mobbdev 1.4.1 → 1.4.2

package/dist/index.mjs

@@ -4148,11 +4148,11 @@ ${rootContent}`;
         try {
           const gitRoot = await this.getGitRoot();
           const gitignorePath = path2.join(gitRoot, ".gitignore");
-          const exists = fs2.existsSync(gitignorePath);
+          const exists2 = fs2.existsSync(gitignorePath);
           this.log("[GitService] .gitignore existence check complete", "debug", {
-            exists
+            exists: exists2
           });
-          return exists;
+          return exists2;
         } catch (error) {
           const errorMessage = `Failed to check .gitignore existence: ${error.message}`;
           this.log(`[GitService] ${errorMessage}`, "error", { error });
@@ -7178,7 +7178,7 @@ async function getAdoSdk(params) {
       const url = new URL(repoUrl);
       const origin = url.origin.toLowerCase().endsWith(".visualstudio.com") ? DEFUALT_ADO_ORIGIN : url.origin.toLowerCase();
       const params2 = `path=/&versionDescriptor[versionOptions]=0&versionDescriptor[versionType]=commit&versionDescriptor[version]=${branch}&resolveLfs=true&$format=zip&api-version=5.0&download=true`;
-      const path35 = [
+      const path36 = [
         prefixPath,
         owner,
         projectName,
@@ -7189,7 +7189,7 @@ async function getAdoSdk(params) {
         "items",
         "items"
       ].filter(Boolean).join("/");
-      return new URL(`${path35}?${params2}`, origin).toString();
+      return new URL(`${path36}?${params2}`, origin).toString();
     },
     async getAdoBranchList({ repoUrl }) {
       try {
@@ -7278,8 +7278,8 @@ async function getAdoSdk(params) {
         const changeType = entry.changeType;
         return changeType !== 16 && entry.item?.path;
       }).map((entry) => {
-        const path35 = entry.item.path;
-        return path35.startsWith("/") ? path35.slice(1) : path35;
+        const path36 = entry.item.path;
+        return path36.startsWith("/") ? path36.slice(1) : path36;
       });
     },
     async searchAdoPullRequests({
@@ -15172,7 +15172,7 @@ async function postIssueComment(params) {
     fpDescription
   } = params;
   const {
-    path: path35,
+    path: path36,
     startLine,
     vulnerabilityReportIssue: {
       vulnerabilityReportIssueTags,
@@ -15187,7 +15187,7 @@ async function postIssueComment(params) {
 Refresh the page in order to see the changes.`,
     pull_number: pullRequest,
     commit_id: commitSha,
-    path: path35,
+    path: path36,
     line: startLine
   });
   const commentId = commentRes.data.id;
@@ -15221,7 +15221,7 @@ async function postFixComment(params) {
     scanner
   } = params;
   const {
-    path: path35,
+    path: path36,
     startLine,
     vulnerabilityReportIssue: { fixId, vulnerabilityReportIssueTags, category },
     vulnerabilityReportIssueId
@@ -15239,7 +15239,7 @@ async function postFixComment(params) {
 Refresh the page in order to see the changes.`,
     pull_number: pullRequest,
     commit_id: commitSha,
-    path: path35,
+    path: path36,
     line: startLine
   });
   const commentId = commentRes.data.id;
@@ -17161,7 +17161,7 @@ import { spawn } from "child_process";
 
 // src/features/claude_code/daemon.ts
 import { readFileSync, writeFileSync as writeFileSync2 } from "fs";
-import path22 from "path";
+import path23 from "path";
 import { setTimeout as sleep2 } from "timers/promises";
 import Configstore3 from "configstore";
 
@@ -17173,7 +17173,8 @@ var HEARTBEAT_DEBOUNCE_MS = (() => {
 })();
 var KILL_SWITCH_ENV = "MOBB_TRACY_SKILL_QUARANTINE_DISABLE";
 var MALICIOUS_VERDICT = "MALICIOUS";
-var ORPHAN_SWEEP_GRACE_MS = 10 * 60 * 1e3;
+var PARTIAL_SWEEP_GRACE_MS = 10 * 60 * 1e3;
+var STUB_MARKER = "\u26D4 QUARANTINED BY TRACY";
 
 // src/features/analysis/skill_quarantine/enumerateInstalledSkills.ts
 import { homedir as homedir2 } from "os";
@@ -17546,11 +17547,11 @@ async function readJsoncSettings(settingsPath) {
   putSettingsCache(settingsPath, { mtimeMs, parsed: payload });
   return payload;
 }
-function putSettingsCache(path35, entry) {
-  if (!settingsCache.has(path35) && settingsCache.size >= MAX_SETTINGS_CACHE_SIZE) {
+function putSettingsCache(path36, entry) {
+  if (!settingsCache.has(path36) && settingsCache.size >= MAX_SETTINGS_CACHE_SIZE) {
     settingsCache.delete(settingsCache.keys().next().value);
   }
-  settingsCache.set(path35, entry);
+  settingsCache.set(path36, entry);
 }
 async function readCopilotCustomLocations(workspaceRoot) {
   const parsed = await readJsoncSettings(
@@ -17800,7 +17801,7 @@ async function enumerateGlob(pattern, cwd, category, isDynamic) {
   } catch {
     return [];
   }
-  return files.map((path35) => ({ path: path35, category }));
+  return files.map((path36) => ({ path: path36, category }));
 }
 async function enumerateSkillBundle(baseDir, skillsRoot) {
   const skillsDir = path14.resolve(baseDir, skillsRoot);
@@ -17966,27 +17967,32 @@ var Metric = {
   CHECK_DISABLED_ENV: "skill_quarantine.check_disabled_env",
   /** Verdict-query call failed. Fail-open. */
   QUERY_ERROR: "skill_quarantine.query_error",
-  /** Count of skills enumerated in this run (histogram-ish). */
+  /** Count of skills enumerated in this run. */
   SKILLS_CHECKED: "skill_quarantine.skills_checked",
-  /** A skill was freshly quarantined. Tagged with shape. */
+  /** A skill was freshly quarantined. */
   QUARANTINED: "skill_quarantine.quarantined",
-  /** Presence check hit; skill already quarantined. */
+  /** Presence check hit (`<md5>.zip` exists); skill already quarantined. */
   ALREADY_QUARANTINED: "skill_quarantine.already_quarantined",
-  /** Move step failed. Tagged with phase (stage | publish). */
-  MOVE_ERROR: "skill_quarantine.move_error",
-  /** Stub creation failed after the move succeeded. */
+  /** Zip build or partial→tmp rename failed (phase 1). */
+  ZIP_ERROR: "skill_quarantine.zip_error",
+  /** Stub write failed (phase 2); tmp preserved for reconcile. */
   STUB_ERROR: "skill_quarantine.stub_error",
-  /** A stale staging dir was swept. */
-  ORPHAN_SWEPT: "skill_quarantine.orphan_swept",
+  /** Tmp→published rename failed (phase 3); reconcile will retry. */
+  PUBLISH_ERROR: "skill_quarantine.publish_error",
+  /** Reconcile published a leftover tmp whose `<md5>.zip` was missing. */
+  RECONCILED: "skill_quarantine.reconciled",
+  /** Tmp removed because `<md5>.zip` already existed. */
+  SWEPT_REDUNDANT_TMP: "skill_quarantine.swept_redundant_tmp",
+  /** Stale partial zip swept (older than grace window). */
+  SWEPT_PARTIAL: "skill_quarantine.swept_partial",
   /** Total run duration including I/O. */
   DURATION_MS: "skill_quarantine.duration_ms"
 };
 
 // src/features/analysis/skill_quarantine/quarantineSkill.ts
 import { randomUUID } from "crypto";
-import { existsSync as existsSync2 } from "fs";
 import {
-  lstat as lstat2,
+  access,
   mkdir,
   readdir as readdir2,
   readFile as readFile2,
@@ -17996,8 +18002,8 @@ import {
   unlink,
   writeFile
 } from "fs/promises";
-import path17 from "path";
-import { move } from "fs-extra";
+import path18 from "path";
+import AdmZip4 from "adm-zip";
 
 // src/features/analysis/skill_quarantine/paths.ts
 import { homedir as homedir3 } from "os";
@@ -18005,27 +18011,29 @@ import path16 from "path";
 function getQuarantineRoot() {
   return path16.join(homedir3(), ".tracy", "quarantine", "claude", "skills");
 }
-function getQuarantinedHashDir(md5) {
-  return path16.join(getQuarantineRoot(), md5);
+function getQuarantineZipPath(md5) {
+  return path16.join(getQuarantineRoot(), `${md5}.zip`);
 }
-function getQuarantinedTargetPath(md5, origName) {
-  return path16.join(getQuarantinedHashDir(md5), origName);
+function getTmpZipPath(md5, uuid) {
+  return path16.join(getQuarantineRoot(), `${md5}_tmp_${uuid}.zip`);
 }
-function getStagingDir(md5, pid, uuid) {
-  return path16.join(getQuarantineRoot(), `${md5}_tmp_${pid}_${uuid}`);
-}
-var STAGING_DIR_REGEX = /^([0-9a-f]{32})_tmp_/;
+var TMP_ZIP_REGEX = /^([0-9a-f]{32})_tmp_[0-9a-f-]+\.zip$/;
+var COMMITTED_ZIP_REGEX = /^([0-9a-f]{32})\.zip$/;
 
 // src/features/analysis/skill_quarantine/stubTemplate.ts
+import path17 from "path";
+import { quote } from "shell-quote";
 var LEGACY_SUMMARY_FALLBACK = "not available (scan predates current schema)";
 function renderStub(params) {
   const folderOrFile = params.isFolder ? "skill folder" : "skill file";
   const reason = params.summary ?? LEGACY_SUMMARY_FALLBACK;
-  return `# \u26D4 QUARANTINED BY TRACY
+  const extractParent = path17.dirname(params.origPath);
+  const recoverCommand = `rm -rf ${quote([params.origPath])} && unzip -o ${quote([params.quarantinedZipPath])} -d ${quote([extractParent])}`;
+  return `# ${STUB_MARKER}
 
 This skill was flagged **MALICIOUS** by the Mobb security scanner and has been
-moved out of your skills folder. **Claude Code will not execute it** while this
-stub is in place.
+archived out of your skills folder. **Claude Code will not execute it** while
+this stub is in place.
 
 ## Why this skill was flagged
 
@@ -18036,23 +18044,22 @@ stub is in place.
 
 ## Where the original is now
 
-The original ${folderOrFile} has been moved to:
+The original ${folderOrFile} has been archived to:
 
-    ${params.quarantinedPath}
+    ${params.quarantinedZipPath}
 
-Nothing has been deleted. The contents are intact; only the location changed.
+Nothing has been deleted. The archive preserves the skill exactly as it was,
+including any secrets or local-only edits.
 
 ## If this is a false positive \u2014 how to recover
 
 If you're confident this skill is safe and want to restore it:
 
-    mv ${params.quarantinedPath} ${params.origPath}
+    ${recoverCommand}
 
-Tracy will not re-quarantine it as long as the directory
-\`~/.tracy/quarantine/claude/skills/${params.md5}/\` still exists on your
-machine (even if it's empty after you moved the contents out). If you delete
-that directory entirely, the next heartbeat will re-evaluate the skill from
-scratch.
+Tracy will not re-quarantine it as long as \`${params.md5}.zip\` remains in
+the quarantine folder. If you delete the archive, the next heartbeat will
+re-evaluate the skill from scratch.
 
 ## How to report a false positive
 
@@ -18069,130 +18076,50 @@ Your report helps tune the scanner for everyone.
 // src/features/analysis/skill_quarantine/quarantineSkill.ts
 async function quarantineSkill(params) {
   const { skillPath, isFolder, md5, origName, verdict, log: log2 } = params;
-  const hashDir = getQuarantinedHashDir(md5);
-  if (existsSync2(hashDir)) {
+  const finalZip = getQuarantineZipPath(md5);
+  if (await exists(finalZip)) {
     log2.debug(
       { md5, metric: Metric.ALREADY_QUARANTINED },
-      "skill_quarantine: already quarantined, skipping"
+      "skill_quarantine: already quarantined"
     );
     return { status: "already_quarantined" };
   }
-  let isSymlink = false;
+  const tmpZip = getTmpZipPath(md5, randomUUID());
   try {
-    const lst = await lstat2(skillPath);
-    isSymlink = lst.isSymbolicLink();
-  } catch {
-  }
-  if (isSymlink) {
-    const stubContent2 = renderStub({
-      md5,
-      isFolder,
-      // Symlinks have no quarantine archive; note that in the stub.
-      quarantinedPath: `(symlink at ${skillPath} replaced \u2014 original content was not moved)`,
-      origPath: skillPath,
-      summary: verdict.summary,
-      scannerName: verdict.scannerName,
-      scannerVersion: verdict.scannerVersion,
-      scannedAt: verdict.scannedAt
-    });
-    try {
-      await mkdir(hashDir, { recursive: true });
-      if (isFolder) {
-        const tmpDir = `${skillPath}.__tracy_tmp__`;
-        await mkdir(tmpDir, { recursive: true });
-        await writeFile(path17.join(tmpDir, "SKILL.md"), stubContent2, "utf8");
-        await unlink(skillPath);
-        await rename(tmpDir, skillPath);
-      } else {
-        const tmpFile = `${skillPath}.__tracy_tmp__`;
-        await writeFile(tmpFile, stubContent2, "utf8");
-        await unlink(skillPath);
-        await rename(tmpFile, skillPath);
-      }
-    } catch (err) {
-      log2.error(
-        { err, md5, skillPath, metric: Metric.STUB_ERROR },
-        "skill_quarantine: symlink stub write failed"
-      );
-      return { status: "stub_error", err };
+    await mkdir(getQuarantineRoot(), { recursive: true });
+    const zip = new AdmZip4();
+    if (isFolder) {
+      await addFolderAsync(zip, skillPath, origName);
+    } else {
+      zip.addFile(origName, await readFile2(skillPath));
     }
-    await preRegisterStubMd5(skillPath, isFolder, log2);
-    log2.info(
-      {
-        md5,
-        verdict: verdict.verdict,
-        shape: isFolder ? "folder" : "standalone",
-        scanner: verdict.scannerName,
-        scannerVersion: verdict.scannerVersion,
-        metric: Metric.QUARANTINED
-      },
-      "skill_quarantine: quarantined (symlink)"
-    );
-    return { status: "quarantined" };
-  }
-  const stagingDir = getStagingDir(md5, process.pid, randomUUID());
-  const stagingTarget = path17.join(stagingDir, origName);
-  const finalTarget = getQuarantinedTargetPath(md5, origName);
-  try {
-    await mkdir(stagingDir, { recursive: true });
-  } catch (err) {
-    log2.error(
-      { err, md5, metric: Metric.MOVE_ERROR, phase: "stage" },
-      "skill_quarantine: failed to create staging dir"
-    );
-    return { status: "move_error", phase: "stage", err };
-  }
-  try {
-    await move(skillPath, stagingTarget);
+    await writeFile(tmpZip, zip.toBuffer());
   } catch (err) {
-    await tryRm(stagingDir);
+    await unlink(tmpZip).catch(ignoreErr);
     log2.error(
-      { err, md5, metric: Metric.MOVE_ERROR, phase: "stage" },
-      "skill_quarantine: phase-1 move failed"
+      { err, md5, metric: Metric.ZIP_ERROR },
+      "skill_quarantine: phase-1 zip write failed"
     );
-    return { status: "move_error", phase: "stage", err };
+    return { status: "zip_error", err };
   }
   try {
-    await rename(stagingDir, hashDir);
+    await writeStub(params);
   } catch (err) {
     log2.error(
-      {
-        err,
-        md5,
-        stagingDir,
-        metric: Metric.MOVE_ERROR,
-        phase: "publish"
-      },
-      "skill_quarantine: phase-2 publish failed; staging dir preserved for manual recovery"
+      { err, md5, skillPath, metric: Metric.STUB_ERROR },
+      "skill_quarantine: stub write failed; tmp zip preserved for reconcile"
     );
-    return { status: "move_error", phase: "publish", err };
+    return { status: "stub_error", err };
   }
-  const quarantinedPath = finalTarget;
-  const stubContent = renderStub({
-    md5,
-    isFolder,
-    quarantinedPath,
-    origPath: skillPath,
-    summary: verdict.summary,
-    scannerName: verdict.scannerName,
-    scannerVersion: verdict.scannerVersion,
-    scannedAt: verdict.scannedAt
-  });
   try {
-    if (isFolder) {
-      await mkdir(skillPath, { recursive: true });
-      await writeFile(path17.join(skillPath, "SKILL.md"), stubContent, "utf8");
-    } else {
-      await writeFile(skillPath, stubContent, "utf8");
-    }
+    await rename(tmpZip, finalZip);
   } catch (err) {
     log2.error(
-      { err, md5, skillPath, metric: Metric.STUB_ERROR },
-      "skill_quarantine: stub write failed; quarantine is still in place"
+      { err, md5, tmpZip, metric: Metric.PUBLISH_ERROR },
+      "skill_quarantine: phase-3 publish failed; reconcile will retry"
     );
-    return { status: "stub_error", err };
+    return { status: "publish_error", err };
   }
-  await preRegisterStubMd5(skillPath, isFolder, log2);
   log2.info(
     {
       md5,
@@ -18206,87 +18133,110 @@ async function quarantineSkill(params) {
   );
   return { status: "quarantined" };
 }
-async function preRegisterStubMd5(skillPath, isFolder, log2) {
-  try {
-    const stubEntries = await gatherStubEntries(skillPath, isFolder);
-    const stubGroup = {
-      name: path17.basename(skillPath).replace(/\.md$/i, ""),
-      root: "workspace",
-      skillPath,
-      files: stubEntries,
-      isFolder,
-      maxMtimeMs: Date.now(),
-      sessionKey: `quarantine-stub:${skillPath}`
-    };
-    const { skills } = await processContextFiles([], [stubGroup]);
-    if (skills.length === 0) return;
-    const stubMd5 = skills[0].md5;
-    await mkdir(getQuarantinedHashDir(stubMd5), { recursive: true });
-  } catch (err) {
-    log2.warn(
-      { err, skillPath },
-      "skill_quarantine: failed to pre-register stub md5"
-    );
+async function writeStub(params) {
+  const { skillPath, isFolder, md5, verdict } = params;
+  const stubContent = renderStub({
+    md5,
+    isFolder,
+    quarantinedZipPath: getQuarantineZipPath(md5),
+    origPath: skillPath,
+    summary: verdict.summary,
+    scannerName: verdict.scannerName,
+    scannerVersion: verdict.scannerVersion,
+    scannedAt: verdict.scannedAt
+  });
+  if (isFolder) {
+    await rm(skillPath, { recursive: true, force: true });
+    await mkdir(skillPath, { recursive: true });
+    await writeFile(path18.join(skillPath, "SKILL.md"), stubContent, "utf8");
+  } else {
+    await writeFile(skillPath, stubContent, "utf8");
   }
 }
-async function gatherStubEntries(skillPath, isFolder) {
-  const now = Date.now();
-  const target = isFolder ? path17.join(skillPath, "SKILL.md") : skillPath;
-  const [st, content] = await Promise.all([
-    stat2(target),
-    readFile2(target, "utf8")
-  ]);
-  return [
-    {
-      name: isFolder ? "SKILL.md" : path17.basename(skillPath),
-      path: target,
-      content,
-      sizeBytes: st.size,
-      category: "skill",
-      mtimeMs: now
-    }
-  ];
-}
-async function sweepOrphanStagingDirs(log2) {
+async function reconcileAndSweep(log2) {
   const root = getQuarantineRoot();
   let entries;
   try {
     entries = await readdir2(root);
   } catch (err) {
-    if (err.code === "ENOENT") return 0;
-    log2.warn({ err, root }, "skill_quarantine: orphan sweep readdir failed");
-    return 0;
+    if (err.code === "ENOENT") return;
+    log2.warn({ err, root }, "skill_quarantine: reconcile readdir failed");
+    return;
   }
+  const committed = new Set(
+    entries.map((e) => COMMITTED_ZIP_REGEX.exec(e)?.[1]).filter((m) => m !== void 0)
+  );
   const now = Date.now();
-  let swept = 0;
   for (const entry of entries) {
-    if (!STAGING_DIR_REGEX.test(entry)) continue;
-    const full = path17.join(root, entry);
-    let mtimeMs;
-    try {
-      mtimeMs = (await stat2(full)).mtimeMs;
-    } catch {
+    const md5 = TMP_ZIP_REGEX.exec(entry)?.[1];
+    if (md5 === void 0) continue;
+    const full = path18.join(root, entry);
+    if (committed.has(md5)) {
+      await unlink(full).catch(
+        (err) => log2.warn(
+          { err, path: full, md5 },
+          "skill_quarantine: redundant tmp unlink failed"
+        )
+      );
+      log2.info(
+        { path: full, md5, metric: Metric.SWEPT_REDUNDANT_TMP },
+        "skill_quarantine: swept redundant tmp"
+      );
       continue;
     }
-    if (now - mtimeMs < ORPHAN_SWEEP_GRACE_MS) continue;
+    let valid;
     try {
-      await rm(full, { recursive: true, force: true });
-      swept += 1;
-      log2.info(
-        { path: full, metric: Metric.ORPHAN_SWEPT },
-        "skill_quarantine: orphan swept"
-      );
-    } catch (err) {
-      log2.warn({ err, path: full }, "skill_quarantine: orphan sweep rm failed");
+      new AdmZip4(full).getEntries();
+      valid = true;
+    } catch {
+      valid = false;
+    }
+    if (valid) {
+      try {
+        await rename(full, getQuarantineZipPath(md5));
+        committed.add(md5);
+        log2.info(
+          { path: full, md5, metric: Metric.RECONCILED },
+          "skill_quarantine: reconciled tmp \u2192 published"
+        );
+      } catch (err) {
+        log2.warn(
+          { err, path: full, md5 },
+          "skill_quarantine: reconcile rename failed"
+        );
+      }
+      continue;
     }
+    const { mtimeMs } = await stat2(full).catch(() => ({ mtimeMs: now }));
+    if (now - mtimeMs < PARTIAL_SWEEP_GRACE_MS) continue;
+    await unlink(full).catch(
+      (err) => log2.warn({ err, path: full }, "skill_quarantine: partial unlink failed")
+    );
+    log2.info(
+      { path: full, metric: Metric.SWEPT_PARTIAL },
+      "skill_quarantine: swept broken tmp (partial write)"
+    );
   }
-  return swept;
 }
-async function tryRm(p) {
-  try {
-    await rm(p, { recursive: true, force: true });
-  } catch {
+function exists(p) {
+  return access(p).then(
+    () => true,
+    () => false
+  );
+}
+function ignoreErr() {
+}
+async function addFolderAsync(zip, root, prefix) {
+  async function walk(dir, relPrefix) {
+    const entries = await readdir2(dir, { withFileTypes: true });
+    for (const e of entries) {
+      const full = path18.join(dir, e.name);
+      const rel = path18.posix.join(relPrefix, e.name);
+      if (e.isDirectory()) await walk(full, rel);
+      else if (e.isFile()) zip.addFile(rel, await readFile2(full));
+    }
   }
+  await walk(root, prefix);
 }
 
 // src/features/analysis/skill_quarantine/queryVerdicts.ts
@@ -18344,7 +18294,7 @@ async function runQuarantineCheckIfNeeded(opts) {
   );
   const t0 = Date.now();
   try {
-    await sweepOrphanStagingDirs(log2);
+    await reconcileAndSweep(log2);
     const installed = await enumerateInstalledSkills(cwd);
     log2.info(
       { sessionId, count: installed.length, metric: Metric.SKILLS_CHECKED },
@@ -18394,7 +18344,7 @@ async function runQuarantineCheckIfNeeded(opts) {
 // src/features/claude_code/daemon_pid_file.ts
 import fs13 from "fs";
 import os4 from "os";
-import path18 from "path";
+import path19 from "path";
 
 // src/features/claude_code/data_collector_constants.ts
 var CC_VERSION_CACHE_KEY = "claudeCode.detectedCCVersion";
@@ -18415,17 +18365,17 @@ var CONTEXT_SCAN_INTERVAL_MS = 5e3;
 
 // src/features/claude_code/daemon_pid_file.ts
 function getMobbdevDir() {
-  return path18.join(os4.homedir(), ".mobbdev");
+  return path19.join(os4.homedir(), ".mobbdev");
 }
 function getDaemonCheckScriptPath() {
-  return path18.join(getMobbdevDir(), "daemon-check.js");
+  return path19.join(getMobbdevDir(), "daemon-check.js");
 }
 var DaemonPidFile = class {
   constructor() {
     __publicField(this, "data", null);
   }
   get filePath() {
-    return path18.join(getMobbdevDir(), "daemon.pid");
+    return path19.join(getMobbdevDir(), "daemon.pid");
   }
   /** Ensure ~/.mobbdev/ directory exists. */
   ensureDir() {
@@ -18487,8 +18437,8 @@ var DaemonPidFile = class {
 // src/features/claude_code/data_collector.ts
 import { execFile } from "child_process";
 import { createHash as createHash3 } from "crypto";
-import { access, open as open4, readdir as readdir3, readFile as readFile3, unlink as unlink2 } from "fs/promises";
-import path19 from "path";
+import { access as access2, open as open4, readdir as readdir3, readFile as readFile3, unlink as unlink2 } from "fs/promises";
+import path20 from "path";
 import { promisify } from "util";
 
 // src/features/analysis/context_file_uploader.ts
@@ -18753,8 +18703,8 @@ function createConfigstoreStream(store, opts) {
       heartbeatBuffer.length = 0;
     }
   }
-  function setScopePath(path35) {
-    scopePath = path35;
+  function setScopePath(path36) {
+    scopePath = path36;
   }
   return { writable, flush, setScopePath };
 }
@@ -18978,7 +18928,7 @@ function createLogger(config2) {
 
 // src/features/claude_code/hook_logger.ts
 var DD_RUM_TOKEN = true ? "pubf59c0182545bfb4c299175119f1abf9b" : "";
-var CLI_VERSION = true ? "1.4.1" : "unknown";
+var CLI_VERSION = true ? "1.4.2" : "unknown";
 var NAMESPACE = "mobbdev-claude-code-hook-logs";
 var claudeCodeVersion;
 function buildDdTags() {
@@ -19065,18 +19015,18 @@ function getCursorKey(transcriptPath) {
 }
 async function resolveTranscriptPath(transcriptPath, sessionId) {
   try {
-    await access(transcriptPath);
+    await access2(transcriptPath);
     return transcriptPath;
   } catch {
   }
-  const filename = path19.basename(transcriptPath);
-  const dirName = path19.basename(path19.dirname(transcriptPath));
-  const projectsDir = path19.dirname(path19.dirname(transcriptPath));
+  const filename = path20.basename(transcriptPath);
+  const dirName = path20.basename(path20.dirname(transcriptPath));
+  const projectsDir = path20.dirname(path20.dirname(transcriptPath));
   const baseDirName = dirName.replace(/[-.]claude-worktrees-.+$/, "");
   if (baseDirName !== dirName) {
-    const candidate = path19.join(projectsDir, baseDirName, filename);
+    const candidate = path20.join(projectsDir, baseDirName, filename);
     try {
-      await access(candidate);
+      await access2(candidate);
       hookLog.info(
         {
           data: {
@@ -19096,9 +19046,9 @@ async function resolveTranscriptPath(transcriptPath, sessionId) {
     const dirs = await readdir3(projectsDir);
     for (const dir of dirs) {
       if (dir === dirName) continue;
-      const candidate = path19.join(projectsDir, dir, filename);
+      const candidate = path20.join(projectsDir, dir, filename);
       try {
-        await access(candidate);
+        await access2(candidate);
         hookLog.info(
           {
             data: {
@@ -19281,7 +19231,7 @@ async function cleanupStaleSessions(configDir) {
     let deletedCount = 0;
     for (const file of files) {
       if (!file.startsWith(prefix) || !file.endsWith(".json")) continue;
-      const filePath = path19.join(configDir, file);
+      const filePath = path20.join(configDir, file);
       try {
         const content = JSON.parse(await readFile3(filePath, "utf-8"));
         let newest = 0;
@@ -19519,14 +19469,14 @@ async function uploadContextFilesIfNeeded(sessionId, cwd, gqlClient, log2) {
 import fs14 from "fs";
 import fsPromises4 from "fs/promises";
 import os6 from "os";
-import path20 from "path";
+import path21 from "path";
 import chalk11 from "chalk";
 
 // src/features/claude_code/daemon-check-shim.tmpl.js
 var daemon_check_shim_tmpl_default = "// Mobb daemon shim \u2014 checks if daemon is alive, spawns if dead.\n// Auto-generated by mobbdev CLI. Do not edit.\nvar fs = require('fs')\nvar spawn = require('child_process').spawn\nvar path = require('path')\nvar os = require('os')\n\nvar pidFile = path.join(os.homedir(), '.mobbdev', 'daemon.pid')\nvar HEARTBEAT_STALE_MS = __HEARTBEAT_STALE_MS__\n\ntry {\n  var data = JSON.parse(fs.readFileSync(pidFile, 'utf8'))\n  if (Date.now() - data.heartbeat > HEARTBEAT_STALE_MS) throw new Error('stale')\n  process.kill(data.pid, 0) // throws ESRCH if the process is gone\n} catch (e) {\n  var localCli = process.env.MOBBDEV_LOCAL_CLI\n  var child = localCli\n    ? spawn('node', [localCli, 'claude-code-daemon'], { detached: true, stdio: 'ignore', windowsHide: true })\n    : spawn('npx', ['--yes', 'mobbdev@latest', 'claude-code-daemon'], { detached: true, stdio: 'ignore', shell: true, windowsHide: true })\n  child.unref()\n}\n";
 
 // src/features/claude_code/install_hook.ts
-var CLAUDE_SETTINGS_PATH = path20.join(os6.homedir(), ".claude", "settings.json");
+var CLAUDE_SETTINGS_PATH = path21.join(os6.homedir(), ".claude", "settings.json");
 var RECOMMENDED_MATCHER = "*";
 async function claudeSettingsExists() {
   try {
@@ -19674,16 +19624,16 @@ async function installMobbHooks(options = {}) {
 // src/features/claude_code/transcript_scanner.ts
 import { open as open5, readdir as readdir4, stat as stat3 } from "fs/promises";
 import os7 from "os";
-import path21 from "path";
+import path22 from "path";
 var UUID_RE = /^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$/i;
 function getClaudeProjectsDirs() {
   const dirs = [];
   const configDir = process.env["CLAUDE_CONFIG_DIR"];
   if (configDir) {
-    dirs.push(path21.join(configDir, "projects"));
+    dirs.push(path22.join(configDir, "projects"));
   }
-  dirs.push(path21.join(os7.homedir(), ".config", "claude", "projects"));
-  dirs.push(path21.join(os7.homedir(), ".claude", "projects"));
+  dirs.push(path22.join(os7.homedir(), ".config", "claude", "projects"));
+  dirs.push(path22.join(os7.homedir(), ".claude", "projects"));
   return dirs;
 }
 async function collectJsonlFiles(files, dir, projectDir, seen, now, results) {
@@ -19691,7 +19641,7 @@ async function collectJsonlFiles(files, dir, projectDir, seen, now, results) {
     if (!file.endsWith(".jsonl")) continue;
     const sessionId = file.replace(".jsonl", "");
     if (!UUID_RE.test(sessionId)) continue;
-    const filePath = path21.join(dir, file);
+    const filePath = path22.join(dir, file);
     if (seen.has(filePath)) continue;
     seen.add(filePath);
     let fileStat;
@@ -19722,7 +19672,7 @@ async function scanForTranscripts(projectsDirs = getClaudeProjectsDirs()) {
       continue;
     }
     for (const projName of projectDirs) {
-      const projPath = path21.join(projectsDir, projName);
+      const projPath = path22.join(projectsDir, projName);
       let projStat;
       try {
         projStat = await stat3(projPath);
@@ -19739,7 +19689,7 @@ async function scanForTranscripts(projectsDirs = getClaudeProjectsDirs()) {
       await collectJsonlFiles(files, projPath, projPath, seen, now, results);
       for (const entry of files) {
         if (!UUID_RE.test(entry)) continue;
-        const subagentsDir = path21.join(projPath, entry, "subagents");
+        const subagentsDir = path22.join(projPath, entry, "subagents");
         try {
           const s = await stat3(subagentsDir);
           if (!s.isDirectory()) continue;
@@ -19842,7 +19792,7 @@ async function startDaemon() {
       for (const transcript of changed) {
         const sessionStore = createSessionConfigStore(transcript.sessionId);
         if (!cleanupConfigDir) {
-          cleanupConfigDir = path22.dirname(sessionStore.path);
+          cleanupConfigDir = path23.dirname(sessionStore.path);
         }
         await drainTranscript(
           transcript,
@@ -20139,8 +20089,8 @@ var WorkspaceService = class {
    * Sets a known workspace path that was discovered through successful validation
    * @param path The validated workspace path to store
    */
-  static setKnownWorkspacePath(path35) {
-    this.knownWorkspacePath = path35;
+  static setKnownWorkspacePath(path36) {
+    this.knownWorkspacePath = path36;
   }
   /**
    * Gets the known workspace path that was previously validated
@@ -21001,7 +20951,7 @@ async function createAuthenticatedMcpGQLClient({
 import { execSync as execSync2 } from "child_process";
 import fs15 from "fs";
 import os8 from "os";
-import path23 from "path";
+import path24 from "path";
 var IDEs = ["cursor", "windsurf", "webstorm", "vscode", "claude"];
 var runCommand = (cmd) => {
   try {
@@ -21016,7 +20966,7 @@ var gitInfo = {
 };
 var getClaudeWorkspacePaths = () => {
   const home = os8.homedir();
-  const claudeIdePath = path23.join(home, ".claude", "ide");
+  const claudeIdePath = path24.join(home, ".claude", "ide");
   const workspacePaths = [];
   if (!fs15.existsSync(claudeIdePath)) {
     return workspacePaths;
@@ -21024,7 +20974,7 @@ var getClaudeWorkspacePaths = () => {
   try {
     const lockFiles = fs15.readdirSync(claudeIdePath).filter((file) => file.endsWith(".lock"));
     for (const lockFile of lockFiles) {
-      const lockFilePath = path23.join(claudeIdePath, lockFile);
+      const lockFilePath = path24.join(claudeIdePath, lockFile);
       try {
         const lockContent = JSON.parse(fs15.readFileSync(lockFilePath, "utf8"));
         if (lockContent.workspaceFolders && Array.isArray(lockContent.workspaceFolders)) {
@@ -21049,24 +20999,24 @@ var getMCPConfigPaths = (hostName) => {
   switch (hostName.toLowerCase()) {
     case "cursor":
       return [
-        path23.join(currentDir, ".cursor", "mcp.json"),
+        path24.join(currentDir, ".cursor", "mcp.json"),
         // local first
-        path23.join(home, ".cursor", "mcp.json")
+        path24.join(home, ".cursor", "mcp.json")
       ];
     case "windsurf":
       return [
-        path23.join(currentDir, ".codeium", "mcp_config.json"),
+        path24.join(currentDir, ".codeium", "mcp_config.json"),
         // local first
-        path23.join(home, ".codeium", "windsurf", "mcp_config.json")
+        path24.join(home, ".codeium", "windsurf", "mcp_config.json")
       ];
     case "webstorm":
       return [];
     case "visualstudiocode":
     case "vscode":
       return [
-        path23.join(currentDir, ".vscode", "mcp.json"),
+        path24.join(currentDir, ".vscode", "mcp.json"),
         // local first
-        process.platform === "win32" ? path23.join(home, "AppData", "Roaming", "Code", "User", "mcp.json") : path23.join(
+        process.platform === "win32" ? path24.join(home, "AppData", "Roaming", "Code", "User", "mcp.json") : path24.join(
           home,
           "Library",
           "Application Support",
@@ -21077,13 +21027,13 @@ var getMCPConfigPaths = (hostName) => {
       ];
     case "claude": {
       const claudePaths = [
-        path23.join(currentDir, ".claude.json"),
+        path24.join(currentDir, ".claude.json"),
         // local first
-        path23.join(home, ".claude.json")
+        path24.join(home, ".claude.json")
       ];
       const workspacePaths = getClaudeWorkspacePaths();
       for (const workspacePath of workspacePaths) {
-        claudePaths.push(path23.join(workspacePath, ".mcp.json"));
+        claudePaths.push(path24.join(workspacePath, ".mcp.json"));
       }
       return claudePaths;
     }
@@ -21244,10 +21194,10 @@ var getHostInfo = (additionalMcpList) => {
   const ideConfigPaths = /* @__PURE__ */ new Set();
   for (const ide of IDEs) {
     const configPaths = getMCPConfigPaths(ide);
-    configPaths.forEach((path35) => ideConfigPaths.add(path35));
+    configPaths.forEach((path36) => ideConfigPaths.add(path36));
   }
   const uniqueAdditionalPaths = additionalMcpList.filter(
-    (path35) => !ideConfigPaths.has(path35)
+    (path36) => !ideConfigPaths.has(path36)
   );
   for (const ide of IDEs) {
     const cfg = readMCPConfig(ide);
@@ -21369,7 +21319,7 @@ init_configs();
 init_configs();
 import fs16 from "fs";
 import os9 from "os";
-import path24 from "path";
+import path25 from "path";
 var MAX_DEPTH = 2;
 var patterns = ["mcp", "claude"];
 var isFileMatch = (fileName) => {
@@ -21389,7 +21339,7 @@ var searchDir = async (dir, depth = 0) => {
   if (depth > MAX_DEPTH) return results;
   const entries = await fs16.promises.readdir(dir, { withFileTypes: true }).catch(() => []);
   for (const entry of entries) {
-    const fullPath = path24.join(dir, entry.name);
+    const fullPath = path25.join(dir, entry.name);
     if (entry.isFile() && isFileMatch(entry.name)) {
       results.push(fullPath);
     } else if (entry.isDirectory()) {
@@ -21406,14 +21356,14 @@ var findSystemMCPConfigs = async () => {
     const home = os9.homedir();
     const platform2 = os9.platform();
     const knownDirs = platform2 === "win32" ? [
-      path24.join(home, ".cursor"),
-      path24.join(home, "Documents"),
-      path24.join(home, "Downloads")
+      path25.join(home, ".cursor"),
+      path25.join(home, "Documents"),
+      path25.join(home, "Downloads")
     ] : [
-      path24.join(home, ".cursor"),
-      process.env["XDG_CONFIG_HOME"] || path24.join(home, ".config"),
-      path24.join(home, "Documents"),
-      path24.join(home, "Downloads")
+      path25.join(home, ".cursor"),
+      process.env["XDG_CONFIG_HOME"] || path25.join(home, ".config"),
+      path25.join(home, "Documents"),
+      path25.join(home, "Downloads")
     ];
     const timeoutPromise = new Promise(
       (resolve) => setTimeout(() => {
@@ -23829,13 +23779,13 @@ For a complete security audit workflow, use the \`full-security-audit\` prompt.
 // src/mcp/services/McpDetectionService/CursorMcpDetectionService.ts
 import * as fs19 from "fs";
 import * as os12 from "os";
-import * as path26 from "path";
+import * as path27 from "path";
 
 // src/mcp/services/McpDetectionService/BaseMcpDetectionService.ts
 init_configs();
 import * as fs18 from "fs";
 import fetch7 from "node-fetch";
-import * as path25 from "path";
+import * as path26 from "path";
 
 // src/mcp/services/McpDetectionService/McpDetectionServiceUtils.ts
 import * as fs17 from "fs";
@@ -23844,14 +23794,14 @@ import * as os11 from "os";
 // src/mcp/services/McpDetectionService/VscodeMcpDetectionService.ts
 import * as fs20 from "fs";
 import * as os13 from "os";
-import * as path27 from "path";
+import * as path28 from "path";
 
 // src/mcp/tools/checkForNewAvailableFixes/CheckForNewAvailableFixesTool.ts
 import { z as z42 } from "zod";
 
 // src/mcp/services/PathValidation.ts
 import fs21 from "fs";
-import path28 from "path";
+import path29 from "path";
 async function validatePath(inputPath) {
   logDebug("Validating MCP path", { inputPath });
   if (/^\/[a-zA-Z]:\//.test(inputPath)) {
@@ -23883,7 +23833,7 @@ async function validatePath(inputPath) {
     logError(error);
     return { isValid: false, error, path: inputPath };
   }
-  const normalizedPath = path28.normalize(inputPath);
+  const normalizedPath = path29.normalize(inputPath);
   if (normalizedPath.includes("..")) {
     const error = `Normalized path contains path traversal patterns: ${inputPath}`;
     logError(error);
@@ -24535,7 +24485,7 @@ init_configs();
 import fs22 from "fs/promises";
 import nodePath from "path";
 var getLocalFiles = async ({
-  path: path35,
+  path: path36,
   maxFileSize = MCP_MAX_FILE_SIZE,
   maxFiles,
   isAllFilesScan,
@@ -24543,17 +24493,17 @@ var getLocalFiles = async ({
   scanRecentlyChangedFiles
 }) => {
   logDebug(`[${scanContext}] Starting getLocalFiles`, {
-    path: path35,
+    path: path36,
     maxFileSize,
     maxFiles,
     isAllFilesScan,
     scanRecentlyChangedFiles
   });
   try {
-    const resolvedRepoPath = await fs22.realpath(path35);
+    const resolvedRepoPath = await fs22.realpath(path36);
     logDebug(`[${scanContext}] Resolved repository path`, {
       resolvedRepoPath,
-      originalPath: path35
+      originalPath: path36
     });
     const gitService = new GitService(resolvedRepoPath, log);
     const gitValidation = await gitService.validateRepository();
@@ -24566,7 +24516,7 @@ var getLocalFiles = async ({
     if (!gitValidation.isValid || isAllFilesScan) {
       try {
         files = await FileUtils.getLastChangedFiles({
-          dir: path35,
+          dir: path36,
           maxFileSize,
           maxFiles,
           isAllFilesScan
@@ -24658,7 +24608,7 @@ var getLocalFiles = async ({
     logError(`${scanContext}Unexpected error in getLocalFiles`, {
       error: error instanceof Error ? error.message : String(error),
       stack: error instanceof Error ? error.stack : void 0,
-      path: path35
+      path: path36
     });
     throw error;
   }
@@ -24668,7 +24618,7 @@ var getLocalFiles = async ({
 init_client_generates();
 init_GitService();
 import fs23 from "fs";
-import path29 from "path";
+import path30 from "path";
 import { z as z41 } from "zod";
 function extractPathFromPatch(patch) {
   const match = patch?.match(/diff --git a\/([^\s]+) b\//);
@@ -24754,7 +24704,7 @@ var LocalMobbFolderService = class {
           "[LocalMobbFolderService] Non-git repository detected, skipping .gitignore operations"
         );
       }
-      const mobbFolderPath = path29.join(
+      const mobbFolderPath = path30.join(
         this.repoPath,
         this.defaultMobbFolderName
       );
@@ -24926,7 +24876,7 @@ var LocalMobbFolderService = class {
         mobbFolderPath,
         baseFileName
       );
-      const filePath = path29.join(mobbFolderPath, uniqueFileName);
+      const filePath = path30.join(mobbFolderPath, uniqueFileName);
       await fs23.promises.writeFile(filePath, patch, "utf8");
       logInfo("[LocalMobbFolderService] Patch saved successfully", {
         filePath,
@@ -24984,11 +24934,11 @@ var LocalMobbFolderService = class {
    * @returns Unique filename that doesn't conflict with existing files
    */
   getUniqueFileName(folderPath, baseFileName) {
-    const baseName = path29.parse(baseFileName).name;
-    const extension = path29.parse(baseFileName).ext;
+    const baseName = path30.parse(baseFileName).name;
+    const extension = path30.parse(baseFileName).ext;
     let uniqueFileName = baseFileName;
     let index = 1;
-    while (fs23.existsSync(path29.join(folderPath, uniqueFileName))) {
+    while (fs23.existsSync(path30.join(folderPath, uniqueFileName))) {
       uniqueFileName = `${baseName}-${index}${extension}`;
       index++;
       if (index > 1e3) {
@@ -25019,7 +24969,7 @@ var LocalMobbFolderService = class {
     logDebug("[LocalMobbFolderService] Logging patch info", { fixId: fix.id });
     try {
       const mobbFolderPath = await this.getFolder();
-      const patchInfoPath = path29.join(mobbFolderPath, "patchInfo.md");
+      const patchInfoPath = path30.join(mobbFolderPath, "patchInfo.md");
       const markdownContent = this.generateFixMarkdown(fix, savedPatchFileName);
       let existingContent = "";
       if (fs23.existsSync(patchInfoPath)) {
@@ -25061,7 +25011,7 @@ var LocalMobbFolderService = class {
     const timestamp = (/* @__PURE__ */ new Date()).toISOString();
     const patch = this.extractPatchFromFix(fix);
     const relativePatchedFilePath = patch ? extractPathFromPatch(patch) : null;
-    const patchedFilePath = relativePatchedFilePath ? path29.resolve(this.repoPath, relativePatchedFilePath) : null;
+    const patchedFilePath = relativePatchedFilePath ? path30.resolve(this.repoPath, relativePatchedFilePath) : null;
     const fixIdentifier = savedPatchFileName ? savedPatchFileName.replace(".patch", "") : fix.id;
     let markdown = `# Fix ${fixIdentifier}
 
@@ -25397,7 +25347,7 @@ var LocalMobbFolderService = class {
 // src/mcp/services/PatchApplicationService.ts
 init_configs();
 import {
-  existsSync as existsSync7,
+  existsSync as existsSync6,
   mkdirSync,
   readFileSync as readFileSync4,
   unlinkSync,
@@ -25405,14 +25355,14 @@ import {
 } from "fs";
 import fs24 from "fs/promises";
 import parseDiff2 from "parse-diff";
-import path30 from "path";
+import path31 from "path";
 var PatchApplicationService = class {
   /**
    * Gets the appropriate comment syntax for a file based on its extension
    */
   static getCommentSyntax(filePath) {
-    const ext = path30.extname(filePath).toLowerCase();
-    const basename2 = path30.basename(filePath);
+    const ext = path31.extname(filePath).toLowerCase();
+    const basename2 = path31.basename(filePath);
     const commentMap = {
       // C-style languages (single line comments)
       ".js": "//",
@@ -25620,7 +25570,7 @@ var PatchApplicationService = class {
         }
       );
     }
-    const dirPath = path30.dirname(normalizedFilePath);
+    const dirPath = path31.dirname(normalizedFilePath);
     mkdirSync(dirPath, { recursive: true });
     writeFileSync3(normalizedFilePath, finalContent, "utf8");
     return normalizedFilePath;
@@ -25629,9 +25579,9 @@ var PatchApplicationService = class {
     repositoryPath,
     targetPath
   }) {
-    const repoRoot = path30.resolve(repositoryPath);
-    const normalizedPath = path30.resolve(repoRoot, targetPath);
-    const repoRootWithSep = repoRoot.endsWith(path30.sep) ? repoRoot : `${repoRoot}${path30.sep}`;
+    const repoRoot = path31.resolve(repositoryPath);
+    const normalizedPath = path31.resolve(repoRoot, targetPath);
+    const repoRootWithSep = repoRoot.endsWith(path31.sep) ? repoRoot : `${repoRoot}${path31.sep}`;
     if (normalizedPath !== repoRoot && !normalizedPath.startsWith(repoRootWithSep)) {
       throw new Error(
         `Security violation: target path ${targetPath} resolves outside repository`
@@ -25640,7 +25590,7 @@ var PatchApplicationService = class {
     return {
       repoRoot,
       normalizedPath,
-      relativePath: path30.relative(repoRoot, normalizedPath)
+      relativePath: path31.relative(repoRoot, normalizedPath)
     };
   }
   /**
@@ -25922,8 +25872,8 @@ var PatchApplicationService = class {
         continue;
       }
       try {
-        const absolutePath = path30.resolve(repositoryPath, targetFile);
-        if (existsSync7(absolutePath)) {
+        const absolutePath = path31.resolve(repositoryPath, targetFile);
+        if (existsSync6(absolutePath)) {
           const stats = await fs24.stat(absolutePath);
           const fileModTime = stats.mtime.getTime();
           if (fileModTime > scanStartTime) {
@@ -26124,7 +26074,7 @@ var PatchApplicationService = class {
       targetFile,
       absoluteFilePath,
       relativePath,
-      exists: existsSync7(absoluteFilePath)
+      exists: existsSync6(absoluteFilePath)
     });
     return { absoluteFilePath, relativePath };
   }
@@ -26148,7 +26098,7 @@ var PatchApplicationService = class {
       fix,
       scanContext
     });
-    appliedFiles.push(path30.relative(repositoryPath, actualPath));
+    appliedFiles.push(path31.relative(repositoryPath, actualPath));
     logDebug(`[${scanContext}] Created new file: ${relativePath}`);
   }
   /**
@@ -26160,7 +26110,7 @@ var PatchApplicationService = class {
     appliedFiles,
     scanContext
   }) {
-    if (existsSync7(absoluteFilePath)) {
+    if (existsSync6(absoluteFilePath)) {
       unlinkSync(absoluteFilePath);
       appliedFiles.push(relativePath);
       logDebug(`[${scanContext}] Deleted file: ${relativePath}`);
@@ -26179,7 +26129,7 @@ var PatchApplicationService = class {
     appliedFiles,
     scanContext
   }) {
-    if (!existsSync7(absoluteFilePath)) {
+    if (!existsSync6(absoluteFilePath)) {
       throw new Error(
         `Target file does not exist: ${targetFile} (resolved to: ${absoluteFilePath})`
       );
@@ -26197,7 +26147,7 @@ var PatchApplicationService = class {
         fix,
         scanContext
       });
-      appliedFiles.push(path30.relative(repositoryPath, actualPath));
+      appliedFiles.push(path31.relative(repositoryPath, actualPath));
       logDebug(`[${scanContext}] Modified file: ${relativePath}`);
     }
   }
@@ -26394,8 +26344,8 @@ init_configs();
 // src/mcp/services/FileOperations.ts
 init_FileUtils();
 import fs25 from "fs";
-import path31 from "path";
-import AdmZip4 from "adm-zip";
+import path32 from "path";
+import AdmZip5 from "adm-zip";
 var FileOperations = class {
   /**
    * Creates a ZIP archive containing the specified source files
@@ -26410,14 +26360,14 @@ var FileOperations = class {
     maxFileSize
   }) {
     logDebug("[FileOperations] Packing files");
-    const zip = new AdmZip4();
+    const zip = new AdmZip5();
     let packedFilesCount = 0;
     const packedFiles = [];
     const excludedFiles = [];
-    const resolvedRepoPath = path31.resolve(repositoryPath);
+    const resolvedRepoPath = path32.resolve(repositoryPath);
     for (const filepath of fileList) {
-      const absoluteFilepath = path31.join(repositoryPath, filepath);
-      const resolvedFilePath = path31.resolve(absoluteFilepath);
+      const absoluteFilepath = path32.join(repositoryPath, filepath);
+      const resolvedFilePath = path32.resolve(absoluteFilepath);
       if (!resolvedFilePath.startsWith(resolvedRepoPath)) {
         const reason = "potential path traversal security risk";
         logDebug(`[FileOperations] Skipping ${filepath} due to ${reason}`);
@@ -26464,11 +26414,11 @@ var FileOperations = class {
     fileList,
     repositoryPath
   }) {
-    const resolvedRepoPath = path31.resolve(repositoryPath);
+    const resolvedRepoPath = path32.resolve(repositoryPath);
     const validatedPaths = [];
     for (const filepath of fileList) {
-      const absoluteFilepath = path31.join(repositoryPath, filepath);
-      const resolvedFilePath = path31.resolve(absoluteFilepath);
+      const absoluteFilepath = path32.join(repositoryPath, filepath);
+      const resolvedFilePath = path32.resolve(absoluteFilepath);
       if (!resolvedFilePath.startsWith(resolvedRepoPath)) {
         logDebug(
           `[FileOperations] Rejecting ${filepath} - path traversal attempt detected`
@@ -26496,7 +26446,7 @@ var FileOperations = class {
     for (const absolutePath of filePaths) {
       try {
         const content = await fs25.promises.readFile(absolutePath);
-        const relativePath = path31.basename(absolutePath);
+        const relativePath = path32.basename(absolutePath);
         fileDataArray.push({
           relativePath,
           absolutePath,
@@ -26808,14 +26758,14 @@ var _CheckForNewAvailableFixesService = class _CheckForNewAvailableFixesService
    * since the last scan.
    */
   async scanForSecurityVulnerabilities({
-    path: path35,
+    path: path36,
     isAllDetectionRulesScan,
     isAllFilesScan,
     scanContext
   }) {
     this.hasAuthenticationFailed = false;
     logDebug(`[${scanContext}] Scanning for new security vulnerabilities`, {
-      path: path35
+      path: path36
     });
     if (!this.gqlClient) {
       logInfo(`[${scanContext}] No GQL client found, skipping scan`);
@@ -26831,11 +26781,11 @@ var _CheckForNewAvailableFixesService = class _CheckForNewAvailableFixesService
       }
       logDebug(
         `[${scanContext}] Connected to the API, assembling list of files to scan`,
-        { path: path35 }
+        { path: path36 }
       );
       const isBackgroundScan = scanContext === ScanContext.BACKGROUND_INITIAL || scanContext === ScanContext.BACKGROUND_PERIODIC;
       const files = await getLocalFiles({
-        path: path35,
+        path: path36,
         isAllFilesScan,
         scanContext,
         scanRecentlyChangedFiles: !isBackgroundScan
@@ -26861,13 +26811,13 @@ var _CheckForNewAvailableFixesService = class _CheckForNewAvailableFixesService
       });
       const { fixReportId, projectId } = await scanFiles({
         fileList: filesToScan.map((file) => file.relativePath),
-        repositoryPath: path35,
+        repositoryPath: path36,
         gqlClient: this.gqlClient,
         isAllDetectionRulesScan,
         scanContext
       });
       logInfo(
-        `[${scanContext}] Security scan completed for ${path35} reportId: ${fixReportId} projectId: ${projectId}`
+        `[${scanContext}] Security scan completed for ${path36} reportId: ${fixReportId} projectId: ${projectId}`
       );
       if (isAllFilesScan) {
         return;
@@ -27161,13 +27111,13 @@ var _CheckForNewAvailableFixesService = class _CheckForNewAvailableFixesService
     });
     return scannedFiles.some((file) => file.relativePath === fixFile);
   }
-  async getFreshFixes({ path: path35 }) {
+  async getFreshFixes({ path: path36 }) {
     const scanContext = ScanContext.USER_REQUEST;
-    logDebug(`[${scanContext}] Getting fresh fixes`, { path: path35 });
-    if (this.path !== path35) {
-      this.path = path35;
+    logDebug(`[${scanContext}] Getting fresh fixes`, { path: path36 });
+    if (this.path !== path36) {
+      this.path = path36;
       this.reset();
-      logInfo(`[${scanContext}] Reset service state for new path`, { path: path35 });
+      logInfo(`[${scanContext}] Reset service state for new path`, { path: path36 });
     }
     try {
       const loginContext = createMcpLoginContext("check_new_fixes");
@@ -27186,7 +27136,7 @@ var _CheckForNewAvailableFixesService = class _CheckForNewAvailableFixesService
       }
       throw error;
     }
-    this.triggerScan({ path: path35, gqlClient: this.gqlClient });
+    this.triggerScan({ path: path36, gqlClient: this.gqlClient });
     let isMvsAutoFixEnabled = null;
     try {
       isMvsAutoFixEnabled = await this.gqlClient.getMvsAutoFixSettings();
@@ -27220,33 +27170,33 @@ var _CheckForNewAvailableFixesService = class _CheckForNewAvailableFixesService
     return noFreshFixesPrompt;
   }
   triggerScan({
-    path: path35,
+    path: path36,
     gqlClient
   }) {
-    if (this.path !== path35) {
-      this.path = path35;
+    if (this.path !== path36) {
+      this.path = path36;
       this.reset();
-      logInfo(`Reset service state for new path in triggerScan`, { path: path35 });
+      logInfo(`Reset service state for new path in triggerScan`, { path: path36 });
     }
     this.gqlClient = gqlClient;
     if (!this.intervalId) {
-      this.startPeriodicScanning(path35);
-      this.executeInitialScan(path35);
-      void this.executeInitialFullScan(path35);
+      this.startPeriodicScanning(path36);
+      this.executeInitialScan(path36);
+      void this.executeInitialFullScan(path36);
     }
   }
-  startPeriodicScanning(path35) {
+  startPeriodicScanning(path36) {
     const scanContext = ScanContext.BACKGROUND_PERIODIC;
     logDebug(
       `[${scanContext}] Starting periodic scan for new security vulnerabilities`,
       {
-        path: path35
+        path: path36
       }
     );
     this.intervalId = setInterval(() => {
-      logDebug(`[${scanContext}] Triggering periodic security scan`, { path: path35 });
+      logDebug(`[${scanContext}] Triggering periodic security scan`, { path: path36 });
       this.scanForSecurityVulnerabilities({
-        path: path35,
+        path: path36,
         scanContext
       }).catch((error) => {
         logError(`[${scanContext}] Error during periodic security scan`, {
@@ -27255,45 +27205,45 @@ var _CheckForNewAvailableFixesService = class _CheckForNewAvailableFixesService
       });
     }, MCP_PERIODIC_CHECK_INTERVAL);
   }
-  async executeInitialFullScan(path35) {
+  async executeInitialFullScan(path36) {
     const scanContext = ScanContext.FULL_SCAN;
-    logDebug(`[${scanContext}] Triggering initial full security scan`, { path: path35 });
+    logDebug(`[${scanContext}] Triggering initial full security scan`, { path: path36 });
     logDebug(`[${scanContext}] Full scan paths scanned`, {
       fullScanPathsScanned: this.fullScanPathsScanned
     });
-    if (this.fullScanPathsScanned.includes(path35)) {
+    if (this.fullScanPathsScanned.includes(path36)) {
       logDebug(`[${scanContext}] Full scan already executed for this path`, {
-        path: path35
+        path: path36
       });
       return;
     }
     configStore.set("fullScanPathsScanned", [
       ...this.fullScanPathsScanned,
-      path35
+      path36
     ]);
     try {
       await this.scanForSecurityVulnerabilities({
-        path: path35,
+        path: path36,
         isAllFilesScan: true,
         isAllDetectionRulesScan: true,
         scanContext: ScanContext.FULL_SCAN
       });
-      if (!this.fullScanPathsScanned.includes(path35)) {
-        this.fullScanPathsScanned.push(path35);
+      if (!this.fullScanPathsScanned.includes(path36)) {
+        this.fullScanPathsScanned.push(path36);
         configStore.set("fullScanPathsScanned", this.fullScanPathsScanned);
       }
-      logInfo(`[${scanContext}] Full scan completed`, { path: path35 });
+      logInfo(`[${scanContext}] Full scan completed`, { path: path36 });
     } catch (error) {
       logError(`[${scanContext}] Error during initial full security scan`, {
         error
       });
     }
   }
-  executeInitialScan(path35) {
+  executeInitialScan(path36) {
     const scanContext = ScanContext.BACKGROUND_INITIAL;
-    logDebug(`[${scanContext}] Triggering initial security scan`, { path: path35 });
+    logDebug(`[${scanContext}] Triggering initial security scan`, { path: path36 });
     this.scanForSecurityVulnerabilities({
-      path: path35,
+      path: path36,
       scanContext: ScanContext.BACKGROUND_INITIAL
     }).catch((error) => {
       logError(`[${scanContext}] Error during initial security scan`, { error });
@@ -27390,9 +27340,9 @@ Example payload:
         `Invalid path: potential security risk detected in path: ${pathValidationResult.error}`
       );
     }
-    const path35 = pathValidationResult.path;
+    const path36 = pathValidationResult.path;
     const resultText = await this.newFixesService.getFreshFixes({
-      path: path35
+      path: path36
     });
     logInfo("CheckForNewAvailableFixesTool execution completed", {
       resultText
@@ -27570,8 +27520,8 @@ Call this tool instead of ${MCP_TOOL_SCAN_AND_FIX_VULNERABILITIES} when you only
         `Invalid path: potential security risk detected in path: ${pathValidationResult.error}`
       );
     }
-    const path35 = pathValidationResult.path;
-    const gitService = new GitService(path35, log);
+    const path36 = pathValidationResult.path;
+    const gitService = new GitService(path36, log);
     const gitValidation = await gitService.validateRepository();
     if (!gitValidation.isValid) {
       throw new Error(`Invalid git repository: ${gitValidation.error}`);
@@ -27956,9 +27906,9 @@ Example payload:
         `Invalid path: potential security risk detected in path: ${pathValidationResult.error}`
       );
     }
-    const path35 = pathValidationResult.path;
+    const path36 = pathValidationResult.path;
     const files = await getLocalFiles({
-      path: path35,
+      path: path36,
       maxFileSize: MCP_MAX_FILE_SIZE,
       maxFiles: args.maxFiles,
       scanContext: ScanContext.USER_REQUEST,
@@ -27978,7 +27928,7 @@ Example payload:
     try {
       const fixResult = await this.vulnerabilityFixService.processVulnerabilities({
         fileList: files.map((file) => file.relativePath),
-        repositoryPath: path35,
+        repositoryPath: path36,
         offset: args.offset,
         limit: args.limit,
         isRescan: args.rescan || !!args.maxFiles
@@ -28279,10 +28229,10 @@ init_client_generates();
 init_urlParser2();
 
 // src/features/codeium_intellij/codeium_language_server_grpc_client.ts
-import path32 from "path";
+import path33 from "path";
 import * as grpc from "@grpc/grpc-js";
 import * as protoLoader from "@grpc/proto-loader";
-var PROTO_PATH = path32.join(
+var PROTO_PATH = path33.join(
   getModuleRootDir(),
   "src/features/codeium_intellij/proto/exa/language_server_pb/language_server.proto"
 );
@@ -28294,7 +28244,7 @@ function loadProto() {
     defaults: true,
     oneofs: true,
     includeDirs: [
-      path32.join(getModuleRootDir(), "src/features/codeium_intellij/proto")
+      path33.join(getModuleRootDir(), "src/features/codeium_intellij/proto")
     ]
   });
   return grpc.loadPackageDefinition(
@@ -28350,28 +28300,28 @@ async function getGrpcClient(port, csrf3) {
 // src/features/codeium_intellij/parse_intellij_logs.ts
 import fs27 from "fs";
 import os14 from "os";
-import path33 from "path";
+import path34 from "path";
 function getLogsDir() {
   if (process.platform === "darwin") {
-    return path33.join(os14.homedir(), "Library/Logs/JetBrains");
+    return path34.join(os14.homedir(), "Library/Logs/JetBrains");
   } else if (process.platform === "win32") {
-    return path33.join(
-      process.env["LOCALAPPDATA"] || path33.join(os14.homedir(), "AppData/Local"),
+    return path34.join(
+      process.env["LOCALAPPDATA"] || path34.join(os14.homedir(), "AppData/Local"),
       "JetBrains"
     );
   } else {
-    return path33.join(os14.homedir(), ".cache/JetBrains");
+    return path34.join(os14.homedir(), ".cache/JetBrains");
   }
 }
 function parseIdeLogDir(ideLogDir) {
   const logFiles = fs27.readdirSync(ideLogDir).filter((f) => /^idea(\.\d+)?\.log$/.test(f)).map((f) => ({
     name: f,
-    mtime: fs27.statSync(path33.join(ideLogDir, f)).mtimeMs
+    mtime: fs27.statSync(path34.join(ideLogDir, f)).mtimeMs
   })).sort((a, b) => a.mtime - b.mtime).map((f) => f.name);
   let latestCsrf = null;
   let latestPort = null;
   for (const logFile of logFiles) {
-    const lines = fs27.readFileSync(path33.join(ideLogDir, logFile), "utf-8").split("\n");
+    const lines = fs27.readFileSync(path34.join(ideLogDir, logFile), "utf-8").split("\n");
     for (const line of lines) {
       if (!line.includes(
         "com.codeium.intellij.language_server.LanguageServerProcessHandler"
@@ -28399,9 +28349,9 @@ function findRunningCodeiumLanguageServers() {
   const logsDir = getLogsDir();
   if (!fs27.existsSync(logsDir)) return results;
   for (const ide of fs27.readdirSync(logsDir)) {
-    let ideLogDir = path33.join(logsDir, ide);
+    let ideLogDir = path34.join(logsDir, ide);
     if (process.platform !== "darwin") {
-      ideLogDir = path33.join(ideLogDir, "log");
+      ideLogDir = path34.join(ideLogDir, "log");
     }
     if (!fs27.existsSync(ideLogDir) || !fs27.statSync(ideLogDir).isDirectory()) {
       continue;
@@ -28584,10 +28534,10 @@ function processChatStepCodeAction(step) {
 // src/features/codeium_intellij/install_hook.ts
 import fsPromises5 from "fs/promises";
 import os15 from "os";
-import path34 from "path";
+import path35 from "path";
 import chalk14 from "chalk";
 function getCodeiumHooksPath() {
-  return path34.join(os15.homedir(), ".codeium", "hooks.json");
+  return path35.join(os15.homedir(), ".codeium", "hooks.json");
 }
 async function readCodeiumHooks() {
   const hooksPath = getCodeiumHooksPath();
@@ -28600,7 +28550,7 @@ async function readCodeiumHooks() {
 }
 async function writeCodeiumHooks(config2) {
   const hooksPath = getCodeiumHooksPath();
-  const dir = path34.dirname(hooksPath);
+  const dir = path35.dirname(hooksPath);
   await fsPromises5.mkdir(dir, { recursive: true });
   await fsPromises5.writeFile(
     hooksPath,