient = gqlClient;
     if (!this.intervalId) {
-      this.startPeriodicScanning(path30);
-      this.executeInitialScan(path30);
-      void this.executeInitialFullScan(path30);
+      this.startPeriodicScanning(path32);
+      this.executeInitialScan(path32);
+      void this.executeInitialFullScan(path32);
     }
   }
-  startPeriodicScanning(path30) {
+  startPeriodicScanning(path32) {
     const scanContext = ScanContext.BACKGROUND_PERIODIC;
     logDebug(
       `[${scanContext}] Starting periodic scan for new security vulnerabilities`,
       {
-        path: path30
+        path: path32
       }
     );
     this.intervalId = setInterval(() => {
-      logDebug(`[${scanContext}] Triggering periodic security scan`, { path: path30 });
+      logDebug(`[${scanContext}] Triggering periodic security scan`, { path: path32 });
       this.scanForSecurityVulnerabilities({
-        path: path30,
+        path: path32,
         scanContext
       }).catch((error) => {
         logError(`[${scanContext}] Error during periodic security scan`, {
@@ -25572,45 +26178,45 @@ var _CheckForNewAvailableFixesService = class _CheckForNewAvailableFixesService
       });
     }, MCP_PERIODIC_CHECK_INTERVAL);
   }
-  async executeInitialFullScan(path30) {
+  async executeInitialFullScan(path32) {
     const scanContext = ScanContext.FULL_SCAN;
-    logDebug(`[${scanContext}] Triggering initial full security scan`, { path: path30 });
+    logDebug(`[${scanContext}] Triggering initial full security scan`, { path: path32 });
     logDebug(`[${scanContext}] Full scan paths scanned`, {
       fullScanPathsScanned: this.fullScanPathsScanned
     });
-    if (this.fullScanPathsScanned.includes(path30)) {
+    if (this.fullScanPathsScanned.includes(path32)) {
       logDebug(`[${scanContext}] Full scan already executed for this path`, {
-        path: path30
+        path: path32
       });
       return;
     }
     configStore.set("fullScanPathsScanned", [
       ...this.fullScanPathsScanned,
-      path30
+      path32
     ]);
     try {
       await this.scanForSecurityVulnerabilities({
-        path: path30,
+        path: path32,
         isAllFilesScan: true,
         isAllDetectionRulesScan: true,
         scanContext: ScanContext.FULL_SCAN
       });
-      if (!this.fullScanPathsScanned.includes(path30)) {
-        this.fullScanPathsScanned.push(path30);
+      if (!this.fullScanPathsScanned.includes(path32)) {
+        this.fullScanPathsScanned.push(path32);
         configStore.set("fullScanPathsScanned", this.fullScanPathsScanned);
       }
-      logInfo(`[${scanContext}] Full scan completed`, { path: path30 });
+      logInfo(`[${scanContext}] Full scan completed`, { path: path32 });
     } catch (error) {
       logError(`[${scanContext}] Error during initial full security scan`, {
         error
       });
     }
   }
-  executeInitialScan(path30) {
+  executeInitialScan(path32) {
     const scanContext = ScanContext.BACKGROUND_INITIAL;
-    logDebug(`[${scanContext}] Triggering initial security scan`, { path: path30 });
+    logDebug(`[${scanContext}] Triggering initial security scan`, { path: path32 });
     this.scanForSecurityVulnerabilities({
-      path: path30,
+      path: path32,
       scanContext: ScanContext.BACKGROUND_INITIAL
     }).catch((error) => {
       logError(`[${scanContext}] Error during initial security scan`, { error });
@@ -25707,9 +26313,9 @@ Example payload:
         `Invalid path: potential security risk detected in path: ${pathValidationResult.error}`
       );
     }
-    const path30 = pathValidationResult.path;
+    const path32 = pathValidationResult.path;
     const resultText = await this.newFixesService.getFreshFixes({
-      path: path30
+      path: path32
     });
     logInfo("CheckForNewAvailableFixesTool execution completed", {
       resultText
@@ -25887,8 +26493,8 @@ Call this tool instead of ${MCP_TOOL_SCAN_AND_FIX_VULNERABILITIES} when you only
         `Invalid path: potential security risk detected in path: ${pathValidationResult.error}`
       );
     }
-    const path30 = pathValidationResult.path;
-    const gitService = new GitService(path30, log);
+    const path32 = pathValidationResult.path;
+    const gitService = new GitService(path32, log);
     const gitValidation = await gitService.validateRepository();
     if (!gitValidation.isValid) {
       throw new Error(`Invalid git repository: ${gitValidation.error}`);
@@ -26273,9 +26879,9 @@ Example payload:
         `Invalid path: potential security risk detected in path: ${pathValidationResult.error}`
       );
     }
-    const path30 = pathValidationResult.path;
+    const path32 = pathValidationResult.path;
     const files = await getLocalFiles({
-      path: path30,
+      path: path32,
       maxFileSize: MCP_MAX_FILE_SIZE,
       maxFiles: args.maxFiles,
       scanContext: ScanContext.USER_REQUEST,
@@ -26295,7 +26901,7 @@ Example payload:
     try {
       const fixResult = await this.vulnerabilityFixService.processVulnerabilities({
         fileList: files.map((file) => file.relativePath),
-        repositoryPath: path30,
+        repositoryPath: path32,
         offset: args.offset,
         limit: args.limit,
         isRescan: args.rescan || !!args.maxFiles
@@ -26596,10 +27202,10 @@ init_client_generates();
 init_urlParser2();
 
 // src/features/codeium_intellij/codeium_language_server_grpc_client.ts
-import path27 from "path";
+import path29 from "path";
 import * as grpc from "@grpc/grpc-js";
 import * as protoLoader from "@grpc/proto-loader";
-var PROTO_PATH = path27.join(
+var PROTO_PATH = path29.join(
   getModuleRootDir(),
   "src/features/codeium_intellij/proto/exa/language_server_pb/language_server.proto"
 );
@@ -26611,7 +27217,7 @@ function loadProto() {
     defaults: true,
     oneofs: true,
     includeDirs: [
-      path27.join(getModuleRootDir(), "src/features/codeium_intellij/proto")
+      path29.join(getModuleRootDir(), "src/features/codeium_intellij/proto")
     ]
   });
   return grpc.loadPackageDefinition(
@@ -26667,28 +27273,28 @@ async function getGrpcClient(port, csrf3) {
 // src/features/codeium_intellij/parse_intellij_logs.ts
 import fs27 from "fs";
 import os14 from "os";
-import path28 from "path";
+import path30 from "path";
 function getLogsDir() {
   if (process.platform === "darwin") {
-    return path28.join(os14.homedir(), "Library/Logs/JetBrains");
+    return path30.join(os14.homedir(), "Library/Logs/JetBrains");
   } else if (process.platform === "win32") {
-    return path28.join(
-      process.env["LOCALAPPDATA"] || path28.join(os14.homedir(), "AppData/Local"),
+    return path30.join(
+      process.env["LOCALAPPDATA"] || path30.join(os14.homedir(), "AppData/Local"),
       "JetBrains"
     );
   } else {
-    return path28.join(os14.homedir(), ".cache/JetBrains");
+    return path30.join(os14.homedir(), ".cache/JetBrains");
   }
 }
 function parseIdeLogDir(ideLogDir) {
   const logFiles = fs27.readdirSync(ideLogDir).filter((f) => /^idea(\.\d+)?\.log$/.test(f)).map((f) => ({
     name: f,
-    mtime: fs27.statSync(path28.join(ideLogDir, f)).mtimeMs
+    mtime: fs27.statSync(path30.join(ideLogDir, f)).mtimeMs
   })).sort((a, b) => a.mtime - b.mtime).map((f) => f.name);
   let latestCsrf = null;
   let latestPort = null;
   for (const logFile of logFiles) {
-    const lines = fs27.readFileSync(path28.join(ideLogDir, logFile), "utf-8").split("\n");
+    const lines = fs27.readFileSync(path30.join(ideLogDir, logFile), "utf-8").split("\n");
     for (const line of lines) {
       if (!line.includes(
         "com.codeium.intellij.language_server.LanguageServerProcessHandler"
@@ -26716,9 +27322,9 @@ function findRunningCodeiumLanguageServers() {
   const logsDir = getLogsDir();
   if (!fs27.existsSync(logsDir)) return results;
   for (const ide of fs27.readdirSync(logsDir)) {
-    let ideLogDir = path28.join(logsDir, ide);
+    let ideLogDir = path30.join(logsDir, ide);
     if (process.platform !== "darwin") {
-      ideLogDir = path28.join(ideLogDir, "log");
+      ideLogDir = path30.join(ideLogDir, "log");
     }
     if (!fs27.existsSync(ideLogDir) || !fs27.statSync(ideLogDir).isDirectory()) {
       continue;
@@ -26901,10 +27507,10 @@ function processChatStepCodeAction(step) {
 // src/features/codeium_intellij/install_hook.ts
 import fsPromises5 from "fs/promises";
 import os15 from "os";
-import path29 from "path";
+import path31 from "path";
 import chalk14 from "chalk";
 function getCodeiumHooksPath() {
-  return path29.join(os15.homedir(), ".codeium", "hooks.json");
+  return path31.join(os15.homedir(), ".codeium", "hooks.json");
 }
 async function readCodeiumHooks() {
   const hooksPath = getCodeiumHooksPath();
@@ -26917,7 +27523,7 @@ async function readCodeiumHooks() {
 }
 async function writeCodeiumHooks(config2) {
   const hooksPath = getCodeiumHooksPath();
-  const dir = path29.dirname(hooksPath);
+  const dir = path31.dirname(hooksPath);
   await fsPromises5.mkdir(dir, { recursive: true });
   await fsPromises5.writeFile(
     hooksPath,