npm - mobbdev - Versions diffs - 1.3.7 → 1.4.1 - Mend

mobbdev 1.3.7 → 1.4.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (4) hide show

package/dist/args/commands/upload_ai_blame.d.mts +40 -40
package/dist/args/commands/upload_ai_blame.mjs +57 -5
package/dist/index.mjs +1463 -386
package/package.json +4 -1

package/dist/index.mjs CHANGED Viewed

@@ -129,10 +129,13 @@ function getSdk(client, withWrapper = defaultWrapper) {
     },
     ScanSkill(variables, requestHeaders, signal) {
       return withWrapper((wrappedRequestHeaders) => client.request({ document: ScanSkillDocument, variables, requestHeaders: { ...requestHeaders, ...wrappedRequestHeaders }, signal }), "ScanSkill", "mutation", variables);
+    },
+    SkillVerdictsByMd5(variables, requestHeaders, signal) {
+      return withWrapper((wrappedRequestHeaders) => client.request({ document: SkillVerdictsByMd5Document, variables, requestHeaders: { ...requestHeaders, ...wrappedRequestHeaders }, signal }), "SkillVerdictsByMd5", "query", variables);
     }
   };
 }
-var AiBlameInferenceType, FixQuestionInputType, Language, ManifestAction, Effort_To_Apply_Fix_Enum, Fix_Rating_Tag_Enum, Fix_Report_State_Enum, Fix_State_Enum, IssueLanguage_Enum, IssueType_Enum, Pr_Status_Enum, Project_Role_Type_Enum, Vulnerability_Report_Issue_Category_Enum, Vulnerability_Report_Issue_State_Enum, Vulnerability_Report_Issue_Tag_Enum, Vulnerability_Report_Vendor_Enum, Vulnerability_Severity_Enum, FixDetailsFragmentDoc, FixReportSummaryFieldsFragmentDoc, MeDocument, GetLastOrgAndNamedProjectDocument, GetLastOrgDocument, GetEncryptedApiTokenDocument, FixReportStateDocument, GetVulnerabilityReportPathsDocument, GetAnalysisSubscriptionDocument, GetAnalysisDocument, GetFixesDocument, GetVulByNodesMetadataDocument, GetFalsePositiveDocument, UpdateScmTokenDocument, UploadS3BucketInfoDocument, GetTracyDiffUploadUrlDocument, AnalyzeCommitForExtensionAiBlameDocument, GetAiBlameInferenceDocument, GetAiBlameAttributionPromptDocument, GetPromptSummaryDocument, UploadAiBlameInferencesInitDocument, FinalizeAiBlameInferencesUploadDocument, UploadTracyRecordsDocument, GetTracyRawDataUploadUrlDocument, DigestVulnerabilityReportDocument, SubmitVulnerabilityReportDocument, CreateCommunityUserDocument, CreateCliLoginDocument, PerformCliLoginDocument, CreateProjectDocument, ValidateRepoUrlDocument, GitReferenceDocument, AutoPrAnalysisDocument, GetFixReportsByRepoUrlDocument, GetReportFixesDocument, GetLatestReportByRepoUrlDocument, UpdateDownloadedFixDataDocument, GetUserMvsAutoFixDocument, StreamBlameAiAnalysisRequestsDocument, StreamCommitBlameRequestsDocument, ScanSkillDocument, defaultWrapper;
+var AiBlameInferenceType, FixQuestionInputType, Language, ManifestAction, Effort_To_Apply_Fix_Enum, Fix_Rating_Tag_Enum, Fix_Report_State_Enum, Fix_State_Enum, IssueLanguage_Enum, IssueType_Enum, Pr_Status_Enum, Project_Role_Type_Enum, Vulnerability_Report_Issue_Category_Enum, Vulnerability_Report_Issue_State_Enum, Vulnerability_Report_Issue_Tag_Enum, Vulnerability_Report_Vendor_Enum, Vulnerability_Severity_Enum, FixDetailsFragmentDoc, FixReportSummaryFieldsFragmentDoc, MeDocument, GetLastOrgAndNamedProjectDocument, GetLastOrgDocument, GetEncryptedApiTokenDocument, FixReportStateDocument, GetVulnerabilityReportPathsDocument, GetAnalysisSubscriptionDocument, GetAnalysisDocument, GetFixesDocument, GetVulByNodesMetadataDocument, GetFalsePositiveDocument, UpdateScmTokenDocument, UploadS3BucketInfoDocument, GetTracyDiffUploadUrlDocument, AnalyzeCommitForExtensionAiBlameDocument, GetAiBlameInferenceDocument, GetAiBlameAttributionPromptDocument, GetPromptSummaryDocument, UploadAiBlameInferencesInitDocument, FinalizeAiBlameInferencesUploadDocument, UploadTracyRecordsDocument, GetTracyRawDataUploadUrlDocument, DigestVulnerabilityReportDocument, SubmitVulnerabilityReportDocument, CreateCommunityUserDocument, CreateCliLoginDocument, PerformCliLoginDocument, CreateProjectDocument, ValidateRepoUrlDocument, GitReferenceDocument, AutoPrAnalysisDocument, GetFixReportsByRepoUrlDocument, GetReportFixesDocument, GetLatestReportByRepoUrlDocument, UpdateDownloadedFixDataDocument, GetUserMvsAutoFixDocument, StreamBlameAiAnalysisRequestsDocument, StreamCommitBlameRequestsDocument, ScanSkillDocument, SkillVerdictsByMd5Document, defaultWrapper;
 var init_client_generates = __esm({
   "src/features/analysis/scm/generates/client_generates.ts"() {
     "use strict";
@@ -260,10 +263,12 @@ var init_client_generates = __esm({
       IssueType_Enum2["ImproperExceptionHandling"] = "IMPROPER_EXCEPTION_HANDLING";
       IssueType_Enum2["ImproperResourceShutdownOrRelease"] = "IMPROPER_RESOURCE_SHUTDOWN_OR_RELEASE";
       IssueType_Enum2["ImproperStringFormatting"] = "IMPROPER_STRING_FORMATTING";
+      IssueType_Enum2["ImproperValidationOfArrayIndex"] = "IMPROPER_VALIDATION_OF_ARRAY_INDEX";
       IssueType_Enum2["IncompleteHostnameRegex"] = "INCOMPLETE_HOSTNAME_REGEX";
       IssueType_Enum2["IncompleteSanitization"] = "INCOMPLETE_SANITIZATION";
       IssueType_Enum2["IncompleteUrlSanitization"] = "INCOMPLETE_URL_SANITIZATION";
       IssueType_Enum2["IncompleteUrlSchemeCheck"] = "INCOMPLETE_URL_SCHEME_CHECK";
+      IssueType_Enum2["IncorrectIntegerConversion"] = "INCORRECT_INTEGER_CONVERSION";
       IssueType_Enum2["IncorrectSqlApiUsage"] = "INCORRECT_SQL_API_USAGE";
       IssueType_Enum2["InformationExposureViaHeaders"] = "INFORMATION_EXPOSURE_VIA_HEADERS";
       IssueType_Enum2["InsecureBinderConfiguration"] = "INSECURE_BINDER_CONFIGURATION";
@@ -288,6 +293,7 @@ var init_client_generates = __esm({
       IssueType_Enum2["MissingUser"] = "MISSING_USER";
       IssueType_Enum2["MissingWhitespace"] = "MISSING_WHITESPACE";
       IssueType_Enum2["MissingWorkflowPermissions"] = "MISSING_WORKFLOW_PERMISSIONS";
+      IssueType_Enum2["MissingXFrameOptions"] = "MISSING_X_FRAME_OPTIONS";
       IssueType_Enum2["ModifiedDefaultParam"] = "MODIFIED_DEFAULT_PARAM";
       IssueType_Enum2["NonFinalPublicStaticField"] = "NON_FINAL_PUBLIC_STATIC_FIELD";
       IssueType_Enum2["NonReadonlyField"] = "NON_READONLY_FIELD";
@@ -405,6 +411,7 @@ var init_client_generates = __esm({
       return Vulnerability_Report_Issue_Tag_Enum3;
     })(Vulnerability_Report_Issue_Tag_Enum || {});
     Vulnerability_Report_Vendor_Enum = /* @__PURE__ */ ((Vulnerability_Report_Vendor_Enum3) => {
+      Vulnerability_Report_Vendor_Enum3["BlackDuck"] = "blackDuck";
       Vulnerability_Report_Vendor_Enum3["Checkmarx"] = "checkmarx";
       Vulnerability_Report_Vendor_Enum3["CheckmarxXml"] = "checkmarxXml";
       Vulnerability_Report_Vendor_Enum3["Codeql"] = "codeql";
@@ -1265,6 +1272,18 @@ var init_client_generates = __esm({
     cached
     summary
   }
+}
+    `;
+    SkillVerdictsByMd5Document = `
+    query SkillVerdictsByMd5($md5s: [String!]!) {
+  skillVerdictsByMd5(md5s: $md5s) {
+    md5
+    verdict
+    summary
+    scannerName
+    scannerVersion
+    scannedAt
+  }
 }
     `;
     defaultWrapper = (action, _operationName, _operationType, _variables) => action();
@@ -1452,7 +1471,10 @@ var init_getIssueType = __esm({
       ["REDUNDANT_NIL_ERROR_CHECK" /* RedundantNilErrorCheck */]: "Redundant Nil Error Check",
       ["MISSING_WORKFLOW_PERMISSIONS" /* MissingWorkflowPermissions */]: "Missing Workflow Permissions",
       ["EXCESSIVE_SECRETS_EXPOSURE" /* ExcessiveSecretsExposure */]: "Excessive Secrets Exposure",
-      ["TAINTED_NUMERIC_CAST" /* TaintedNumericCast */]: "Tainted Numeric Cast"
+      ["TAINTED_NUMERIC_CAST" /* TaintedNumericCast */]: "Tainted Numeric Cast",
+      ["MISSING_X_FRAME_OPTIONS" /* MissingXFrameOptions */]: "Missing X-Frame-Options Header",
+      ["IMPROPER_VALIDATION_OF_ARRAY_INDEX" /* ImproperValidationOfArrayIndex */]: "Improper Validation of Array Index",
+      ["INCORRECT_INTEGER_CONVERSION" /* IncorrectIntegerConversion */]: "Incorrect Integer Conversion"
     };
     issueTypeZ = z.nativeEnum(IssueType_Enum);
     getIssueTypeFriendlyString = (issueType) => {
@@ -3579,8 +3601,8 @@ var init_FileUtils = __esm({
           const fullPath = path.join(dir, item);
           try {
             await fsPromises.access(fullPath, fs.constants.R_OK);
-            const stat3 = await fsPromises.stat(fullPath);
-            if (stat3.isDirectory()) {
+            const stat4 = await fsPromises.stat(fullPath);
+            if (stat4.isDirectory()) {
               if (isRootLevel && excludedRootDirectories.includes(item)) {
                 continue;
               }
@@ -3592,7 +3614,7 @@ var init_FileUtils = __esm({
                 name: item,
                 fullPath,
                 relativePath: path.relative(rootDir, fullPath),
-                time: stat3.mtime.getTime(),
+                time: stat4.mtime.getTime(),
                 isFile: true
               });
             }
@@ -4645,7 +4667,10 @@ var fixDetailsData = {
   ["REDUNDANT_NIL_ERROR_CHECK" /* RedundantNilErrorCheck */]: void 0,
   ["MISSING_WORKFLOW_PERMISSIONS" /* MissingWorkflowPermissions */]: void 0,
   ["EXCESSIVE_SECRETS_EXPOSURE" /* ExcessiveSecretsExposure */]: void 0,
-  ["TAINTED_NUMERIC_CAST" /* TaintedNumericCast */]: void 0
+  ["TAINTED_NUMERIC_CAST" /* TaintedNumericCast */]: void 0,
+  ["MISSING_X_FRAME_OPTIONS" /* MissingXFrameOptions */]: void 0,
+  ["IMPROPER_VALIDATION_OF_ARRAY_INDEX" /* ImproperValidationOfArrayIndex */]: void 0,
+  ["INCORRECT_INTEGER_CONVERSION" /* IncorrectIntegerConversion */]: void 0
 };
 // src/features/analysis/scm/shared/src/commitDescriptionMarkup.ts
@@ -5982,6 +6007,19 @@ var headerMaxAge = {
   }
 };
+// src/features/analysis/scm/shared/src/storedQuestionData/js/missingXFrameOptions.ts
+var xFrameOptionsValue = {
+  xFrameOptionsValue: {
+    content: () => "Please provide the value for the X-Frame-Options header",
+    description: () => `The \`X-Frame-Options\` HTTP response header tells the browser whether the page is allowed to be rendered inside a \`<frame>\`, \`<iframe>\`, \`<embed>\` or \`<object>\`. Without it, attackers can embed your application in an invisible iframe and trick users into clicking on it \u2014 a class of attacks known as clickjacking (UI redressing).
+&nbsp;
+&nbsp;    **Allowed values:**
+&nbsp;    - \`DENY\` \u2014 the page cannot be framed by any site, including your own. Recommended default for any page that does not need to be embedded.
+&nbsp;    - \`SAMEORIGIN\` \u2014 the page can only be framed by pages served from the same origin. Use this only if your own application legitimately embeds this page in an iframe.`,
+    guidance: () => ``
+  }
+};
 // src/features/analysis/scm/shared/src/storedQuestionData/js/noLimitsOrThrottling.ts
 var noLimitsOrThrottling2 = {
   setGlobalLimiter: {
@@ -6126,6 +6164,7 @@ var vulnerabilities13 = {
   ["UNCHECKED_LOOP_CONDITION" /* UncheckedLoopCondition */]: uncheckedLoopCondition2,
   ["NO_LIMITS_OR_THROTTLING" /* NoLimitsOrThrottling */]: noLimitsOrThrottling2,
   ["MISSING_CSP_HEADER" /* MissingCspHeader */]: cspHeaderValue,
+  ["MISSING_X_FRAME_OPTIONS" /* MissingXFrameOptions */]: xFrameOptionsValue,
   ["HARDCODED_DOMAIN_IN_HTML" /* HardcodedDomainInHtml */]: hardcodedDomainInHtml,
   ["CSRF" /* Csrf */]: csrf2
 };
@@ -6446,6 +6485,13 @@ var ReferenceType = /* @__PURE__ */ ((ReferenceType2) => {
   ReferenceType2["TAG"] = "TAG";
   return ReferenceType2;
 })(ReferenceType || {});
+var GithubFullShaZ = z13.string().regex(/^[a-f0-9]{40}$/);
+var MergedPrSurvivalMetadataZ = z13.object({
+  mergeCommitShas: z13.array(GithubFullShaZ).min(1).refine((shas) => new Set(shas).size === shas.length, {
+    message: "mergeCommitShas must contain unique SHAs"
+  }),
+  targetBranch: z13.string().min(1)
+});
 var ScmLibScmType = /* @__PURE__ */ ((ScmLibScmType2) => {
   ScmLibScmType2["GITHUB"] = "GITHUB";
   ScmLibScmType2["GITLAB"] = "GITLAB";
@@ -7132,7 +7178,7 @@ async function getAdoSdk(params) {
       const url = new URL(repoUrl);
       const origin = url.origin.toLowerCase().endsWith(".visualstudio.com") ? DEFUALT_ADO_ORIGIN : url.origin.toLowerCase();
       const params2 = `path=/&versionDescriptor[versionOptions]=0&versionDescriptor[versionType]=commit&versionDescriptor[version]=${branch}&resolveLfs=true&$format=zip&api-version=5.0&download=true`;
-      const path32 = [
+      const path35 = [
         prefixPath,
         owner,
         projectName,
@@ -7143,7 +7189,7 @@ async function getAdoSdk(params) {
         "items",
         "items"
       ].filter(Boolean).join("/");
-      return new URL(`${path32}?${params2}`, origin).toString();
+      return new URL(`${path35}?${params2}`, origin).toString();
     },
     async getAdoBranchList({ repoUrl }) {
       try {
@@ -7232,8 +7278,8 @@ async function getAdoSdk(params) {
         const changeType = entry.changeType;
         return changeType !== 16 && entry.item?.path;
       }).map((entry) => {
-        const path32 = entry.item.path;
-        return path32.startsWith("/") ? path32.slice(1) : path32;
+        const path35 = entry.item.path;
+        return path35.startsWith("/") ? path35.slice(1) : path35;
       });
     },
     async searchAdoPullRequests({
@@ -7634,6 +7680,12 @@ var SCMLib = class {
   async getPrDataBatch(_repoUrl, _prNumbers) {
     throw new Error("getPrDataBatch not implemented for this SCM provider");
   }
+  /**
+   * GitHub: merge detection for main-branch survival. Other providers return null.
+   */
+  async getMergedPrSurvivalMetadata(_prNumber) {
+    return null;
+  }
   getAccessToken() {
     return this.accessToken || "";
   }
@@ -8895,6 +8947,24 @@ async function encryptSecret(secret, key) {
   return sodium.to_base64(encBytes, sodium.base64_variants.ORIGINAL);
 }
+// src/features/analysis/scm/github/utils/mergeCommitShas.ts
+async function commitShasBetweenBaseAndMerge(githubSdk, args) {
+  let compare;
+  try {
+    compare = await githubSdk.compareCommitsBasehead({
+      owner: args.owner,
+      repo: args.repo,
+      basehead: `${args.baseSha}...${args.mergeCommitSha}`
+    });
+  } catch (err) {
+    throw new Error(
+      `Failed to compare commits ${args.baseSha}...${args.mergeCommitSha}: ${err instanceof Error ? err.message : String(err)}`
+    );
+  }
+  const shas = compare.data.commits.map((c) => c.sha);
+  return shas.length > 0 ? shas : [args.mergeCommitSha];
+}
 // src/features/analysis/scm/github/utils/utils.ts
 import { Octokit } from "octokit";
 import { fetch as fetch2, ProxyAgent } from "undici";
@@ -9627,6 +9697,12 @@ function getGithubSdk(params = {}) {
       );
       return res;
     },
+    async listPullRequestCommits(params2) {
+      return octokit.rest.pulls.listCommits(params2);
+    },
+    async compareCommitsBasehead(params2) {
+      return octokit.rest.repos.compareCommitsWithBasehead(params2);
+    },
     /**
      * List PRs using GitHub's REST `/repos/{owner}/{repo}/pulls` endpoint.
      * https://docs.github.com/en/rest/pulls/pulls?apiVersion=2022-11-28#list-pull-requests
@@ -10441,6 +10517,34 @@ var GithubSCMLib = class extends SCMLib {
       commentIds
     };
   }
+  /**
+   * Detect merge strategy and SHAs on the target branch for main-branch survival (GitHub only).
+   */
+  async getMergedPrSurvivalMetadata(prNumber) {
+    this._validateAccessTokenAndUrl();
+    const { owner, repo } = parseGithubOwnerAndRepo(this.url);
+    const pr = await this.githubSdk.getPr({
+      owner,
+      repo,
+      pull_number: prNumber
+    });
+    if (pr.data.merged !== true || !pr.data.merge_commit_sha) {
+      return null;
+    }
+    const mergeCommitSha = pr.data.merge_commit_sha;
+    const targetBranch = pr.data.base.ref;
+    const baseSha = pr.data.base.sha;
+    const mergeCommitShas = await commitShasBetweenBaseAndMerge(
+      this.githubSdk,
+      {
+        owner,
+        repo,
+        baseSha,
+        mergeCommitSha
+      }
+    );
+    return { mergeCommitShas, targetBranch };
+  }
 };
 // src/features/analysis/scm/gitlab/gitlab.ts
@@ -12447,7 +12551,8 @@ var SCANNERS = {
   Snyk: "snyk",
   Sonarqube: "sonarqube",
   Semgrep: "semgrep",
-  Datadog: "datadog"
+  Datadog: "datadog",
+  BlackDuck: "blackduck"
 };
 var scannerToVulnerabilityReportVendorEnum = {
   [SCANNERS.Checkmarx]: "checkmarx" /* Checkmarx */,
@@ -12456,7 +12561,8 @@ var scannerToVulnerabilityReportVendorEnum = {
   [SCANNERS.Codeql]: "codeql" /* Codeql */,
   [SCANNERS.Fortify]: "fortify" /* Fortify */,
   [SCANNERS.Semgrep]: "semgrep" /* Semgrep */,
-  [SCANNERS.Datadog]: "datadog" /* Datadog */
+  [SCANNERS.Datadog]: "datadog" /* Datadog */,
+  [SCANNERS.BlackDuck]: "blackDuck" /* BlackDuck */
 };
 var SupportedScannersZ = z25.enum([SCANNERS.Checkmarx, SCANNERS.Snyk]);
 var envVariablesSchema = z25.object({
@@ -13539,6 +13645,10 @@ var GQLClient = class {
   async scanSkill(variables) {
     return await this._clientSdk.ScanSkill(variables);
   }
+  // T-467 — batched verdict lookup for the client-side quarantine check.
+  async skillVerdictsByMd5(md5s) {
+    return await this._clientSdk.SkillVerdictsByMd5({ md5s });
+  }
 };
 // src/features/analysis/graphql/tracy-batch-upload.ts
@@ -14871,7 +14981,8 @@ var scannerToFriendlyString = {
   snyk: "Snyk",
   sonarqube: "Sonarqube",
   semgrep: "Semgrep",
-  datadog: "Datadog"
+  datadog: "Datadog",
+  blackduck: "Black Duck"
 };
 // src/features/analysis/add_fix_comments_for_pr/utils/buildCommentBody.ts
@@ -15061,7 +15172,7 @@ async function postIssueComment(params) {
     fpDescription
   } = params;
   const {
-    path: path32,
+    path: path35,
     startLine,
     vulnerabilityReportIssue: {
       vulnerabilityReportIssueTags,
@@ -15076,7 +15187,7 @@ async function postIssueComment(params) {
 Refresh the page in order to see the changes.`,
     pull_number: pullRequest,
     commit_id: commitSha,
-    path: path32,
+    path: path35,
     line: startLine
   });
   const commentId = commentRes.data.id;
@@ -15110,7 +15221,7 @@ async function postFixComment(params) {
     scanner
   } = params;
   const {
-    path: path32,
+    path: path35,
     startLine,
     vulnerabilityReportIssue: { fixId, vulnerabilityReportIssueTags, category },
     vulnerabilityReportIssueId
@@ -15128,7 +15239,7 @@ async function postFixComment(params) {
 Refresh the page in order to see the changes.`,
     pull_number: pullRequest,
     commit_id: commitSha,
-    path: path32,
+    path: path35,
     line: startLine
   });
   const commentId = commentRes.data.id;
@@ -16650,8 +16761,8 @@ async function resolveSkillScanInput(skillInput) {
   if (!fs11.existsSync(resolvedPath)) {
     return skillInput;
   }
-  const stat3 = fs11.statSync(resolvedPath);
-  if (!stat3.isDirectory()) {
+  const stat4 = fs11.statSync(resolvedPath);
+  if (!stat4.isDirectory()) {
     throw new CliError(
       "Local skill input must be a directory containing SKILL.md"
     );
@@ -16979,7 +17090,7 @@ function analyzeBuilder(yargs2) {
     alias: "scan-file",
     type: "string",
     describe: chalk10.bold(
-      "Select the vulnerability report to analyze (Checkmarx, Snyk, Fortify, CodeQL, Sonarqube, Semgrep, Datadog)"
+      "Select the vulnerability report to analyze (Checkmarx, Snyk, Fortify, CodeQL, Sonarqube, Semgrep, Datadog, Black Duck)"
     )
   }).option("repo", repoOption).option("p", {
     alias: "src-path",
@@ -17050,108 +17161,27 @@ import { spawn } from "child_process";
 // src/features/claude_code/daemon.ts
 import { readFileSync, writeFileSync as writeFileSync2 } from "fs";
-import path19 from "path";
+import path22 from "path";
 import { setTimeout as sleep2 } from "timers/promises";
 import Configstore3 from "configstore";
-// src/features/claude_code/daemon_pid_file.ts
-import fs13 from "fs";
-import os4 from "os";
-import path13 from "path";
-// src/features/claude_code/data_collector_constants.ts
-var CC_VERSION_CACHE_KEY = "claudeCode.detectedCCVersion";
-var CC_VERSION_CLI_KEY = "claudeCode.detectedCCVersionCli";
-var GQL_AUTH_TIMEOUT_MS = 15e3;
-var STALE_KEY_MAX_AGE_MS = 14 * 24 * 60 * 60 * 1e3;
-var CLEANUP_INTERVAL_MS = 24 * 60 * 60 * 1e3;
-var DAEMON_TTL_MS = 30 * 60 * 1e3;
-var DAEMON_POLL_INTERVAL_MS = 1e4;
-var HEARTBEAT_STALE_MS = 3e4;
-var TRANSCRIPT_MAX_AGE_MS = 24 * 60 * 60 * 1e3;
-var DAEMON_CHUNK_SIZE = 50;
-// src/features/claude_code/daemon_pid_file.ts
-function getMobbdevDir() {
-  return path13.join(os4.homedir(), ".mobbdev");
-}
-function getDaemonCheckScriptPath() {
-  return path13.join(getMobbdevDir(), "daemon-check.js");
-}
-var DaemonPidFile = class {
-  constructor() {
-    __publicField(this, "data", null);
-  }
-  get filePath() {
-    return path13.join(getMobbdevDir(), "daemon.pid");
-  }
-  /** Ensure ~/.mobbdev/ directory exists. */
-  ensureDir() {
-    fs13.mkdirSync(getMobbdevDir(), { recursive: true });
-  }
-  /** Read the PID file from disk. Returns the parsed data or null. */
-  read() {
-    try {
-      const raw = fs13.readFileSync(this.filePath, "utf8");
-      const parsed = JSON.parse(raw);
-      if (typeof parsed.pid !== "number" || typeof parsed.startedAt !== "number" || typeof parsed.heartbeat !== "number") {
-        this.data = null;
-      } else {
-        this.data = parsed;
-      }
-    } catch {
-      this.data = null;
-    }
-    return this.data;
-  }
-  /** Write a new PID file for the given process id. */
-  write(pid, version) {
-    this.data = {
-      pid,
-      startedAt: Date.now(),
-      heartbeat: Date.now(),
-      version
-    };
-    fs13.writeFileSync(this.filePath, JSON.stringify(this.data), "utf8");
-  }
-  /** Update the heartbeat timestamp of the current PID file. */
-  updateHeartbeat() {
-    if (!this.data) this.read();
-    if (!this.data) return;
-    this.data.heartbeat = Date.now();
-    fs13.writeFileSync(this.filePath, JSON.stringify(this.data), "utf8");
-  }
-  /** Check whether the previously read PID data represents a live daemon. */
-  isAlive() {
-    if (!this.data) return false;
-    if (Date.now() - this.data.heartbeat > HEARTBEAT_STALE_MS) return false;
-    try {
-      process.kill(this.data.pid, 0);
-      return true;
-    } catch {
-      return false;
-    }
-  }
-  /** Remove the PID file from disk (best-effort). */
-  remove() {
-    this.data = null;
-    try {
-      fs13.unlinkSync(this.filePath);
-    } catch {
-    }
-  }
-};
+// src/features/analysis/skill_quarantine/constants.ts
+var HEARTBEAT_DEBOUNCE_MS = (() => {
+  const raw = Number(process.env["MOBB_TRACY_SKILL_QUARANTINE_DEBOUNCE_MS"]);
+  if (!Number.isFinite(raw) || raw < 0) return 3e4;
+  return Math.min(raw, 3e5);
+})();
+var KILL_SWITCH_ENV = "MOBB_TRACY_SKILL_QUARANTINE_DISABLE";
+var MALICIOUS_VERDICT = "MALICIOUS";
+var ORPHAN_SWEEP_GRACE_MS = 10 * 60 * 1e3;
-// src/features/claude_code/data_collector.ts
-import { execFile } from "child_process";
-import { createHash as createHash3 } from "crypto";
-import { access, open as open4, readdir, readFile as readFile2, unlink } from "fs/promises";
-import path16 from "path";
-import { promisify } from "util";
+// src/features/analysis/skill_quarantine/enumerateInstalledSkills.ts
+import { homedir as homedir2 } from "os";
+import path15 from "path";
 // src/features/analysis/context_file_processor.ts
 import { createHash } from "crypto";
-import path14 from "path";
+import path13 from "path";
 import AdmZip3 from "adm-zip";
 import pLimit6 from "p-limit";
 var SANITIZE_CONCURRENCY = 5;
@@ -17185,8 +17215,12 @@ async function processContextFiles(regularFiles, skillGroups) {
         );
         for (const file of sortedFiles) {
           const sanitizedContent = await sanitizeFileContent(file.content);
-          const zipEntryName = group.isFolder ? path14.relative(group.skillPath, file.path).replace(/\\/g, "/") : path14.basename(file.path);
+          const zipEntryName = group.isFolder ? path13.relative(group.skillPath, file.path).replace(/\\/g, "/") : path13.basename(file.path);
           zip.addFile(zipEntryName, Buffer.from(sanitizedContent, "utf-8"));
+          const entry = zip.getEntry(zipEntryName);
+          if (entry) {
+            entry.header.time = /* @__PURE__ */ new Date(0);
+          }
         }
         const zipBuffer = zip.toBuffer();
         const md5 = md5Hex(zipBuffer);
@@ -17198,30 +17232,14 @@ async function processContextFiles(regularFiles, skillGroups) {
 }
 // src/features/analysis/context_file_scanner.ts
-import { readFile, stat } from "fs/promises";
+import { lstat, readdir, readFile, realpath, stat } from "fs/promises";
 import { homedir } from "os";
-import path15 from "path";
+import path14 from "path";
 import { globby as globby2 } from "globby";
-var MAX_CONTEXT_FILE_SIZE = 20 * 1024 * 1024;
+import { parse as parseJsoncLib } from "jsonc-parser";
+// src/features/analysis/context_file_scan_paths.ts
 var SKILL_CATEGORY = "skill";
-var SESSION_TTL_MS = 24 * 60 * 60 * 1e3;
-var sessionMtimes = /* @__PURE__ */ new Map();
-function markContextFilesUploaded(sessionId, files, skills) {
-  let entry = sessionMtimes.get(sessionId);
-  if (!entry) {
-    entry = { files: /* @__PURE__ */ new Map(), skills: /* @__PURE__ */ new Map(), lastUpdatedAt: Date.now() };
-    sessionMtimes.set(sessionId, entry);
-  }
-  for (const f of files) {
-    entry.files.set(f.path, f.mtimeMs);
-  }
-  if (skills) {
-    for (const sg of skills) {
-      entry.skills.set(sg.sessionKey, sg.maxMtimeMs);
-    }
-  }
-  entry.lastUpdatedAt = Date.now();
-}
 var SCAN_PATHS = {
   "claude-code": [
     { glob: "CLAUDE.md", category: "rule", root: "workspace" },
@@ -17237,20 +17255,16 @@ var SCAN_PATHS = {
       category: "memory",
       root: "home"
     },
-    {
-      glob: ".claude/skills/**/*",
-      category: SKILL_CATEGORY,
-      root: "workspace"
-    },
-    { glob: ".claude/commands/*.md", category: "command", root: "workspace" },
+    { kind: "skill-bundle", skillsRoot: ".claude/skills", root: "workspace" },
+    { glob: ".claude/commands/*.md", category: "skill", root: "workspace" },
     {
       glob: ".claude/agents/*.md",
-      category: "agent-config",
+      category: SKILL_CATEGORY,
       root: "workspace"
     },
-    { glob: ".claude/skills/**/*", category: SKILL_CATEGORY, root: "home" },
-    { glob: ".claude/commands/*.md", category: "command", root: "home" },
-    { glob: ".claude/agents/*.md", category: "agent-config", root: "home" },
+    { kind: "skill-bundle", skillsRoot: ".claude/skills", root: "home" },
+    { glob: ".claude/commands/*.md", category: "skill", root: "home" },
+    { glob: ".claude/agents/*.md", category: SKILL_CATEGORY, root: "home" },
     { glob: ".claude/settings.json", category: "config", root: "workspace" },
     {
       glob: ".claude/settings.local.json",
@@ -17263,88 +17277,415 @@ var SCAN_PATHS = {
     { glob: ".claudeignore", category: "ignore", root: "workspace" }
   ],
   cursor: [
+    // Legacy single-file rules
     { glob: ".cursorrules", category: "rule", root: "workspace" },
+    // Project Rules — docs support both `.mdc` and `.md` inside .cursor/rules/
     { glob: ".cursor/rules/**/*.mdc", category: "rule", root: "workspace" },
+    { glob: ".cursor/rules/**/*.md", category: "rule", root: "workspace" },
+    // AGENTS.md — Cursor's documented alternative to .cursor/rules/
+    { glob: "AGENTS.md", category: "rule", root: "workspace" },
+    // Agent skills — Cursor auto-loads from these dirs plus compat with
+    // Claude / Codex / generic .agents/ per Cursor docs.
+    { kind: "skill-bundle", skillsRoot: ".cursor/skills", root: "workspace" },
+    { kind: "skill-bundle", skillsRoot: ".agents/skills", root: "workspace" },
+    { kind: "skill-bundle", skillsRoot: ".claude/skills", root: "workspace" },
+    { kind: "skill-bundle", skillsRoot: ".codex/skills", root: "workspace" },
+    // MCP — project + global
     { glob: ".cursor/mcp.json", category: "mcp-config", root: "workspace" },
     { glob: ".cursor/mcp.json", category: "mcp-config", root: "home" },
+    // Home skills (user-level cross-project skills)
+    { kind: "skill-bundle", skillsRoot: ".cursor/skills", root: "home" },
+    { kind: "skill-bundle", skillsRoot: ".agents/skills", root: "home" },
+    { kind: "skill-bundle", skillsRoot: ".claude/skills", root: "home" },
+    { kind: "skill-bundle", skillsRoot: ".codex/skills", root: "home" },
+    // Exclusion
     { glob: ".cursorignore", category: "ignore", root: "workspace" }
+    // Note: Cursor's global "Rules for AI" from Settings UI is stored in
+    // Cursor's internal settings DB. The tracer_ext reads it via VS Code API
+    // (vscode.workspace.getConfiguration) and includes it as a synthetic entry.
   ],
   copilot: [
+    // Instructions — workspace
     {
       glob: ".github/copilot-instructions.md",
       category: "rule",
       root: "workspace"
     },
     {
-      glob: ".github/instructions/*.instructions.md",
+      glob: ".github/instructions/**/*.instructions.md",
       category: "rule",
       root: "workspace"
     },
+    // AGENTS.md / CLAUDE.md family (Copilot reads these via chat.useAgentsMdFile,
+    // chat.useClaudeMdFile for cross-compat with Claude Code / other agents).
+    { glob: "AGENTS.md", category: "rule", root: "workspace" },
+    { glob: "CLAUDE.md", category: "rule", root: "workspace" },
+    { glob: "CLAUDE.local.md", category: "rule", root: "workspace" },
+    { glob: ".claude/CLAUDE.md", category: "rule", root: "workspace" },
+    { glob: ".claude/rules/**/*.md", category: "rule", root: "workspace" },
+    // Prompts — workspace
     {
       glob: ".github/prompts/*.prompt.md",
       category: SKILL_CATEGORY,
       root: "workspace"
     },
+    // Custom agents — `.agent.md` is the current format; `.chatmode.md` is the
+    // legacy naming docs recommend renaming. We scan both for transition.
+    {
+      glob: ".github/agents/*.agent.md",
+      category: "agent-config",
+      root: "workspace"
+    },
     {
       glob: ".github/chatmodes/*.chatmode.md",
+      category: "agent-config",
+      root: "workspace"
+    },
+    {
+      glob: ".claude/agents/*.md",
       category: SKILL_CATEGORY,
       root: "workspace"
     },
+    // Agent skills — Copilot discovers skills in all three roots (VS Code docs:
+    // Agent Skills). Each skill is a directory with SKILL.md plus sibling files.
+    { kind: "skill-bundle", skillsRoot: ".github/skills", root: "workspace" },
+    { kind: "skill-bundle", skillsRoot: ".claude/skills", root: "workspace" },
+    { kind: "skill-bundle", skillsRoot: ".agents/skills", root: "workspace" },
+    // MCP — VS Code Copilot reads MCP servers from .vscode/mcp.json
+    { glob: ".vscode/mcp.json", category: "mcp-config", root: "workspace" },
+    // Global — home (JetBrains stores global instructions here)
     {
       glob: ".config/github-copilot/global-copilot-instructions.md",
       category: "rule",
       root: "home"
-    }
+    },
+    // User-level Copilot customizations (~/.copilot/)
+    {
+      glob: ".copilot/instructions/**/*.instructions.md",
+      category: "rule",
+      root: "home"
+    },
+    { glob: ".copilot/prompts/*.prompt.md", category: "skill", root: "home" },
+    {
+      glob: ".copilot/agents/*.agent.md",
+      category: "agent-config",
+      root: "home"
+    },
+    { kind: "skill-bundle", skillsRoot: ".copilot/skills", root: "home" },
+    // Cross-compat home paths (Copilot reads Claude / generic agent dirs too)
+    { glob: ".claude/CLAUDE.md", category: "rule", root: "home" },
+    { glob: ".claude/rules/**/*.md", category: "rule", root: "home" },
+    { glob: ".claude/agents/*.md", category: SKILL_CATEGORY, root: "home" },
+    { kind: "skill-bundle", skillsRoot: ".claude/skills", root: "home" },
+    { kind: "skill-bundle", skillsRoot: ".agents/skills", root: "home" }
   ]
 };
-function groupSkills(files, root, baseDir) {
-  const skillFiles = files.filter((f) => f.category === SKILL_CATEGORY);
-  const folderMap = /* @__PURE__ */ new Map();
-  const standalone = [];
-  for (const f of skillFiles) {
-    const rel = path15.relative(baseDir, f.path).replace(/\\/g, "/");
-    const skillsMarker = "skills/";
-    const skillsIdx = rel.indexOf(skillsMarker);
-    if (skillsIdx === -1) {
-      standalone.push(f);
-      continue;
-    }
-    const relFromSkills = rel.slice(skillsIdx + skillsMarker.length);
-    const slashIdx = relFromSkills.indexOf("/");
-    if (slashIdx === -1) {
-      standalone.push(f);
-    } else {
-      const folderName = relFromSkills.slice(0, slashIdx);
-      if (!folderMap.has(folderName)) {
-        folderMap.set(folderName, []);
-      }
-      folderMap.get(folderName).push(f);
+// src/features/analysis/context_file_scanner.ts
+var MAX_CONTEXT_FILE_SIZE = 20 * 1024 * 1024;
+var SESSION_TTL_MS = 24 * 60 * 60 * 1e3;
+var sessionMtimes = /* @__PURE__ */ new Map();
+function markContextFilesUploaded(sessionId, files, skills) {
+  let entry = sessionMtimes.get(sessionId);
+  if (!entry) {
+    entry = { files: /* @__PURE__ */ new Map(), skills: /* @__PURE__ */ new Map(), lastUpdatedAt: Date.now() };
+    sessionMtimes.set(sessionId, entry);
+  }
+  for (const f of files) {
+    entry.files.set(f.path, f.mtimeMs);
+  }
+  if (skills) {
+    for (const sg of skills) {
+      entry.skills.set(sg.sessionKey, sg.maxMtimeMs);
     }
   }
-  const groups = [];
-  for (const f of standalone) {
-    const name = path15.basename(f.path, path15.extname(f.path));
-    const sessionKey = `skill:${root}:${name}`;
-    groups.push({
-      name,
-      root,
-      skillPath: f.path,
-      files: [f],
-      isFolder: false,
-      maxMtimeMs: f.mtimeMs,
-      sessionKey
-    });
+  entry.lastUpdatedAt = Date.now();
+}
+var COPILOT_CUSTOM_LOCATION_SETTINGS = [
+  {
+    key: "chat.agentSkillsLocations",
+    kind: "skill-bundle"
+  },
+  {
+    key: "chat.instructionsFilesLocations",
+    kind: "glob",
+    category: "rule",
+    glob: "**/*.instructions.md"
+  },
+  {
+    key: "chat.promptFilesLocations",
+    kind: "glob",
+    category: "skill",
+    glob: "**/*.prompt.md"
+  },
+  {
+    key: "chat.agentFilesLocations",
+    kind: "glob",
+    category: "agent-config",
+    glob: "**/*.agent.md"
   }
-  for (const [folderName, folderFiles] of folderMap) {
-    const maxMtimeMs = Math.max(...folderFiles.map((f) => f.mtimeMs));
-    const anyFile = folderFiles[0];
-    const rel = path15.relative(baseDir, anyFile.path).replace(/\\/g, "/");
-    const skillsIdx = rel.indexOf("skills/");
-    const skillRelPath = rel.slice(
+];
+var CLAUDE_CODE_CUSTOM_LOCATION_SETTINGS = [
+  {
+    key: "autoMemoryDirectory",
+    category: "memory",
+    glob: "*/memory/*.md"
+  }
+];
+function parseJsonc(text) {
+  const errors = [];
+  const parsed = parseJsoncLib(text, errors, {
+    allowTrailingComma: true,
+    disallowComments: false
+  });
+  return parsed ?? null;
+}
+function extractCustomLocations(value) {
+  if (Array.isArray(value)) {
+    return value.filter(
+      (v) => typeof v === "string" && v.length > 0
+    );
+  }
+  if (value && typeof value === "object") {
+    return Object.entries(value).filter(([, v]) => v === true).map(([k]) => k).filter((k) => k.length > 0);
+  }
+  return [];
+}
+var SENSITIVE_HOME_SUBDIRS = [
+  ".ssh",
+  ".aws",
+  ".gnupg",
+  ".config",
+  ".kube",
+  ".docker",
+  ".gcloud",
+  ".npmrc",
+  ".netrc",
+  ".git-credentials",
+  ".m2",
+  ".pypirc",
+  ".pgpass",
+  ".boto",
+  ".password-store"
+];
+function resolveCustomLocationPath(raw, workspaceRoot, home) {
+  let s = raw.replace(/\$\{workspaceFolder\}/g, workspaceRoot);
+  if (/\$\{[^}]+\}/.test(s)) {
+    return null;
+  }
+  if (/^~[^/]/.test(s)) {
+    return null;
+  }
+  if (s.startsWith("~/") || s === "~") {
+    s = path14.join(home, s.slice(1));
+  }
+  if (!path14.isAbsolute(s)) {
+    s = path14.resolve(workspaceRoot, s);
+  }
+  const resolved = path14.normalize(s);
+  if (resolved === "/" || resolved === home) {
+    return null;
+  }
+  for (const sub of SENSITIVE_HOME_SUBDIRS) {
+    const sensitive = path14.join(home, sub);
+    if (resolved === sensitive || resolved.startsWith(`${sensitive}${path14.sep}`)) {
+      return null;
+    }
+  }
+  const relWorkspace = path14.relative(workspaceRoot, resolved);
+  const relHome = path14.relative(home, resolved);
+  const escapesWorkspace = relWorkspace.startsWith("..") || path14.isAbsolute(relWorkspace);
+  const escapesHome = relHome.startsWith("..") || path14.isAbsolute(relHome);
+  if (escapesWorkspace && escapesHome) {
+    return null;
+  }
+  return resolved;
+}
+var MAX_SETTINGS_CACHE_SIZE = 50;
+var settingsCache = /* @__PURE__ */ new Map();
+async function readJsoncSettings(settingsPath) {
+  try {
+    const lst = await lstat(settingsPath);
+    if (lst.isSymbolicLink()) {
+      return null;
+    }
+  } catch {
+    putSettingsCache(settingsPath, { mtimeMs: null, parsed: null });
+    return null;
+  }
+  let mtimeMs = null;
+  try {
+    const st = await stat(settingsPath);
+    if (!st.isFile()) {
+      putSettingsCache(settingsPath, { mtimeMs: null, parsed: null });
+      return null;
+    }
+    mtimeMs = st.mtimeMs;
+  } catch (err) {
+    if (err.code === "ENOENT") {
+      putSettingsCache(settingsPath, { mtimeMs: null, parsed: null });
+    }
+    return null;
+  }
+  const cached = settingsCache.get(settingsPath);
+  if (cached && cached.mtimeMs === mtimeMs) {
+    return cached.parsed;
+  }
+  let text;
+  try {
+    text = await readFile(settingsPath, "utf-8");
+  } catch {
+    return null;
+  }
+  const parsed = parseJsonc(text);
+  if (!parsed || typeof parsed !== "object" || Array.isArray(parsed)) {
+    putSettingsCache(settingsPath, { mtimeMs, parsed: null });
+    return null;
+  }
+  const payload = parsed;
+  putSettingsCache(settingsPath, { mtimeMs, parsed: payload });
+  return payload;
+}
+function putSettingsCache(path35, entry) {
+  if (!settingsCache.has(path35) && settingsCache.size >= MAX_SETTINGS_CACHE_SIZE) {
+    settingsCache.delete(settingsCache.keys().next().value);
+  }
+  settingsCache.set(path35, entry);
+}
+async function readCopilotCustomLocations(workspaceRoot) {
+  const parsed = await readJsoncSettings(
+    path14.join(workspaceRoot, ".vscode", "settings.json")
+  );
+  if (!parsed) {
+    return [];
+  }
+  const home = homedir();
+  const dynamic = [];
+  const seen = /* @__PURE__ */ new Set();
+  for (const setting of COPILOT_CUSTOM_LOCATION_SETTINGS) {
+    for (const loc of extractCustomLocations(parsed[setting.key])) {
+      const abs = resolveCustomLocationPath(loc, workspaceRoot, home);
+      if (!abs) {
+        continue;
+      }
+      if (setting.kind === "skill-bundle") {
+        const dedupKey = `skill-bundle:${abs}`;
+        if (seen.has(dedupKey)) {
+          continue;
+        }
+        seen.add(dedupKey);
+        dynamic.push({
+          kind: "skill-bundle",
+          skillsRoot: ".",
+          root: "absolute",
+          absoluteBase: abs
+        });
+      } else {
+        const dedupKey = `${setting.category}:${abs}`;
+        if (seen.has(dedupKey)) {
+          continue;
+        }
+        seen.add(dedupKey);
+        dynamic.push({
+          kind: "glob",
+          glob: setting.glob,
+          category: setting.category,
+          root: "absolute",
+          absoluteBase: abs
+        });
+      }
+    }
+  }
+  return dynamic;
+}
+async function readClaudeCodeCustomLocations() {
+  const home = homedir();
+  const parsed = await readJsoncSettings(
+    path14.join(home, ".claude", "settings.json")
+  );
+  if (!parsed) {
+    return [];
+  }
+  const dynamic = [];
+  for (const { key, category, glob } of CLAUDE_CODE_CUSTOM_LOCATION_SETTINGS) {
+    const raw = parsed[key];
+    if (typeof raw !== "string" || raw.length === 0) {
+      continue;
+    }
+    if (/\$\{workspaceFolder\}/.test(raw)) {
+      continue;
+    }
+    const abs = resolveCustomLocationPath(raw, home, home);
+    if (!abs) {
+      continue;
+    }
+    dynamic.push({
+      kind: "glob",
+      glob,
+      category,
+      root: "absolute",
+      absoluteBase: abs
+    });
+  }
+  return dynamic;
+}
+async function readCustomLocations(workspaceRoot, platform2) {
+  if (platform2 === "copilot") {
+    return readCopilotCustomLocations(workspaceRoot);
+  }
+  if (platform2 === "claude-code") {
+    return readClaudeCodeCustomLocations();
+  }
+  return [];
+}
+function groupSkills(files, root, baseDir) {
+  const skillFiles = files.filter((f) => f.category === SKILL_CATEGORY);
+  const folderMap = /* @__PURE__ */ new Map();
+  const standalone = [];
+  for (const f of skillFiles) {
+    const rel = path14.relative(baseDir, f.path).replace(/\\/g, "/");
+    const skillsMarker = "skills/";
+    const skillsIdx = rel.indexOf(skillsMarker);
+    if (skillsIdx === -1) {
+      standalone.push(f);
+      continue;
+    }
+    const relFromSkills = rel.slice(skillsIdx + skillsMarker.length);
+    const slashIdx = relFromSkills.indexOf("/");
+    if (slashIdx === -1) {
+      standalone.push(f);
+    } else {
+      const folderName = relFromSkills.slice(0, slashIdx);
+      if (!folderMap.has(folderName)) {
+        folderMap.set(folderName, []);
+      }
+      folderMap.get(folderName).push(f);
+    }
+  }
+  const groups = [];
+  for (const f of standalone) {
+    const name = path14.basename(f.path, path14.extname(f.path));
+    const sessionKey = `skill:${root}:${name}`;
+    groups.push({
+      name,
+      root,
+      skillPath: f.path,
+      files: [f],
+      isFolder: false,
+      maxMtimeMs: f.mtimeMs,
+      sessionKey
+    });
+  }
+  for (const [folderName, folderFiles] of folderMap) {
+    const maxMtimeMs = Math.max(...folderFiles.map((f) => f.mtimeMs));
+    const anyFile = folderFiles[0];
+    const rel = path14.relative(baseDir, anyFile.path).replace(/\\/g, "/");
+    const skillsIdx = rel.indexOf("skills/");
+    const skillRelPath = rel.slice(
       0,
       skillsIdx + "skills/".length + folderName.length
     );
-    const skillPath = path15.join(baseDir, skillRelPath);
+    const skillPath = path14.join(baseDir, skillRelPath);
     const sessionKey = `skill:${root}:${folderName}`;
     groups.push({
       name: folderName,
@@ -17359,8 +17700,10 @@ function groupSkills(files, root, baseDir) {
   return groups;
 }
 async function scanContextFiles(workspaceRoot, platform2, sessionId) {
-  const entries = SCAN_PATHS[platform2];
-  if (!entries || entries.length === 0) {
+  const staticEntries = SCAN_PATHS[platform2] ?? [];
+  const dynamicEntries = await readCustomLocations(workspaceRoot, platform2);
+  const entries = [...staticEntries, ...dynamicEntries];
+  if (entries.length === 0) {
     return { regularFiles: [], skillGroups: [] };
   }
   const now = Date.now();
@@ -17372,17 +17715,14 @@ async function scanContextFiles(workspaceRoot, platform2, sessionId) {
   const home = homedir();
   const sessionEntry = sessionId ? sessionMtimes.get(sessionId) : void 0;
   const allFiles = [];
-  const skillFilesByRoot = /* @__PURE__ */ new Map();
+  const skillBatches = /* @__PURE__ */ new Map();
   const seenPaths = /* @__PURE__ */ new Set();
   for (const entry of entries) {
-    const baseDir = entry.root === "home" ? home : workspaceRoot;
-    const matchedFiles = await globby2(entry.glob, {
-      cwd: baseDir,
-      absolute: true,
-      onlyFiles: true,
-      dot: true
-    });
-    for (const filePath of matchedFiles) {
+    const baseDir = resolveBaseDir(entry, workspaceRoot, home);
+    const scope = scopeForRoot(entry.root);
+    const isDynamic = entry.root === "absolute";
+    const matches = entry.kind === "skill-bundle" ? await enumerateSkillBundle(baseDir, entry.skillsRoot) : await enumerateGlob(entry.glob, baseDir, entry.category, isDynamic);
+    for (const { path: filePath, category } of matches) {
       if (seenPaths.has(filePath)) {
         continue;
       }
@@ -17400,16 +17740,21 @@ async function scanContextFiles(workspaceRoot, platform2, sessionId) {
           path: filePath,
           content,
           sizeBytes,
-          category: entry.category,
+          category,
           mtimeMs: fileStat.mtimeMs
         };
-        if (entry.category === SKILL_CATEGORY) {
-          let rootFiles = skillFilesByRoot.get(entry.root);
-          if (!rootFiles) {
-            rootFiles = [];
-            skillFilesByRoot.set(entry.root, rootFiles);
+        if (scope) {
+          fileEntry.scope = scope;
+        }
+        if (category === SKILL_CATEGORY) {
+          const effectiveRoot = entry.root === "home" ? "home" : "workspace";
+          const batchKey = `${effectiveRoot}:${baseDir}`;
+          let batch = skillBatches.get(batchKey);
+          if (!batch) {
+            batch = { root: effectiveRoot, baseDir, files: [] };
+            skillBatches.set(batchKey, batch);
           }
-          rootFiles.push(fileEntry);
+          batch.files.push(fileEntry);
         } else {
           const prevMtime = sessionEntry?.files.get(filePath);
           if (prevMtime !== void 0 && fileStat.mtimeMs <= prevMtime) {
@@ -17417,13 +17762,12 @@ async function scanContextFiles(workspaceRoot, platform2, sessionId) {
           }
           allFiles.push(fileEntry);
         }
-      } catch (_err) {
+      } catch {
       }
     }
   }
   const allSkillGroups = [];
-  for (const [root, files] of skillFilesByRoot) {
-    const baseDir = root === "home" ? home : workspaceRoot;
+  for (const { root, baseDir, files } of skillBatches.values()) {
     const groups = groupSkills(files, root, baseDir);
     for (const group of groups) {
       if (sessionEntry) {
@@ -17437,13 +17781,715 @@ async function scanContextFiles(workspaceRoot, platform2, sessionId) {
   }
   return { regularFiles: allFiles, skillGroups: allSkillGroups };
 }
+async function enumerateGlob(pattern, cwd, category, isDynamic) {
+  let files;
+  try {
+    files = await globby2(pattern, {
+      cwd,
+      absolute: true,
+      onlyFiles: true,
+      dot: true,
+      // Never follow symlinks — a malicious committed repo can place a
+      // symlink at a scanned path (e.g. .github/copilot-instructions.md →
+      // ~/.aws/credentials) and the scanner would read and upload the target.
+      followSymbolicLinks: false,
+      // Dynamic absolute bases additionally cap traversal depth so a
+      // misconfigured setting can't enumerate the whole filesystem.
+      ...isDynamic ? { deep: DYNAMIC_SCAN_MAX_DEPTH } : {}
+    });
+  } catch {
+    return [];
+  }
+  return files.map((path35) => ({ path: path35, category }));
+}
+async function enumerateSkillBundle(baseDir, skillsRoot) {
+  const skillsDir = path14.resolve(baseDir, skillsRoot);
+  let manifests;
+  try {
+    manifests = await globby2("*/SKILL.md", {
+      cwd: skillsDir,
+      absolute: true,
+      onlyFiles: true,
+      dot: true,
+      followSymbolicLinks: false,
+      deep: SKILL_MANIFEST_SCAN_DEPTH
+    });
+  } catch {
+    return [];
+  }
+  const perSkillResults = await Promise.all(
+    manifests.map(async (manifest) => {
+      const skillDir = path14.dirname(manifest);
+      try {
+        return await globby2("**/*", {
+          cwd: skillDir,
+          absolute: true,
+          onlyFiles: true,
+          dot: true,
+          followSymbolicLinks: false,
+          deep: SKILL_BUNDLE_MAX_DEPTH
+        });
+      } catch {
+        return [];
+      }
+    })
+  );
+  const standaloneFiles = await enumerateStandaloneSkills(skillsDir);
+  const symlinkResults = await enumerateSymlinkedSkills(skillsDir);
+  return [
+    ...perSkillResults.flat().map((p) => ({ path: p, category: "skill" })),
+    ...standaloneFiles.map((p) => ({ path: p, category: "skill" })),
+    ...symlinkResults
+  ];
+}
+async function enumerateStandaloneSkills(skillsDir) {
+  try {
+    return await globby2("*.md", {
+      cwd: skillsDir,
+      absolute: true,
+      onlyFiles: true,
+      dot: false,
+      followSymbolicLinks: false
+    });
+  } catch {
+    return [];
+  }
+}
+async function enumerateSymlinkedSkills(skillsDir) {
+  let dirEntries;
+  try {
+    dirEntries = await readdir(skillsDir, {
+      withFileTypes: true,
+      encoding: "utf8"
+    });
+  } catch {
+    return [];
+  }
+  const results = [];
+  for (const entry of dirEntries) {
+    if (!entry.isSymbolicLink()) continue;
+    const entryPath = path14.join(skillsDir, entry.name);
+    try {
+      const st = await stat(entryPath);
+      if (st.isDirectory()) {
+        const hasManifest = await stat(path14.join(entryPath, "SKILL.md")).then(() => true).catch(() => false);
+        if (!hasManifest) continue;
+        const realDir = await realpath(entryPath);
+        const realFiles = await globby2("**/*", {
+          cwd: realDir,
+          absolute: true,
+          onlyFiles: true,
+          dot: true,
+          followSymbolicLinks: false,
+          deep: SKILL_BUNDLE_MAX_DEPTH
+        }).catch(() => []);
+        for (const f of realFiles) {
+          results.push({
+            path: path14.join(entryPath, path14.relative(realDir, f)),
+            category: "skill"
+          });
+        }
+      } else if (st.isFile() && entry.name.endsWith(".md")) {
+        results.push({ path: entryPath, category: "skill" });
+      }
+    } catch {
+    }
+  }
+  return results;
+}
+var DYNAMIC_SCAN_MAX_DEPTH = 6;
+var SKILL_MANIFEST_SCAN_DEPTH = 2;
+var SKILL_BUNDLE_MAX_DEPTH = 5;
+function resolveBaseDir(entry, workspaceRoot, home) {
+  switch (entry.root) {
+    case "home":
+      return home;
+    case "absolute":
+      return entry.absoluteBase;
+    default:
+      return workspaceRoot;
+  }
+}
+function scopeForRoot(root) {
+  if (root === "home" || root === "absolute") {
+    return "user-global";
+  }
+  return void 0;
+}
 function deriveIdentifier(filePath, baseDir) {
-  const relative2 = path15.relative(baseDir, filePath);
+  const relative2 = path14.relative(baseDir, filePath);
   if (!relative2.startsWith("..")) {
     return relative2.replace(/\\/g, "/");
   }
-  return path15.basename(filePath);
+  return path14.basename(filePath);
+}
+// src/features/analysis/skill_quarantine/enumerateInstalledSkills.ts
+async function enumerateInstalledSkills(workspaceRoot) {
+  const { skillGroups, regularFiles } = await scanContextFiles(
+    workspaceRoot,
+    "claude-code",
+    void 0
+  );
+  const home = homedir2();
+  const agentGroups = regularFiles.filter((f) => f.category === "agent-config").map((f) => ({
+    name: path15.basename(f.path, path15.extname(f.path)),
+    root: f.path.startsWith(home + path15.sep) ? "home" : "workspace",
+    skillPath: f.path,
+    files: [f],
+    isFolder: false,
+    maxMtimeMs: f.mtimeMs,
+    sessionKey: `agent-config:${f.path}`
+  }));
+  const allGroups = [...skillGroups, ...agentGroups];
+  if (allGroups.length === 0) {
+    return [];
+  }
+  const { skills } = await processContextFiles([], allGroups);
+  return skills.map((s) => {
+    const parts = s.group.skillPath.split(/[\\/]/);
+    const origName = parts[parts.length - 1] || s.group.name;
+    return {
+      skillPath: s.group.skillPath,
+      md5: s.md5,
+      origName,
+      isFolder: s.group.isFolder
+    };
+  });
+}
+// src/features/analysis/skill_quarantine/metrics.ts
+var Metric = {
+  /** A heartbeat triggered the quarantine check (after debounce). */
+  CHECK_TRIGGERED: "skill_quarantine.check_triggered",
+  /** The env-var kill switch skipped the run. */
+  CHECK_DISABLED_ENV: "skill_quarantine.check_disabled_env",
+  /** Verdict-query call failed. Fail-open. */
+  QUERY_ERROR: "skill_quarantine.query_error",
+  /** Count of skills enumerated in this run (histogram-ish). */
+  SKILLS_CHECKED: "skill_quarantine.skills_checked",
+  /** A skill was freshly quarantined. Tagged with shape. */
+  QUARANTINED: "skill_quarantine.quarantined",
+  /** Presence check hit; skill already quarantined. */
+  ALREADY_QUARANTINED: "skill_quarantine.already_quarantined",
+  /** Move step failed. Tagged with phase (stage | publish). */
+  MOVE_ERROR: "skill_quarantine.move_error",
+  /** Stub creation failed after the move succeeded. */
+  STUB_ERROR: "skill_quarantine.stub_error",
+  /** A stale staging dir was swept. */
+  ORPHAN_SWEPT: "skill_quarantine.orphan_swept",
+  /** Total run duration including I/O. */
+  DURATION_MS: "skill_quarantine.duration_ms"
+};
+// src/features/analysis/skill_quarantine/quarantineSkill.ts
+import { randomUUID } from "crypto";
+import { existsSync as existsSync2 } from "fs";
+import {
+  lstat as lstat2,
+  mkdir,
+  readdir as readdir2,
+  readFile as readFile2,
+  rename,
+  rm,
+  stat as stat2,
+  unlink,
+  writeFile
+} from "fs/promises";
+import path17 from "path";
+import { move } from "fs-extra";
+// src/features/analysis/skill_quarantine/paths.ts
+import { homedir as homedir3 } from "os";
+import path16 from "path";
+function getQuarantineRoot() {
+  return path16.join(homedir3(), ".tracy", "quarantine", "claude", "skills");
+}
+function getQuarantinedHashDir(md5) {
+  return path16.join(getQuarantineRoot(), md5);
+}
+function getQuarantinedTargetPath(md5, origName) {
+  return path16.join(getQuarantinedHashDir(md5), origName);
+}
+function getStagingDir(md5, pid, uuid) {
+  return path16.join(getQuarantineRoot(), `${md5}_tmp_${pid}_${uuid}`);
+}
+var STAGING_DIR_REGEX = /^([0-9a-f]{32})_tmp_/;
+// src/features/analysis/skill_quarantine/stubTemplate.ts
+var LEGACY_SUMMARY_FALLBACK = "not available (scan predates current schema)";
+function renderStub(params) {
+  const folderOrFile = params.isFolder ? "skill folder" : "skill file";
+  const reason = params.summary ?? LEGACY_SUMMARY_FALLBACK;
+  return `# \u26D4 QUARANTINED BY TRACY
+This skill was flagged **MALICIOUS** by the Mobb security scanner and has been
+moved out of your skills folder. **Claude Code will not execute it** while this
+stub is in place.
+## Why this skill was flagged
+- **Reason:** ${reason}
+- **Scanner:** ${params.scannerName} @ ${params.scannerVersion}
+- **Scanned at:** ${params.scannedAt}
+- **Content hash (MD5):** \`${params.md5}\`
+## Where the original is now
+The original ${folderOrFile} has been moved to:
+    ${params.quarantinedPath}
+Nothing has been deleted. The contents are intact; only the location changed.
+## If this is a false positive \u2014 how to recover
+If you're confident this skill is safe and want to restore it:
+    mv ${params.quarantinedPath} ${params.origPath}
+Tracy will not re-quarantine it as long as the directory
+\`~/.tracy/quarantine/claude/skills/${params.md5}/\` still exists on your
+machine (even if it's empty after you moved the contents out). If you delete
+that directory entirely, the next heartbeat will re-evaluate the skill from
+scratch.
+## How to report a false positive
+Please email **security@mobb.ai** with:
+- The MD5 above
+- A short description of why you believe the flag was wrong
+- (Optional) the skill folder contents
+Your report helps tune the scanner for everyone.
+`;
+}
+// src/features/analysis/skill_quarantine/quarantineSkill.ts
+async function quarantineSkill(params) {
+  const { skillPath, isFolder, md5, origName, verdict, log: log2 } = params;
+  const hashDir = getQuarantinedHashDir(md5);
+  if (existsSync2(hashDir)) {
+    log2.debug(
+      { md5, metric: Metric.ALREADY_QUARANTINED },
+      "skill_quarantine: already quarantined, skipping"
+    );
+    return { status: "already_quarantined" };
+  }
+  let isSymlink = false;
+  try {
+    const lst = await lstat2(skillPath);
+    isSymlink = lst.isSymbolicLink();
+  } catch {
+  }
+  if (isSymlink) {
+    const stubContent2 = renderStub({
+      md5,
+      isFolder,
+      // Symlinks have no quarantine archive; note that in the stub.
+      quarantinedPath: `(symlink at ${skillPath} replaced \u2014 original content was not moved)`,
+      origPath: skillPath,
+      summary: verdict.summary,
+      scannerName: verdict.scannerName,
+      scannerVersion: verdict.scannerVersion,
+      scannedAt: verdict.scannedAt
+    });
+    try {
+      await mkdir(hashDir, { recursive: true });
+      if (isFolder) {
+        const tmpDir = `${skillPath}.__tracy_tmp__`;
+        await mkdir(tmpDir, { recursive: true });
+        await writeFile(path17.join(tmpDir, "SKILL.md"), stubContent2, "utf8");
+        await unlink(skillPath);
+        await rename(tmpDir, skillPath);
+      } else {
+        const tmpFile = `${skillPath}.__tracy_tmp__`;
+        await writeFile(tmpFile, stubContent2, "utf8");
+        await unlink(skillPath);
+        await rename(tmpFile, skillPath);
+      }
+    } catch (err) {
+      log2.error(
+        { err, md5, skillPath, metric: Metric.STUB_ERROR },
+        "skill_quarantine: symlink stub write failed"
+      );
+      return { status: "stub_error", err };
+    }
+    await preRegisterStubMd5(skillPath, isFolder, log2);
+    log2.info(
+      {
+        md5,
+        verdict: verdict.verdict,
+        shape: isFolder ? "folder" : "standalone",
+        scanner: verdict.scannerName,
+        scannerVersion: verdict.scannerVersion,
+        metric: Metric.QUARANTINED
+      },
+      "skill_quarantine: quarantined (symlink)"
+    );
+    return { status: "quarantined" };
+  }
+  const stagingDir = getStagingDir(md5, process.pid, randomUUID());
+  const stagingTarget = path17.join(stagingDir, origName);
+  const finalTarget = getQuarantinedTargetPath(md5, origName);
+  try {
+    await mkdir(stagingDir, { recursive: true });
+  } catch (err) {
+    log2.error(
+      { err, md5, metric: Metric.MOVE_ERROR, phase: "stage" },
+      "skill_quarantine: failed to create staging dir"
+    );
+    return { status: "move_error", phase: "stage", err };
+  }
+  try {
+    await move(skillPath, stagingTarget);
+  } catch (err) {
+    await tryRm(stagingDir);
+    log2.error(
+      { err, md5, metric: Metric.MOVE_ERROR, phase: "stage" },
+      "skill_quarantine: phase-1 move failed"
+    );
+    return { status: "move_error", phase: "stage", err };
+  }
+  try {
+    await rename(stagingDir, hashDir);
+  } catch (err) {
+    log2.error(
+      {
+        err,
+        md5,
+        stagingDir,
+        metric: Metric.MOVE_ERROR,
+        phase: "publish"
+      },
+      "skill_quarantine: phase-2 publish failed; staging dir preserved for manual recovery"
+    );
+    return { status: "move_error", phase: "publish", err };
+  }
+  const quarantinedPath = finalTarget;
+  const stubContent = renderStub({
+    md5,
+    isFolder,
+    quarantinedPath,
+    origPath: skillPath,
+    summary: verdict.summary,
+    scannerName: verdict.scannerName,
+    scannerVersion: verdict.scannerVersion,
+    scannedAt: verdict.scannedAt
+  });
+  try {
+    if (isFolder) {
+      await mkdir(skillPath, { recursive: true });
+      await writeFile(path17.join(skillPath, "SKILL.md"), stubContent, "utf8");
+    } else {
+      await writeFile(skillPath, stubContent, "utf8");
+    }
+  } catch (err) {
+    log2.error(
+      { err, md5, skillPath, metric: Metric.STUB_ERROR },
+      "skill_quarantine: stub write failed; quarantine is still in place"
+    );
+    return { status: "stub_error", err };
+  }
+  await preRegisterStubMd5(skillPath, isFolder, log2);
+  log2.info(
+    {
+      md5,
+      verdict: verdict.verdict,
+      shape: isFolder ? "folder" : "standalone",
+      scanner: verdict.scannerName,
+      scannerVersion: verdict.scannerVersion,
+      metric: Metric.QUARANTINED
+    },
+    "skill_quarantine: quarantined"
+  );
+  return { status: "quarantined" };
+}
+async function preRegisterStubMd5(skillPath, isFolder, log2) {
+  try {
+    const stubEntries = await gatherStubEntries(skillPath, isFolder);
+    const stubGroup = {
+      name: path17.basename(skillPath).replace(/\.md$/i, ""),
+      root: "workspace",
+      skillPath,
+      files: stubEntries,
+      isFolder,
+      maxMtimeMs: Date.now(),
+      sessionKey: `quarantine-stub:${skillPath}`
+    };
+    const { skills } = await processContextFiles([], [stubGroup]);
+    if (skills.length === 0) return;
+    const stubMd5 = skills[0].md5;
+    await mkdir(getQuarantinedHashDir(stubMd5), { recursive: true });
+  } catch (err) {
+    log2.warn(
+      { err, skillPath },
+      "skill_quarantine: failed to pre-register stub md5"
+    );
+  }
+}
+async function gatherStubEntries(skillPath, isFolder) {
+  const now = Date.now();
+  const target = isFolder ? path17.join(skillPath, "SKILL.md") : skillPath;
+  const [st, content] = await Promise.all([
+    stat2(target),
+    readFile2(target, "utf8")
+  ]);
+  return [
+    {
+      name: isFolder ? "SKILL.md" : path17.basename(skillPath),
+      path: target,
+      content,
+      sizeBytes: st.size,
+      category: "skill",
+      mtimeMs: now
+    }
+  ];
+}
+async function sweepOrphanStagingDirs(log2) {
+  const root = getQuarantineRoot();
+  let entries;
+  try {
+    entries = await readdir2(root);
+  } catch (err) {
+    if (err.code === "ENOENT") return 0;
+    log2.warn({ err, root }, "skill_quarantine: orphan sweep readdir failed");
+    return 0;
+  }
+  const now = Date.now();
+  let swept = 0;
+  for (const entry of entries) {
+    if (!STAGING_DIR_REGEX.test(entry)) continue;
+    const full = path17.join(root, entry);
+    let mtimeMs;
+    try {
+      mtimeMs = (await stat2(full)).mtimeMs;
+    } catch {
+      continue;
+    }
+    if (now - mtimeMs < ORPHAN_SWEEP_GRACE_MS) continue;
+    try {
+      await rm(full, { recursive: true, force: true });
+      swept += 1;
+      log2.info(
+        { path: full, metric: Metric.ORPHAN_SWEPT },
+        "skill_quarantine: orphan swept"
+      );
+    } catch (err) {
+      log2.warn({ err, path: full }, "skill_quarantine: orphan sweep rm failed");
+    }
+  }
+  return swept;
+}
+async function tryRm(p) {
+  try {
+    await rm(p, { recursive: true, force: true });
+  } catch {
+  }
+}
+// src/features/analysis/skill_quarantine/queryVerdicts.ts
+async function queryVerdicts(gqlClient, md5s, log2) {
+  if (md5s.length === 0) {
+    return /* @__PURE__ */ new Map();
+  }
+  try {
+    const res = await gqlClient.skillVerdictsByMd5(md5s);
+    const out = /* @__PURE__ */ new Map();
+    for (const row of res.skillVerdictsByMd5) {
+      out.set(row.md5, {
+        md5: row.md5,
+        verdict: row.verdict,
+        summary: row.summary ?? null,
+        scannerName: row.scannerName,
+        scannerVersion: row.scannerVersion,
+        scannedAt: row.scannedAt
+      });
+    }
+    return out;
+  } catch (err) {
+    log2.warn(
+      { err, md5_count: md5s.length, metric: "skill_quarantine.query_error" },
+      "skill_quarantine: verdict query failed, failing open"
+    );
+    return /* @__PURE__ */ new Map();
+  }
+}
+// src/features/analysis/skill_quarantine/runQuarantineCheck.ts
+var lastRunAt = /* @__PURE__ */ new Map();
+var killSwitchLogged = false;
+async function runQuarantineCheckIfNeeded(opts) {
+  const { sessionId, cwd, gqlClient, log: log2 } = opts;
+  if (process.env[KILL_SWITCH_ENV] === "1") {
+    if (!killSwitchLogged) {
+      log2.warn(
+        { metric: Metric.CHECK_DISABLED_ENV },
+        `skill_quarantine: disabled by ${KILL_SWITCH_ENV}=1`
+      );
+      killSwitchLogged = true;
+    }
+    return;
+  }
+  const now = Date.now();
+  const prev = lastRunAt.get(sessionId);
+  if (prev !== void 0 && now - prev < HEARTBEAT_DEBOUNCE_MS) {
+    return;
+  }
+  lastRunAt.set(sessionId, now);
+  log2.info(
+    { sessionId, metric: Metric.CHECK_TRIGGERED },
+    "skill_quarantine: check start"
+  );
+  const t0 = Date.now();
+  try {
+    await sweepOrphanStagingDirs(log2);
+    const installed = await enumerateInstalledSkills(cwd);
+    log2.info(
+      { sessionId, count: installed.length, metric: Metric.SKILLS_CHECKED },
+      "skill_quarantine: skills enumerated"
+    );
+    if (installed.length === 0) {
+      return;
+    }
+    const verdicts = await queryVerdicts(
+      gqlClient,
+      installed.map((s) => s.md5),
+      log2
+    );
+    for (const skill of installed) {
+      const verdict = verdicts.get(skill.md5);
+      if (!verdict || verdict.verdict !== MALICIOUS_VERDICT) {
+        continue;
+      }
+      try {
+        await quarantineSkill({
+          skillPath: skill.skillPath,
+          isFolder: skill.isFolder,
+          md5: skill.md5,
+          origName: skill.origName,
+          verdict,
+          log: log2
+        });
+      } catch (err) {
+        log2.error(
+          { err, md5: skill.md5, skillPath: skill.skillPath },
+          "skill_quarantine: unexpected error during quarantine"
+        );
+      }
+    }
+  } finally {
+    log2.info(
+      {
+        sessionId,
+        duration_ms: Date.now() - t0,
+        metric: Metric.DURATION_MS
+      },
+      "skill_quarantine: check done"
+    );
+  }
+}
+// src/features/claude_code/daemon_pid_file.ts
+import fs13 from "fs";
+import os4 from "os";
+import path18 from "path";
+// src/features/claude_code/data_collector_constants.ts
+var CC_VERSION_CACHE_KEY = "claudeCode.detectedCCVersion";
+var CC_VERSION_CLI_KEY = "claudeCode.detectedCCVersionCli";
+var GQL_AUTH_TIMEOUT_MS = 15e3;
+var STALE_KEY_MAX_AGE_MS = 14 * 24 * 60 * 60 * 1e3;
+var CLEANUP_INTERVAL_MS = 24 * 60 * 60 * 1e3;
+var DAEMON_TTL_MS = 30 * 60 * 1e3;
+var DAEMON_POLL_INTERVAL_MS = (() => {
+  const raw = Number(process.env["MOBB_DAEMON_POLL_INTERVAL_MS"]);
+  if (!Number.isFinite(raw) || raw <= 0) return 1e4;
+  return Math.min(Math.max(raw, 100), 6e4);
+})();
+var HEARTBEAT_STALE_MS = 3e4;
+var TRANSCRIPT_MAX_AGE_MS = 24 * 60 * 60 * 1e3;
+var DAEMON_CHUNK_SIZE = 50;
+var CONTEXT_SCAN_INTERVAL_MS = 5e3;
+// src/features/claude_code/daemon_pid_file.ts
+function getMobbdevDir() {
+  return path18.join(os4.homedir(), ".mobbdev");
+}
+function getDaemonCheckScriptPath() {
+  return path18.join(getMobbdevDir(), "daemon-check.js");
 }
+var DaemonPidFile = class {
+  constructor() {
+    __publicField(this, "data", null);
+  }
+  get filePath() {
+    return path18.join(getMobbdevDir(), "daemon.pid");
+  }
+  /** Ensure ~/.mobbdev/ directory exists. */
+  ensureDir() {
+    fs13.mkdirSync(getMobbdevDir(), { recursive: true });
+  }
+  /** Read the PID file from disk. Returns the parsed data or null. */
+  read() {
+    try {
+      const raw = fs13.readFileSync(this.filePath, "utf8");
+      const parsed = JSON.parse(raw);
+      if (typeof parsed.pid !== "number" || typeof parsed.startedAt !== "number" || typeof parsed.heartbeat !== "number") {
+        this.data = null;
+      } else {
+        this.data = parsed;
+      }
+    } catch {
+      this.data = null;
+    }
+    return this.data;
+  }
+  /** Write a new PID file for the given process id. */
+  write(pid, version) {
+    this.data = {
+      pid,
+      startedAt: Date.now(),
+      heartbeat: Date.now(),
+      version
+    };
+    fs13.writeFileSync(this.filePath, JSON.stringify(this.data), "utf8");
+  }
+  /** Update the heartbeat timestamp of the current PID file. */
+  updateHeartbeat() {
+    if (!this.data) this.read();
+    if (!this.data) return;
+    this.data.heartbeat = Date.now();
+    fs13.writeFileSync(this.filePath, JSON.stringify(this.data), "utf8");
+  }
+  /** Check whether the previously read PID data represents a live daemon. */
+  isAlive() {
+    if (!this.data) return false;
+    if (Date.now() - this.data.heartbeat > HEARTBEAT_STALE_MS) return false;
+    try {
+      process.kill(this.data.pid, 0);
+      return true;
+    } catch {
+      return false;
+    }
+  }
+  /** Remove the PID file from disk (best-effort). */
+  remove() {
+    this.data = null;
+    try {
+      fs13.unlinkSync(this.filePath);
+    } catch {
+    }
+  }
+};
+// src/features/claude_code/data_collector.ts
+import { execFile } from "child_process";
+import { createHash as createHash3 } from "crypto";
+import { access, open as open4, readdir as readdir3, readFile as readFile3, unlink as unlink2 } from "fs/promises";
+import path19 from "path";
+import { promisify } from "util";
 // src/features/analysis/context_file_uploader.ts
 import pLimit7 from "p-limit";
@@ -17707,8 +18753,8 @@ function createConfigstoreStream(store, opts) {
       heartbeatBuffer.length = 0;
     }
   }
-  function setScopePath(path32) {
-    scopePath = path32;
+  function setScopePath(path35) {
+    scopePath = path35;
   }
   return { writable, flush, setScopePath };
 }
@@ -17932,7 +18978,7 @@ function createLogger(config2) {
 // src/features/claude_code/hook_logger.ts
 var DD_RUM_TOKEN = true ? "pubf59c0182545bfb4c299175119f1abf9b" : "";
-var CLI_VERSION = true ? "1.3.7" : "unknown";
+var CLI_VERSION = true ? "1.4.1" : "unknown";
 var NAMESPACE = "mobbdev-claude-code-hook-logs";
 var claudeCodeVersion;
 function buildDdTags() {
@@ -18023,12 +19069,12 @@ async function resolveTranscriptPath(transcriptPath, sessionId) {
     return transcriptPath;
   } catch {
   }
-  const filename = path16.basename(transcriptPath);
-  const dirName = path16.basename(path16.dirname(transcriptPath));
-  const projectsDir = path16.dirname(path16.dirname(transcriptPath));
+  const filename = path19.basename(transcriptPath);
+  const dirName = path19.basename(path19.dirname(transcriptPath));
+  const projectsDir = path19.dirname(path19.dirname(transcriptPath));
   const baseDirName = dirName.replace(/[-.]claude-worktrees-.+$/, "");
   if (baseDirName !== dirName) {
-    const candidate = path16.join(projectsDir, baseDirName, filename);
+    const candidate = path19.join(projectsDir, baseDirName, filename);
     try {
       await access(candidate);
       hookLog.info(
@@ -18047,10 +19093,10 @@ async function resolveTranscriptPath(transcriptPath, sessionId) {
     }
   }
   try {
-    const dirs = await readdir(projectsDir);
+    const dirs = await readdir3(projectsDir);
     for (const dir of dirs) {
       if (dir === dirName) continue;
-      const candidate = path16.join(projectsDir, dir, filename);
+      const candidate = path19.join(projectsDir, dir, filename);
       try {
         await access(candidate);
         hookLog.info(
@@ -18081,9 +19127,9 @@ async function readNewTranscriptEntries(transcriptPath, sessionId, sessionStore,
   if (cursor?.byteOffset) {
     const fh = await open4(transcriptPath, "r");
     try {
-      const stat3 = await fh.stat();
-      fileSize = stat3.size;
-      if (cursor.byteOffset >= stat3.size) {
+      const stat4 = await fh.stat();
+      fileSize = stat4.size;
+      if (cursor.byteOffset >= stat4.size) {
         hookLog.info({ data: { sessionId } }, "No new data in transcript file");
         return {
           entries: [],
@@ -18091,7 +19137,7 @@ async function readNewTranscriptEntries(transcriptPath, sessionId, sessionStore,
           resolvedTranscriptPath: transcriptPath
         };
       }
-      const buf = Buffer.alloc(stat3.size - cursor.byteOffset);
+      const buf = Buffer.alloc(stat4.size - cursor.byteOffset);
       await fh.read(buf, 0, buf.length, cursor.byteOffset);
       content = buf.toString("utf-8");
     } finally {
@@ -18109,7 +19155,7 @@ async function readNewTranscriptEntries(transcriptPath, sessionId, sessionStore,
       "Read transcript file from offset"
     );
   } else {
-    content = await readFile2(transcriptPath, "utf-8");
+    content = await readFile3(transcriptPath, "utf-8");
     fileSize = Buffer.byteLength(content, "utf-8");
     lineIndexOffset = 0;
     hookLog.debug(
@@ -18231,13 +19277,13 @@ async function cleanupStaleSessions(configDir) {
   const now = Date.now();
   const prefix = getSessionFilePrefix();
   try {
-    const files = await readdir(configDir);
+    const files = await readdir3(configDir);
     let deletedCount = 0;
     for (const file of files) {
       if (!file.startsWith(prefix) || !file.endsWith(".json")) continue;
-      const filePath = path16.join(configDir, file);
+      const filePath = path19.join(configDir, file);
       try {
-        const content = JSON.parse(await readFile2(filePath, "utf-8"));
+        const content = JSON.parse(await readFile3(filePath, "utf-8"));
         let newest = 0;
         const cursors = content["cursor"];
         if (cursors && typeof cursors === "object") {
@@ -18247,7 +19293,7 @@ async function cleanupStaleSessions(configDir) {
           }
         }
         if (newest > 0 && now - newest > STALE_KEY_MAX_AGE_MS) {
-          await unlink(filePath);
+          await unlink2(filePath);
           deletedCount++;
         }
       } catch {
@@ -18387,16 +19433,6 @@ async function processTranscript(input, sessionStore, log2, maxEntries = DAEMON_
       entriesSkipped: filteredOut,
       claudeCodeVersion: getClaudeCodeVersion()
     });
-    if (input.cwd) {
-      uploadContextFilesIfNeeded(
-        input.session_id,
-        input.cwd,
-        gqlClient,
-        log2
-      ).catch((err) => {
-        log2.error({ data: { err } }, "uploadContextFilesIfNeeded failed");
-      });
-    }
     return {
       entriesUploaded: entries.length,
       entriesSkipped: filteredOut,
@@ -18483,14 +19519,14 @@ async function uploadContextFilesIfNeeded(sessionId, cwd, gqlClient, log2) {
 import fs14 from "fs";
 import fsPromises4 from "fs/promises";
 import os6 from "os";
-import path17 from "path";
+import path20 from "path";
 import chalk11 from "chalk";
 // src/features/claude_code/daemon-check-shim.tmpl.js
 var daemon_check_shim_tmpl_default = "// Mobb daemon shim \u2014 checks if daemon is alive, spawns if dead.\n// Auto-generated by mobbdev CLI. Do not edit.\nvar fs = require('fs')\nvar spawn = require('child_process').spawn\nvar path = require('path')\nvar os = require('os')\n\nvar pidFile = path.join(os.homedir(), '.mobbdev', 'daemon.pid')\nvar HEARTBEAT_STALE_MS = __HEARTBEAT_STALE_MS__\n\ntry {\n  var data = JSON.parse(fs.readFileSync(pidFile, 'utf8'))\n  if (Date.now() - data.heartbeat > HEARTBEAT_STALE_MS) throw new Error('stale')\n  process.kill(data.pid, 0) // throws ESRCH if the process is gone\n} catch (e) {\n  var localCli = process.env.MOBBDEV_LOCAL_CLI\n  var child = localCli\n    ? spawn('node', [localCli, 'claude-code-daemon'], { detached: true, stdio: 'ignore', windowsHide: true })\n    : spawn('npx', ['--yes', 'mobbdev@latest', 'claude-code-daemon'], { detached: true, stdio: 'ignore', shell: true, windowsHide: true })\n  child.unref()\n}\n";
 // src/features/claude_code/install_hook.ts
-var CLAUDE_SETTINGS_PATH = path17.join(os6.homedir(), ".claude", "settings.json");
+var CLAUDE_SETTINGS_PATH = path20.join(os6.homedir(), ".claude", "settings.json");
 var RECOMMENDED_MATCHER = "*";
 async function claudeSettingsExists() {
   try {
@@ -18636,18 +19672,18 @@ async function installMobbHooks(options = {}) {
 }
 // src/features/claude_code/transcript_scanner.ts
-import { open as open5, readdir as readdir2, stat as stat2 } from "fs/promises";
+import { open as open5, readdir as readdir4, stat as stat3 } from "fs/promises";
 import os7 from "os";
-import path18 from "path";
+import path21 from "path";
 var UUID_RE = /^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$/i;
 function getClaudeProjectsDirs() {
   const dirs = [];
   const configDir = process.env["CLAUDE_CONFIG_DIR"];
   if (configDir) {
-    dirs.push(path18.join(configDir, "projects"));
+    dirs.push(path21.join(configDir, "projects"));
   }
-  dirs.push(path18.join(os7.homedir(), ".config", "claude", "projects"));
-  dirs.push(path18.join(os7.homedir(), ".claude", "projects"));
+  dirs.push(path21.join(os7.homedir(), ".config", "claude", "projects"));
+  dirs.push(path21.join(os7.homedir(), ".claude", "projects"));
   return dirs;
 }
 async function collectJsonlFiles(files, dir, projectDir, seen, now, results) {
@@ -18655,12 +19691,12 @@ async function collectJsonlFiles(files, dir, projectDir, seen, now, results) {
     if (!file.endsWith(".jsonl")) continue;
     const sessionId = file.replace(".jsonl", "");
     if (!UUID_RE.test(sessionId)) continue;
-    const filePath = path18.join(dir, file);
+    const filePath = path21.join(dir, file);
     if (seen.has(filePath)) continue;
     seen.add(filePath);
     let fileStat;
     try {
-      fileStat = await stat2(filePath);
+      fileStat = await stat3(filePath);
     } catch {
       continue;
     }
@@ -18681,33 +19717,33 @@ async function scanForTranscripts(projectsDirs = getClaudeProjectsDirs()) {
   for (const projectsDir of projectsDirs) {
     let projectDirs;
     try {
-      projectDirs = await readdir2(projectsDir);
+      projectDirs = await readdir4(projectsDir);
     } catch {
       continue;
     }
     for (const projName of projectDirs) {
-      const projPath = path18.join(projectsDir, projName);
+      const projPath = path21.join(projectsDir, projName);
       let projStat;
       try {
-        projStat = await stat2(projPath);
+        projStat = await stat3(projPath);
       } catch {
         continue;
       }
       if (!projStat.isDirectory()) continue;
       let files;
       try {
-        files = await readdir2(projPath);
+        files = await readdir4(projPath);
       } catch {
         continue;
       }
       await collectJsonlFiles(files, projPath, projPath, seen, now, results);
       for (const entry of files) {
         if (!UUID_RE.test(entry)) continue;
-        const subagentsDir = path18.join(projPath, entry, "subagents");
+        const subagentsDir = path21.join(projPath, entry, "subagents");
         try {
-          const s = await stat2(subagentsDir);
+          const s = await stat3(subagentsDir);
           if (!s.isDirectory()) continue;
-          const subFiles = await readdir2(subagentsDir);
+          const subFiles = await readdir4(subagentsDir);
           await collectJsonlFiles(
             subFiles,
             subagentsDir,
@@ -18791,6 +19827,8 @@ async function startDaemon() {
   const startedAt = Date.now();
   const lastSeen = /* @__PURE__ */ new Map();
   let cleanupConfigDir;
+  const sessionCwdCache = /* @__PURE__ */ new Map();
+  let lastContextScanMs = 0;
   while (true) {
     if (shuttingDown) {
       await gracefulExit(0, "signal");
@@ -18804,9 +19842,29 @@ async function startDaemon() {
       for (const transcript of changed) {
         const sessionStore = createSessionConfigStore(transcript.sessionId);
         if (!cleanupConfigDir) {
-          cleanupConfigDir = path19.dirname(sessionStore.path);
+          cleanupConfigDir = path22.dirname(sessionStore.path);
+        }
+        await drainTranscript(
+          transcript,
+          sessionStore,
+          gqlClient,
+          sessionCwdCache
+        );
+      }
+      if (lastSeen.size > 0) {
+        for (const filePath of sessionCwdCache.keys()) {
+          if (!lastSeen.has(filePath)) sessionCwdCache.delete(filePath);
+        }
+      }
+      const now = Date.now();
+      if (now - lastContextScanMs >= CONTEXT_SCAN_INTERVAL_MS) {
+        lastContextScanMs = now;
+        for (const { sessionId, cwd } of sessionCwdCache.values()) {
+          const log2 = createScopedHookLog(cwd, { daemonMode: true });
+          uploadContextFilesIfNeeded(sessionId, cwd, gqlClient, log2).catch(
+            (err) => log2.warn({ err }, "Context file scan failed")
+          );
         }
-        await drainTranscript(transcript, sessionStore, gqlClient);
       }
       if (cleanupConfigDir) {
         await cleanupStaleSessions(cleanupConfigDir);
@@ -18847,11 +19905,17 @@ async function authenticateOrExit(exit) {
     return exit(1, "auth failed");
   }
 }
-async function drainTranscript(transcript, sessionStore, gqlClient) {
+async function drainTranscript(transcript, sessionStore, gqlClient, sessionCwdCache) {
   const cwd = await extractCwdFromTranscript(transcript.filePath);
   const log2 = createScopedHookLog(cwd ?? transcript.projectDir, {
     daemonMode: true
   });
+  if (cwd) {
+    sessionCwdCache.set(transcript.filePath, {
+      sessionId: transcript.sessionId,
+      cwd
+    });
+  }
   try {
     let hasMore = true;
     while (hasMore) {
@@ -18886,6 +19950,19 @@ async function drainTranscript(transcript, sessionStore, gqlClient) {
       "Error processing transcript \u2014 skipping"
     );
   }
+  if (cwd) {
+    runQuarantineCheckIfNeeded({
+      sessionId: transcript.sessionId,
+      cwd,
+      gqlClient,
+      log: log2
+    }).catch((err) => {
+      hookLog.warn(
+        { err, data: { sessionId: transcript.sessionId } },
+        "runQuarantineCheckIfNeeded failed"
+      );
+    });
+  }
 }
 async function detectChangedTranscripts(lastSeen) {
   const transcripts = await scanForTranscripts();
@@ -19062,8 +20139,8 @@ var WorkspaceService = class {
    * Sets a known workspace path that was discovered through successful validation
    * @param path The validated workspace path to store
    */
-  static setKnownWorkspacePath(path32) {
-    this.knownWorkspacePath = path32;
+  static setKnownWorkspacePath(path35) {
+    this.knownWorkspacePath = path35;
   }
   /**
    * Gets the known workspace path that was previously validated
@@ -19924,7 +21001,7 @@ async function createAuthenticatedMcpGQLClient({
 import { execSync as execSync2 } from "child_process";
 import fs15 from "fs";
 import os8 from "os";
-import path20 from "path";
+import path23 from "path";
 var IDEs = ["cursor", "windsurf", "webstorm", "vscode", "claude"];
 var runCommand = (cmd) => {
   try {
@@ -19939,7 +21016,7 @@ var gitInfo = {
 };
 var getClaudeWorkspacePaths = () => {
   const home = os8.homedir();
-  const claudeIdePath = path20.join(home, ".claude", "ide");
+  const claudeIdePath = path23.join(home, ".claude", "ide");
   const workspacePaths = [];
   if (!fs15.existsSync(claudeIdePath)) {
     return workspacePaths;
@@ -19947,7 +21024,7 @@ var getClaudeWorkspacePaths = () => {
   try {
     const lockFiles = fs15.readdirSync(claudeIdePath).filter((file) => file.endsWith(".lock"));
     for (const lockFile of lockFiles) {
-      const lockFilePath = path20.join(claudeIdePath, lockFile);
+      const lockFilePath = path23.join(claudeIdePath, lockFile);
       try {
         const lockContent = JSON.parse(fs15.readFileSync(lockFilePath, "utf8"));
         if (lockContent.workspaceFolders && Array.isArray(lockContent.workspaceFolders)) {
@@ -19972,24 +21049,24 @@ var getMCPConfigPaths = (hostName) => {
   switch (hostName.toLowerCase()) {
     case "cursor":
       return [
-        path20.join(currentDir, ".cursor", "mcp.json"),
+        path23.join(currentDir, ".cursor", "mcp.json"),
         // local first
-        path20.join(home, ".cursor", "mcp.json")
+        path23.join(home, ".cursor", "mcp.json")
       ];
     case "windsurf":
       return [
-        path20.join(currentDir, ".codeium", "mcp_config.json"),
+        path23.join(currentDir, ".codeium", "mcp_config.json"),
         // local first
-        path20.join(home, ".codeium", "windsurf", "mcp_config.json")
+        path23.join(home, ".codeium", "windsurf", "mcp_config.json")
       ];
     case "webstorm":
       return [];
     case "visualstudiocode":
     case "vscode":
       return [
-        path20.join(currentDir, ".vscode", "mcp.json"),
+        path23.join(currentDir, ".vscode", "mcp.json"),
         // local first
-        process.platform === "win32" ? path20.join(home, "AppData", "Roaming", "Code", "User", "mcp.json") : path20.join(
+        process.platform === "win32" ? path23.join(home, "AppData", "Roaming", "Code", "User", "mcp.json") : path23.join(
           home,
           "Library",
           "Application Support",
@@ -20000,13 +21077,13 @@ var getMCPConfigPaths = (hostName) => {
       ];
     case "claude": {
       const claudePaths = [
-        path20.join(currentDir, ".claude.json"),
+        path23.join(currentDir, ".claude.json"),
         // local first
-        path20.join(home, ".claude.json")
+        path23.join(home, ".claude.json")
       ];
       const workspacePaths = getClaudeWorkspacePaths();
       for (const workspacePath of workspacePaths) {
-        claudePaths.push(path20.join(workspacePath, ".mcp.json"));
+        claudePaths.push(path23.join(workspacePath, ".mcp.json"));
       }
       return claudePaths;
     }
@@ -20167,10 +21244,10 @@ var getHostInfo = (additionalMcpList) => {
   const ideConfigPaths = /* @__PURE__ */ new Set();
   for (const ide of IDEs) {
     const configPaths = getMCPConfigPaths(ide);
-    configPaths.forEach((path32) => ideConfigPaths.add(path32));
+    configPaths.forEach((path35) => ideConfigPaths.add(path35));
   }
   const uniqueAdditionalPaths = additionalMcpList.filter(
-    (path32) => !ideConfigPaths.has(path32)
+    (path35) => !ideConfigPaths.has(path35)
   );
   for (const ide of IDEs) {
     const cfg = readMCPConfig(ide);
@@ -20292,7 +21369,7 @@ init_configs();
 init_configs();
 import fs16 from "fs";
 import os9 from "os";
-import path21 from "path";
+import path24 from "path";
 var MAX_DEPTH = 2;
 var patterns = ["mcp", "claude"];
 var isFileMatch = (fileName) => {
@@ -20312,7 +21389,7 @@ var searchDir = async (dir, depth = 0) => {
   if (depth > MAX_DEPTH) return results;
   const entries = await fs16.promises.readdir(dir, { withFileTypes: true }).catch(() => []);
   for (const entry of entries) {
-    const fullPath = path21.join(dir, entry.name);
+    const fullPath = path24.join(dir, entry.name);
     if (entry.isFile() && isFileMatch(entry.name)) {
       results.push(fullPath);
     } else if (entry.isDirectory()) {
@@ -20329,14 +21406,14 @@ var findSystemMCPConfigs = async () => {
     const home = os9.homedir();
     const platform2 = os9.platform();
     const knownDirs = platform2 === "win32" ? [
-      path21.join(home, ".cursor"),
-      path21.join(home, "Documents"),
-      path21.join(home, "Downloads")
+      path24.join(home, ".cursor"),
+      path24.join(home, "Documents"),
+      path24.join(home, "Downloads")
     ] : [
-      path21.join(home, ".cursor"),
-      process.env["XDG_CONFIG_HOME"] || path21.join(home, ".config"),
-      path21.join(home, "Documents"),
-      path21.join(home, "Downloads")
+      path24.join(home, ".cursor"),
+      process.env["XDG_CONFIG_HOME"] || path24.join(home, ".config"),
+      path24.join(home, "Documents"),
+      path24.join(home, "Downloads")
     ];
     const timeoutPromise = new Promise(
       (resolve) => setTimeout(() => {
@@ -22752,13 +23829,13 @@ For a complete security audit workflow, use the \`full-security-audit\` prompt.
 // src/mcp/services/McpDetectionService/CursorMcpDetectionService.ts
 import * as fs19 from "fs";
 import * as os12 from "os";
-import * as path23 from "path";
+import * as path26 from "path";
 // src/mcp/services/McpDetectionService/BaseMcpDetectionService.ts
 init_configs();
 import * as fs18 from "fs";
 import fetch7 from "node-fetch";
-import * as path22 from "path";
+import * as path25 from "path";
 // src/mcp/services/McpDetectionService/McpDetectionServiceUtils.ts
 import * as fs17 from "fs";
@@ -22767,14 +23844,14 @@ import * as os11 from "os";
 // src/mcp/services/McpDetectionService/VscodeMcpDetectionService.ts
 import * as fs20 from "fs";
 import * as os13 from "os";
-import * as path24 from "path";
+import * as path27 from "path";
 // src/mcp/tools/checkForNewAvailableFixes/CheckForNewAvailableFixesTool.ts
 import { z as z42 } from "zod";
 // src/mcp/services/PathValidation.ts
 import fs21 from "fs";
-import path25 from "path";
+import path28 from "path";
 async function validatePath(inputPath) {
   logDebug("Validating MCP path", { inputPath });
   if (/^\/[a-zA-Z]:\//.test(inputPath)) {
@@ -22806,7 +23883,7 @@ async function validatePath(inputPath) {
     logError(error);
     return { isValid: false, error, path: inputPath };
   }
-  const normalizedPath = path25.normalize(inputPath);
+  const normalizedPath = path28.normalize(inputPath);
   if (normalizedPath.includes("..")) {
     const error = `Normalized path contains path traversal patterns: ${inputPath}`;
     logError(error);
@@ -23458,7 +24535,7 @@ init_configs();
 import fs22 from "fs/promises";
 import nodePath from "path";
 var getLocalFiles = async ({
-  path: path32,
+  path: path35,
   maxFileSize = MCP_MAX_FILE_SIZE,
   maxFiles,
   isAllFilesScan,
@@ -23466,17 +24543,17 @@ var getLocalFiles = async ({
   scanRecentlyChangedFiles
 }) => {
   logDebug(`[${scanContext}] Starting getLocalFiles`, {
-    path: path32,
+    path: path35,
     maxFileSize,
     maxFiles,
     isAllFilesScan,
     scanRecentlyChangedFiles
   });
   try {
-    const resolvedRepoPath = await fs22.realpath(path32);
+    const resolvedRepoPath = await fs22.realpath(path35);
     logDebug(`[${scanContext}] Resolved repository path`, {
       resolvedRepoPath,
-      originalPath: path32
+      originalPath: path35
     });
     const gitService = new GitService(resolvedRepoPath, log);
     const gitValidation = await gitService.validateRepository();
@@ -23489,7 +24566,7 @@ var getLocalFiles = async ({
     if (!gitValidation.isValid || isAllFilesScan) {
       try {
         files = await FileUtils.getLastChangedFiles({
-          dir: path32,
+          dir: path35,
           maxFileSize,
           maxFiles,
           isAllFilesScan
@@ -23581,7 +24658,7 @@ var getLocalFiles = async ({
     logError(`${scanContext}Unexpected error in getLocalFiles`, {
       error: error instanceof Error ? error.message : String(error),
       stack: error instanceof Error ? error.stack : void 0,
-      path: path32
+      path: path35
     });
     throw error;
   }
@@ -23591,7 +24668,7 @@ var getLocalFiles = async ({
 init_client_generates();
 init_GitService();
 import fs23 from "fs";
-import path26 from "path";
+import path29 from "path";
 import { z as z41 } from "zod";
 function extractPathFromPatch(patch) {
   const match = patch?.match(/diff --git a\/([^\s]+) b\//);
@@ -23677,7 +24754,7 @@ var LocalMobbFolderService = class {
           "[LocalMobbFolderService] Non-git repository detected, skipping .gitignore operations"
         );
       }
-      const mobbFolderPath = path26.join(
+      const mobbFolderPath = path29.join(
         this.repoPath,
         this.defaultMobbFolderName
       );
@@ -23849,7 +24926,7 @@ var LocalMobbFolderService = class {
         mobbFolderPath,
         baseFileName
       );
-      const filePath = path26.join(mobbFolderPath, uniqueFileName);
+      const filePath = path29.join(mobbFolderPath, uniqueFileName);
       await fs23.promises.writeFile(filePath, patch, "utf8");
       logInfo("[LocalMobbFolderService] Patch saved successfully", {
         filePath,
@@ -23907,11 +24984,11 @@ var LocalMobbFolderService = class {
    * @returns Unique filename that doesn't conflict with existing files
    */
   getUniqueFileName(folderPath, baseFileName) {
-    const baseName = path26.parse(baseFileName).name;
-    const extension = path26.parse(baseFileName).ext;
+    const baseName = path29.parse(baseFileName).name;
+    const extension = path29.parse(baseFileName).ext;
     let uniqueFileName = baseFileName;
     let index = 1;
-    while (fs23.existsSync(path26.join(folderPath, uniqueFileName))) {
+    while (fs23.existsSync(path29.join(folderPath, uniqueFileName))) {
       uniqueFileName = `${baseName}-${index}${extension}`;
       index++;
       if (index > 1e3) {
@@ -23942,7 +25019,7 @@ var LocalMobbFolderService = class {
     logDebug("[LocalMobbFolderService] Logging patch info", { fixId: fix.id });
     try {
       const mobbFolderPath = await this.getFolder();
-      const patchInfoPath = path26.join(mobbFolderPath, "patchInfo.md");
+      const patchInfoPath = path29.join(mobbFolderPath, "patchInfo.md");
       const markdownContent = this.generateFixMarkdown(fix, savedPatchFileName);
       let existingContent = "";
       if (fs23.existsSync(patchInfoPath)) {
@@ -23984,7 +25061,7 @@ var LocalMobbFolderService = class {
     const timestamp = (/* @__PURE__ */ new Date()).toISOString();
     const patch = this.extractPatchFromFix(fix);
     const relativePatchedFilePath = patch ? extractPathFromPatch(patch) : null;
-    const patchedFilePath = relativePatchedFilePath ? path26.resolve(this.repoPath, relativePatchedFilePath) : null;
+    const patchedFilePath = relativePatchedFilePath ? path29.resolve(this.repoPath, relativePatchedFilePath) : null;
     const fixIdentifier = savedPatchFileName ? savedPatchFileName.replace(".patch", "") : fix.id;
     let markdown = `# Fix ${fixIdentifier}
@@ -24320,7 +25397,7 @@ var LocalMobbFolderService = class {
 // src/mcp/services/PatchApplicationService.ts
 init_configs();
 import {
-  existsSync as existsSync6,
+  existsSync as existsSync7,
   mkdirSync,
   readFileSync as readFileSync4,
   unlinkSync,
@@ -24328,14 +25405,14 @@ import {
 } from "fs";
 import fs24 from "fs/promises";
 import parseDiff2 from "parse-diff";
-import path27 from "path";
+import path30 from "path";
 var PatchApplicationService = class {
   /**
    * Gets the appropriate comment syntax for a file based on its extension
    */
   static getCommentSyntax(filePath) {
-    const ext = path27.extname(filePath).toLowerCase();
-    const basename2 = path27.basename(filePath);
+    const ext = path30.extname(filePath).toLowerCase();
+    const basename2 = path30.basename(filePath);
     const commentMap = {
       // C-style languages (single line comments)
       ".js": "//",
@@ -24543,7 +25620,7 @@ var PatchApplicationService = class {
         }
       );
     }
-    const dirPath = path27.dirname(normalizedFilePath);
+    const dirPath = path30.dirname(normalizedFilePath);
     mkdirSync(dirPath, { recursive: true });
     writeFileSync3(normalizedFilePath, finalContent, "utf8");
     return normalizedFilePath;
@@ -24552,9 +25629,9 @@ var PatchApplicationService = class {
     repositoryPath,
     targetPath
   }) {
-    const repoRoot = path27.resolve(repositoryPath);
-    const normalizedPath = path27.resolve(repoRoot, targetPath);
-    const repoRootWithSep = repoRoot.endsWith(path27.sep) ? repoRoot : `${repoRoot}${path27.sep}`;
+    const repoRoot = path30.resolve(repositoryPath);
+    const normalizedPath = path30.resolve(repoRoot, targetPath);
+    const repoRootWithSep = repoRoot.endsWith(path30.sep) ? repoRoot : `${repoRoot}${path30.sep}`;
     if (normalizedPath !== repoRoot && !normalizedPath.startsWith(repoRootWithSep)) {
       throw new Error(
         `Security violation: target path ${targetPath} resolves outside repository`
@@ -24563,7 +25640,7 @@ var PatchApplicationService = class {
     return {
       repoRoot,
       normalizedPath,
-      relativePath: path27.relative(repoRoot, normalizedPath)
+      relativePath: path30.relative(repoRoot, normalizedPath)
     };
   }
   /**
@@ -24845,8 +25922,8 @@ var PatchApplicationService = class {
         continue;
       }
       try {
-        const absolutePath = path27.resolve(repositoryPath, targetFile);
-        if (existsSync6(absolutePath)) {
+        const absolutePath = path30.resolve(repositoryPath, targetFile);
+        if (existsSync7(absolutePath)) {
           const stats = await fs24.stat(absolutePath);
           const fileModTime = stats.mtime.getTime();
           if (fileModTime > scanStartTime) {
@@ -25047,7 +26124,7 @@ var PatchApplicationService = class {
       targetFile,
       absoluteFilePath,
       relativePath,
-      exists: existsSync6(absoluteFilePath)
+      exists: existsSync7(absoluteFilePath)
     });
     return { absoluteFilePath, relativePath };
   }
@@ -25071,7 +26148,7 @@ var PatchApplicationService = class {
       fix,
       scanContext
     });
-    appliedFiles.push(path27.relative(repositoryPath, actualPath));
+    appliedFiles.push(path30.relative(repositoryPath, actualPath));
     logDebug(`[${scanContext}] Created new file: ${relativePath}`);
   }
   /**
@@ -25083,7 +26160,7 @@ var PatchApplicationService = class {
     appliedFiles,
     scanContext
   }) {
-    if (existsSync6(absoluteFilePath)) {
+    if (existsSync7(absoluteFilePath)) {
       unlinkSync(absoluteFilePath);
       appliedFiles.push(relativePath);
       logDebug(`[${scanContext}] Deleted file: ${relativePath}`);
@@ -25102,7 +26179,7 @@ var PatchApplicationService = class {
     appliedFiles,
     scanContext
   }) {
-    if (!existsSync6(absoluteFilePath)) {
+    if (!existsSync7(absoluteFilePath)) {
       throw new Error(
         `Target file does not exist: ${targetFile} (resolved to: ${absoluteFilePath})`
       );
@@ -25120,7 +26197,7 @@ var PatchApplicationService = class {
         fix,
         scanContext
       });
-      appliedFiles.push(path27.relative(repositoryPath, actualPath));
+      appliedFiles.push(path30.relative(repositoryPath, actualPath));
       logDebug(`[${scanContext}] Modified file: ${relativePath}`);
     }
   }
@@ -25317,7 +26394,7 @@ init_configs();
 // src/mcp/services/FileOperations.ts
 init_FileUtils();
 import fs25 from "fs";
-import path28 from "path";
+import path31 from "path";
 import AdmZip4 from "adm-zip";
 var FileOperations = class {
   /**
@@ -25337,10 +26414,10 @@ var FileOperations = class {
     let packedFilesCount = 0;
     const packedFiles = [];
     const excludedFiles = [];
-    const resolvedRepoPath = path28.resolve(repositoryPath);
+    const resolvedRepoPath = path31.resolve(repositoryPath);
     for (const filepath of fileList) {
-      const absoluteFilepath = path28.join(repositoryPath, filepath);
-      const resolvedFilePath = path28.resolve(absoluteFilepath);
+      const absoluteFilepath = path31.join(repositoryPath, filepath);
+      const resolvedFilePath = path31.resolve(absoluteFilepath);
       if (!resolvedFilePath.startsWith(resolvedRepoPath)) {
         const reason = "potential path traversal security risk";
         logDebug(`[FileOperations] Skipping ${filepath} due to ${reason}`);
@@ -25387,11 +26464,11 @@ var FileOperations = class {
     fileList,
     repositoryPath
   }) {
-    const resolvedRepoPath = path28.resolve(repositoryPath);
+    const resolvedRepoPath = path31.resolve(repositoryPath);
     const validatedPaths = [];
     for (const filepath of fileList) {
-      const absoluteFilepath = path28.join(repositoryPath, filepath);
-      const resolvedFilePath = path28.resolve(absoluteFilepath);
+      const absoluteFilepath = path31.join(repositoryPath, filepath);
+      const resolvedFilePath = path31.resolve(absoluteFilepath);
       if (!resolvedFilePath.startsWith(resolvedRepoPath)) {
         logDebug(
           `[FileOperations] Rejecting ${filepath} - path traversal attempt detected`
@@ -25419,7 +26496,7 @@ var FileOperations = class {
     for (const absolutePath of filePaths) {
       try {
         const content = await fs25.promises.readFile(absolutePath);
-        const relativePath = path28.basename(absolutePath);
+        const relativePath = path31.basename(absolutePath);
         fileDataArray.push({
           relativePath,
           absolutePath,
@@ -25731,14 +26808,14 @@ var _CheckForNewAvailableFixesService = class _CheckForNewAvailableFixesService
    * since the last scan.
    */
   async scanForSecurityVulnerabilities({
-    path: path32,
+    path: path35,
     isAllDetectionRulesScan,
     isAllFilesScan,
     scanContext
   }) {
     this.hasAuthenticationFailed = false;
     logDebug(`[${scanContext}] Scanning for new security vulnerabilities`, {
-      path: path32
+      path: path35
     });
     if (!this.gqlClient) {
       logInfo(`[${scanContext}] No GQL client found, skipping scan`);
@@ -25754,11 +26831,11 @@ var _CheckForNewAvailableFixesService = class _CheckForNewAvailableFixesService
       }
       logDebug(
         `[${scanContext}] Connected to the API, assembling list of files to scan`,
-        { path: path32 }
+        { path: path35 }
       );
       const isBackgroundScan = scanContext === ScanContext.BACKGROUND_INITIAL || scanContext === ScanContext.BACKGROUND_PERIODIC;
       const files = await getLocalFiles({
-        path: path32,
+        path: path35,
         isAllFilesScan,
         scanContext,
         scanRecentlyChangedFiles: !isBackgroundScan
@@ -25784,13 +26861,13 @@ var _CheckForNewAvailableFixesService = class _CheckForNewAvailableFixesService
       });
       const { fixReportId, projectId } = await scanFiles({
         fileList: filesToScan.map((file) => file.relativePath),
-        repositoryPath: path32,
+        repositoryPath: path35,
         gqlClient: this.gqlClient,
         isAllDetectionRulesScan,
         scanContext
       });
       logInfo(
-        `[${scanContext}] Security scan completed for ${path32} reportId: ${fixReportId} projectId: ${projectId}`
+        `[${scanContext}] Security scan completed for ${path35} reportId: ${fixReportId} projectId: ${projectId}`
       );
       if (isAllFilesScan) {
         return;
@@ -26084,13 +27161,13 @@ var _CheckForNewAvailableFixesService = class _CheckForNewAvailableFixesService
     });
     return scannedFiles.some((file) => file.relativePath === fixFile);
   }
-  async getFreshFixes({ path: path32 }) {
+  async getFreshFixes({ path: path35 }) {
     const scanContext = ScanContext.USER_REQUEST;
-    logDebug(`[${scanContext}] Getting fresh fixes`, { path: path32 });
-    if (this.path !== path32) {
-      this.path = path32;
+    logDebug(`[${scanContext}] Getting fresh fixes`, { path: path35 });
+    if (this.path !== path35) {
+      this.path = path35;
       this.reset();
-      logInfo(`[${scanContext}] Reset service state for new path`, { path: path32 });
+      logInfo(`[${scanContext}] Reset service state for new path`, { path: path35 });
     }
     try {
       const loginContext = createMcpLoginContext("check_new_fixes");
@@ -26109,7 +27186,7 @@ var _CheckForNewAvailableFixesService = class _CheckForNewAvailableFixesService
       }
       throw error;
     }
-    this.triggerScan({ path: path32, gqlClient: this.gqlClient });
+    this.triggerScan({ path: path35, gqlClient: this.gqlClient });
     let isMvsAutoFixEnabled = null;
     try {
       isMvsAutoFixEnabled = await this.gqlClient.getMvsAutoFixSettings();
@@ -26143,33 +27220,33 @@ var _CheckForNewAvailableFixesService = class _CheckForNewAvailableFixesService
     return noFreshFixesPrompt;
   }
   triggerScan({
-    path: path32,
+    path: path35,
     gqlClient
   }) {
-    if (this.path !== path32) {
-      this.path = path32;
+    if (this.path !== path35) {
+      this.path = path35;
       this.reset();
-      logInfo(`Reset service state for new path in triggerScan`, { path: path32 });
+      logInfo(`Reset service state for new path in triggerScan`, { path: path35 });
     }
     this.gqlClient = gqlClient;
     if (!this.intervalId) {
-      this.startPeriodicScanning(path32);
-      this.executeInitialScan(path32);
-      void this.executeInitialFullScan(path32);
+      this.startPeriodicScanning(path35);
+      this.executeInitialScan(path35);
+      void this.executeInitialFullScan(path35);
     }
   }
-  startPeriodicScanning(path32) {
+  startPeriodicScanning(path35) {
     const scanContext = ScanContext.BACKGROUND_PERIODIC;
     logDebug(
       `[${scanContext}] Starting periodic scan for new security vulnerabilities`,
       {
-        path: path32
+        path: path35
       }
     );
     this.intervalId = setInterval(() => {
-      logDebug(`[${scanContext}] Triggering periodic security scan`, { path: path32 });
+      logDebug(`[${scanContext}] Triggering periodic security scan`, { path: path35 });
       this.scanForSecurityVulnerabilities({
-        path: path32,
+        path: path35,
         scanContext
       }).catch((error) => {
         logError(`[${scanContext}] Error during periodic security scan`, {
@@ -26178,45 +27255,45 @@ var _CheckForNewAvailableFixesService = class _CheckForNewAvailableFixesService
       });
     }, MCP_PERIODIC_CHECK_INTERVAL);
   }
-  async executeInitialFullScan(path32) {
+  async executeInitialFullScan(path35) {
     const scanContext = ScanContext.FULL_SCAN;
-    logDebug(`[${scanContext}] Triggering initial full security scan`, { path: path32 });
+    logDebug(`[${scanContext}] Triggering initial full security scan`, { path: path35 });
     logDebug(`[${scanContext}] Full scan paths scanned`, {
       fullScanPathsScanned: this.fullScanPathsScanned
     });
-    if (this.fullScanPathsScanned.includes(path32)) {
+    if (this.fullScanPathsScanned.includes(path35)) {
       logDebug(`[${scanContext}] Full scan already executed for this path`, {
-        path: path32
+        path: path35
       });
       return;
     }
     configStore.set("fullScanPathsScanned", [
       ...this.fullScanPathsScanned,
-      path32
+      path35
     ]);
     try {
       await this.scanForSecurityVulnerabilities({
-        path: path32,
+        path: path35,
         isAllFilesScan: true,
         isAllDetectionRulesScan: true,
         scanContext: ScanContext.FULL_SCAN
       });
-      if (!this.fullScanPathsScanned.includes(path32)) {
-        this.fullScanPathsScanned.push(path32);
+      if (!this.fullScanPathsScanned.includes(path35)) {
+        this.fullScanPathsScanned.push(path35);
         configStore.set("fullScanPathsScanned", this.fullScanPathsScanned);
       }
-      logInfo(`[${scanContext}] Full scan completed`, { path: path32 });
+      logInfo(`[${scanContext}] Full scan completed`, { path: path35 });
     } catch (error) {
       logError(`[${scanContext}] Error during initial full security scan`, {
         error
       });
     }
   }
-  executeInitialScan(path32) {
+  executeInitialScan(path35) {
     const scanContext = ScanContext.BACKGROUND_INITIAL;
-    logDebug(`[${scanContext}] Triggering initial security scan`, { path: path32 });
+    logDebug(`[${scanContext}] Triggering initial security scan`, { path: path35 });
     this.scanForSecurityVulnerabilities({
-      path: path32,
+      path: path35,
       scanContext: ScanContext.BACKGROUND_INITIAL
     }).catch((error) => {
       logError(`[${scanContext}] Error during initial security scan`, { error });
@@ -26313,9 +27390,9 @@ Example payload:
         `Invalid path: potential security risk detected in path: ${pathValidationResult.error}`
       );
     }
-    const path32 = pathValidationResult.path;
+    const path35 = pathValidationResult.path;
     const resultText = await this.newFixesService.getFreshFixes({
-      path: path32
+      path: path35
     });
     logInfo("CheckForNewAvailableFixesTool execution completed", {
       resultText
@@ -26493,8 +27570,8 @@ Call this tool instead of ${MCP_TOOL_SCAN_AND_FIX_VULNERABILITIES} when you only
         `Invalid path: potential security risk detected in path: ${pathValidationResult.error}`
       );
     }
-    const path32 = pathValidationResult.path;
-    const gitService = new GitService(path32, log);
+    const path35 = pathValidationResult.path;
+    const gitService = new GitService(path35, log);
     const gitValidation = await gitService.validateRepository();
     if (!gitValidation.isValid) {
       throw new Error(`Invalid git repository: ${gitValidation.error}`);
@@ -26879,9 +27956,9 @@ Example payload:
         `Invalid path: potential security risk detected in path: ${pathValidationResult.error}`
       );
     }
-    const path32 = pathValidationResult.path;
+    const path35 = pathValidationResult.path;
     const files = await getLocalFiles({
-      path: path32,
+      path: path35,
       maxFileSize: MCP_MAX_FILE_SIZE,
       maxFiles: args.maxFiles,
       scanContext: ScanContext.USER_REQUEST,
@@ -26901,7 +27978,7 @@ Example payload:
     try {
       const fixResult = await this.vulnerabilityFixService.processVulnerabilities({
         fileList: files.map((file) => file.relativePath),
-        repositoryPath: path32,
+        repositoryPath: path35,
         offset: args.offset,
         limit: args.limit,
         isRescan: args.rescan || !!args.maxFiles
@@ -27202,10 +28279,10 @@ init_client_generates();
 init_urlParser2();
 // src/features/codeium_intellij/codeium_language_server_grpc_client.ts
-import path29 from "path";
+import path32 from "path";
 import * as grpc from "@grpc/grpc-js";
 import * as protoLoader from "@grpc/proto-loader";
-var PROTO_PATH = path29.join(
+var PROTO_PATH = path32.join(
   getModuleRootDir(),
   "src/features/codeium_intellij/proto/exa/language_server_pb/language_server.proto"
 );
@@ -27217,7 +28294,7 @@ function loadProto() {
     defaults: true,
     oneofs: true,
     includeDirs: [
-      path29.join(getModuleRootDir(), "src/features/codeium_intellij/proto")
+      path32.join(getModuleRootDir(), "src/features/codeium_intellij/proto")
     ]
   });
   return grpc.loadPackageDefinition(
@@ -27273,28 +28350,28 @@ async function getGrpcClient(port, csrf3) {
 // src/features/codeium_intellij/parse_intellij_logs.ts
 import fs27 from "fs";
 import os14 from "os";
-import path30 from "path";
+import path33 from "path";
 function getLogsDir() {
   if (process.platform === "darwin") {
-    return path30.join(os14.homedir(), "Library/Logs/JetBrains");
+    return path33.join(os14.homedir(), "Library/Logs/JetBrains");
   } else if (process.platform === "win32") {
-    return path30.join(
-      process.env["LOCALAPPDATA"] || path30.join(os14.homedir(), "AppData/Local"),
+    return path33.join(
+      process.env["LOCALAPPDATA"] || path33.join(os14.homedir(), "AppData/Local"),
       "JetBrains"
     );
   } else {
-    return path30.join(os14.homedir(), ".cache/JetBrains");
+    return path33.join(os14.homedir(), ".cache/JetBrains");
   }
 }
 function parseIdeLogDir(ideLogDir) {
   const logFiles = fs27.readdirSync(ideLogDir).filter((f) => /^idea(\.\d+)?\.log$/.test(f)).map((f) => ({
     name: f,
-    mtime: fs27.statSync(path30.join(ideLogDir, f)).mtimeMs
+    mtime: fs27.statSync(path33.join(ideLogDir, f)).mtimeMs
   })).sort((a, b) => a.mtime - b.mtime).map((f) => f.name);
   let latestCsrf = null;
   let latestPort = null;
   for (const logFile of logFiles) {
-    const lines = fs27.readFileSync(path30.join(ideLogDir, logFile), "utf-8").split("\n");
+    const lines = fs27.readFileSync(path33.join(ideLogDir, logFile), "utf-8").split("\n");
     for (const line of lines) {
       if (!line.includes(
         "com.codeium.intellij.language_server.LanguageServerProcessHandler"
@@ -27322,9 +28399,9 @@ function findRunningCodeiumLanguageServers() {
   const logsDir = getLogsDir();
   if (!fs27.existsSync(logsDir)) return results;
   for (const ide of fs27.readdirSync(logsDir)) {
-    let ideLogDir = path30.join(logsDir, ide);
+    let ideLogDir = path33.join(logsDir, ide);
     if (process.platform !== "darwin") {
-      ideLogDir = path30.join(ideLogDir, "log");
+      ideLogDir = path33.join(ideLogDir, "log");
     }
     if (!fs27.existsSync(ideLogDir) || !fs27.statSync(ideLogDir).isDirectory()) {
       continue;
@@ -27507,10 +28584,10 @@ function processChatStepCodeAction(step) {
 // src/features/codeium_intellij/install_hook.ts
 import fsPromises5 from "fs/promises";
 import os15 from "os";
-import path31 from "path";
+import path34 from "path";
 import chalk14 from "chalk";
 function getCodeiumHooksPath() {
-  return path31.join(os15.homedir(), ".codeium", "hooks.json");
+  return path34.join(os15.homedir(), ".codeium", "hooks.json");
 }
 async function readCodeiumHooks() {
   const hooksPath = getCodeiumHooksPath();
@@ -27523,7 +28600,7 @@ async function readCodeiumHooks() {
 }
 async function writeCodeiumHooks(config2) {
   const hooksPath = getCodeiumHooksPath();
-  const dir = path31.dirname(hooksPath);
+  const dir = path34.dirname(hooksPath);
   await fsPromises5.mkdir(dir, { recursive: true });
   await fsPromises5.writeFile(
     hooksPath,