npm - mobbdev - Versions diffs - 1.4.11 → 1.4.15 - Mend

mobbdev 1.4.11 → 1.4.15

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (4) hide show

package/dist/args/commands/upload_ai_blame.d.mts +8 -8
package/dist/args/commands/upload_ai_blame.mjs +91 -14
package/dist/index.mjs +704 -166
package/package.json +6 -3

package/dist/args/commands/upload_ai_blame.d.mts CHANGED Viewed

@@ -56,17 +56,17 @@ declare const PromptItemZ: z.ZodObject<{
         name: string;
         parameters: string;
         result: string;
+        mcpServer?: string | undefined;
         accepted?: boolean | undefined;
         rawArguments?: string | undefined;
-        mcpServer?: string | undefined;
         mcpToolName?: string | undefined;
     }, {
         name: string;
         parameters: string;
         result: string;
+        mcpServer?: string | undefined;
         accepted?: boolean | undefined;
         rawArguments?: string | undefined;
-        mcpServer?: string | undefined;
         mcpToolName?: string | undefined;
     }>>;
 }, "strip", z.ZodTypeAny, {
@@ -75,9 +75,9 @@ declare const PromptItemZ: z.ZodObject<{
         name: string;
         parameters: string;
         result: string;
+        mcpServer?: string | undefined;
         accepted?: boolean | undefined;
         rawArguments?: string | undefined;
-        mcpServer?: string | undefined;
         mcpToolName?: string | undefined;
     } | undefined;
     date?: Date | undefined;
@@ -96,9 +96,9 @@ declare const PromptItemZ: z.ZodObject<{
         name: string;
         parameters: string;
         result: string;
+        mcpServer?: string | undefined;
         accepted?: boolean | undefined;
         rawArguments?: string | undefined;
-        mcpServer?: string | undefined;
         mcpToolName?: string | undefined;
     } | undefined;
     date?: Date | undefined;
@@ -149,17 +149,17 @@ declare const PromptItemArrayZ: z.ZodArray<z.ZodObject<{
         name: string;
         parameters: string;
         result: string;
+        mcpServer?: string | undefined;
         accepted?: boolean | undefined;
         rawArguments?: string | undefined;
-        mcpServer?: string | undefined;
         mcpToolName?: string | undefined;
     }, {
         name: string;
         parameters: string;
         result: string;
+        mcpServer?: string | undefined;
         accepted?: boolean | undefined;
         rawArguments?: string | undefined;
-        mcpServer?: string | undefined;
         mcpToolName?: string | undefined;
     }>>;
 }, "strip", z.ZodTypeAny, {
@@ -168,9 +168,9 @@ declare const PromptItemArrayZ: z.ZodArray<z.ZodObject<{
         name: string;
         parameters: string;
         result: string;
+        mcpServer?: string | undefined;
         accepted?: boolean | undefined;
         rawArguments?: string | undefined;
-        mcpServer?: string | undefined;
         mcpToolName?: string | undefined;
     } | undefined;
     date?: Date | undefined;
@@ -189,9 +189,9 @@ declare const PromptItemArrayZ: z.ZodArray<z.ZodObject<{
         name: string;
         parameters: string;
         result: string;
+        mcpServer?: string | undefined;
         accepted?: boolean | undefined;
         rawArguments?: string | undefined;
-        mcpServer?: string | undefined;
         mcpToolName?: string | undefined;
     } | undefined;
     date?: Date | undefined;

package/dist/args/commands/upload_ai_blame.mjs CHANGED Viewed

@@ -109,6 +109,9 @@ function getSdk(client, withWrapper = defaultWrapper) {
     autoPrAnalysis(variables, requestHeaders, signal) {
       return withWrapper((wrappedRequestHeaders) => client.request({ document: AutoPrAnalysisDocument, variables, requestHeaders: { ...requestHeaders, ...wrappedRequestHeaders }, signal }), "autoPrAnalysis", "mutation", variables);
     },
+    getFixWithAnswers(variables, requestHeaders, signal) {
+      return withWrapper((wrappedRequestHeaders) => client.request({ document: GetFixWithAnswersDocument, variables, requestHeaders: { ...requestHeaders, ...wrappedRequestHeaders }, signal }), "getFixWithAnswers", "query", variables);
+    },
     GetFixReportsByRepoUrl(variables, requestHeaders, signal) {
       return withWrapper((wrappedRequestHeaders) => client.request({ document: GetFixReportsByRepoUrlDocument, variables, requestHeaders: { ...requestHeaders, ...wrappedRequestHeaders }, signal }), "GetFixReportsByRepoUrl", "query", variables);
     },
@@ -138,7 +141,7 @@ function getSdk(client, withWrapper = defaultWrapper) {
     }
   };
 }
-var AiBlameInferenceType, FixQuestionInputType, Language, ManifestAction, Effort_To_Apply_Fix_Enum, Fix_Rating_Tag_Enum, Fix_Report_State_Enum, Fix_State_Enum, IssueLanguage_Enum, IssueType_Enum, Pr_Status_Enum, Project_Role_Type_Enum, Vulnerability_Report_Issue_Category_Enum, Vulnerability_Report_Issue_State_Enum, Vulnerability_Report_Issue_Tag_Enum, Vulnerability_Report_Vendor_Enum, Vulnerability_Severity_Enum, FixDetailsFragmentDoc, FixReportSummaryFieldsFragmentDoc, MeDocument, GetLastOrgAndNamedProjectDocument, GetLastOrgDocument, GetEncryptedApiTokenDocument, FixReportStateDocument, GetVulnerabilityReportPathsDocument, GetAnalysisSubscriptionDocument, GetAnalysisDocument, GetFixesDocument, GetVulByNodesMetadataDocument, GetFalsePositiveDocument, UpdateScmTokenDocument, UploadS3BucketInfoDocument, GetTracyDiffUploadUrlDocument, AnalyzeCommitForExtensionAiBlameDocument, GetAiBlameInferenceDocument, GetAiBlameAttributionPromptDocument, GetPromptSummaryDocument, UploadAiBlameInferencesInitDocument, FinalizeAiBlameInferencesUploadDocument, UploadTracyRecordsDocument, GetTracyRawDataUploadUrlDocument, DigestVulnerabilityReportDocument, SubmitVulnerabilityReportDocument, CreateCommunityUserDocument, CreateCliLoginDocument, PerformCliLoginDocument, SetQuarantineEnabledDocument, CreateProjectDocument, ValidateRepoUrlDocument, GitReferenceDocument, AutoPrAnalysisDocument, GetFixReportsByRepoUrlDocument, GetReportFixesDocument, GetLatestReportByRepoUrlDocument, UpdateDownloadedFixDataDocument, GetUserMvsAutoFixDocument, StreamBlameAiAnalysisRequestsDocument, StreamCommitBlameRequestsDocument, ScanSkillDocument, SkillVerdictsByMd5Document, defaultWrapper;
+var AiBlameInferenceType, FixQuestionInputType, Language, ManifestAction, Effort_To_Apply_Fix_Enum, Fix_Rating_Tag_Enum, Fix_Report_State_Enum, Fix_State_Enum, IssueLanguage_Enum, IssueType_Enum, Pr_Status_Enum, Project_Role_Type_Enum, Vulnerability_Report_Issue_Category_Enum, Vulnerability_Report_Issue_State_Enum, Vulnerability_Report_Issue_Tag_Enum, Vulnerability_Report_Vendor_Enum, Vulnerability_Severity_Enum, FixDetailsFragmentDoc, FixReportSummaryFieldsFragmentDoc, MeDocument, GetLastOrgAndNamedProjectDocument, GetLastOrgDocument, GetEncryptedApiTokenDocument, FixReportStateDocument, GetVulnerabilityReportPathsDocument, GetAnalysisSubscriptionDocument, GetAnalysisDocument, GetFixesDocument, GetVulByNodesMetadataDocument, GetFalsePositiveDocument, UpdateScmTokenDocument, UploadS3BucketInfoDocument, GetTracyDiffUploadUrlDocument, AnalyzeCommitForExtensionAiBlameDocument, GetAiBlameInferenceDocument, GetAiBlameAttributionPromptDocument, GetPromptSummaryDocument, UploadAiBlameInferencesInitDocument, FinalizeAiBlameInferencesUploadDocument, UploadTracyRecordsDocument, GetTracyRawDataUploadUrlDocument, DigestVulnerabilityReportDocument, SubmitVulnerabilityReportDocument, CreateCommunityUserDocument, CreateCliLoginDocument, PerformCliLoginDocument, SetQuarantineEnabledDocument, CreateProjectDocument, ValidateRepoUrlDocument, GitReferenceDocument, AutoPrAnalysisDocument, GetFixWithAnswersDocument, GetFixReportsByRepoUrlDocument, GetReportFixesDocument, GetLatestReportByRepoUrlDocument, UpdateDownloadedFixDataDocument, GetUserMvsAutoFixDocument, StreamBlameAiAnalysisRequestsDocument, StreamCommitBlameRequestsDocument, ScanSkillDocument, SkillVerdictsByMd5Document, defaultWrapper;
 var init_client_generates = __esm({
   "src/features/analysis/scm/generates/client_generates.ts"() {
     "use strict";
@@ -312,6 +315,7 @@ var init_client_generates = __esm({
       IssueType_Enum2["NoReturnInFinally"] = "NO_RETURN_IN_FINALLY";
       IssueType_Enum2["NoVar"] = "NO_VAR";
       IssueType_Enum2["NullDereference"] = "NULL_DEREFERENCE";
+      IssueType_Enum2["OftenMisusedBooleanGetBoolean"] = "OFTEN_MISUSED_BOOLEAN_GET_BOOLEAN";
       IssueType_Enum2["OpenRedirect"] = "OPEN_REDIRECT";
       IssueType_Enum2["OverlyBroadCatch"] = "OVERLY_BROAD_CATCH";
       IssueType_Enum2["OverlyLargeRange"] = "OVERLY_LARGE_RANGE";
@@ -442,6 +446,7 @@ var init_client_generates = __esm({
   id
   confidence
   safeIssueType
+  safeIssueLanguage
   severityText
   gitBlameLogin
   severityValue
@@ -465,7 +470,17 @@ var init_client_generates = __esm({
       patch
       patchOriginalEncodingBase64
       questions {
+        key
         name
+        defaultValue
+        value
+        inputType
+        options
+        index
+        extraContext {
+          key
+          value
+        }
       }
       extraContext {
         extraContext {
@@ -1022,7 +1037,7 @@ var init_client_generates = __esm({
 }
     `;
     DigestVulnerabilityReportDocument = `
-    mutation DigestVulnerabilityReport($vulnerabilityReportFileName: String, $fixReportId: String!, $projectId: String!, $scanSource: String!, $repoUrl: String, $reference: String, $sha: String) {
+    mutation DigestVulnerabilityReport($vulnerabilityReportFileName: String, $fixReportId: String!, $projectId: String!, $scanSource: String!, $repoUrl: String, $reference: String, $sha: String, $baselineCommit: String) {
   digestVulnerabilityReport(
     fixReportId: $fixReportId
     vulnerabilityReportFileName: $vulnerabilityReportFileName
@@ -1031,6 +1046,7 @@ var init_client_generates = __esm({
     repoUrl: $repoUrl
     reference: $reference
     sha: $sha
+    baselineCommit: $baselineCommit
   ) {
     __typename
     ... on VulnerabilityReport {
@@ -1182,6 +1198,37 @@ var init_client_generates = __esm({
       error
     }
   }
+}
+    `;
+    GetFixWithAnswersDocument = `
+    query getFixWithAnswers($fixId: uuid!, $userInput: [QuestionAnswer!]!) {
+  fixData: getFix(fixId: $fixId, userInput: $userInput, loadAnswers: false) {
+    __typename
+    ... on FixData {
+      patch
+      patchOriginalEncodingBase64
+      questions {
+        key
+        name
+        defaultValue
+        value
+        inputType
+        options
+        index
+        extraContext {
+          key
+          value
+        }
+      }
+      extraContext {
+        extraContext {
+          key
+          value
+        }
+        fixDescription
+      }
+    }
+  }
 }
     `;
     GetFixReportsByRepoUrlDocument = `
@@ -1216,14 +1263,14 @@ var init_client_generates = __esm({
     GetLatestReportByRepoUrlDocument = `
     query GetLatestReportByRepoUrl($repoUrl: String!, $filters: fix_bool_exp = {}, $limit: Int!, $offset: Int!, $currentUserEmail: String!) {
   fixReport(
-    where: {_and: [{repo: {originalUrl: {_eq: $repoUrl}}}, {state: {_eq: Finished}}, {vulnerabilityReport: {scanSource: {_neq: MCP}}}]}
+    where: {_and: [{repo: {originalUrl: {_ilike: $repoUrl}}}, {state: {_eq: Finished}}, {vulnerabilityReport: {scanSource: {_neq: MCP}}}]}
     order_by: {createdOn: desc}
     limit: 1
   ) {
     ...FixReportSummaryFields
   }
   expiredReport: fixReport(
-    where: {_and: [{repo: {originalUrl: {_eq: $repoUrl}}}, {state: {_eq: Expired}}, {vulnerabilityReport: {scanSource: {_neq: MCP}}}]}
+    where: {_and: [{repo: {originalUrl: {_ilike: $repoUrl}}}, {state: {_eq: Expired}}, {vulnerabilityReport: {scanSource: {_neq: MCP}}}]}
     order_by: {createdOn: desc}
     limit: 1
   ) {
@@ -1531,7 +1578,7 @@ var init_analysis = __esm({
 // src/features/analysis/scm/shared/src/types/issue.ts
 import { z as z4 } from "zod";
-var MAX_SOURCE_CODE_FILE_SIZE_IN_BYTES, VulnerabilityReportIssueRatingZ, VulnerabilityReportIssueSharedStateZ, BaseIssuePartsZ, FalsePositivePartsZ, IssuePartsWithFixZ, IssuePartsFpZ, GeneralIssueZ, IssuePartsZ, GetIssueIndexesZ, GetIssueScreenDataZ, IssueBucketZ, mapBucketTypeToCategory;
+var MAX_SOURCE_CODE_FILE_SIZE_IN_BYTES, VulnerabilityReportIssueRatingZ, VulnerabilityReportIssueSharedStateZ, BaseIssuePartsZ, FalsePositivePartsZ, UnfixablePartsZ, IssuePartsWithFixZ, IssuePartsFpZ, GeneralIssueZ, IssuePartsZ, GetIssueIndexesZ, GetIssueScreenDataZ, IssueBucketZ, mapBucketTypeToCategory;
 var init_issue = __esm({
   "src/features/analysis/scm/shared/src/types/issue.ts"() {
     "use strict";
@@ -1613,12 +1660,17 @@ var init_issue = __esm({
           return { codeDiff };
         })
       }).nullish(),
-      sharedState: VulnerabilityReportIssueSharedStateZ
+      sharedState: VulnerabilityReportIssueSharedStateZ,
+      unfixableId: z4.string().uuid().nullish()
     });
     FalsePositivePartsZ = z4.object({
       extraContext: z4.array(z4.object({ key: z4.string(), value: z4.string() })),
       fixDescription: z4.string()
     });
+    UnfixablePartsZ = z4.object({
+      extraContext: z4.array(z4.object({ key: z4.string(), value: z4.string() })),
+      fixDescription: z4.string()
+    });
     IssuePartsWithFixZ = BaseIssuePartsZ.merge(
       z4.object({
         category: z4.literal("Irrelevant" /* Irrelevant */),
@@ -1640,7 +1692,8 @@ var init_issue = __esm({
           z4.literal("Fixable" /* Fixable */),
           z4.literal("Filtered" /* Filtered */),
           z4.literal("Pending" /* Pending */)
-        ])
+        ]),
+        getUnfixable: UnfixablePartsZ.nullish()
       })
     );
     IssuePartsZ = z4.union([
@@ -1830,7 +1883,8 @@ var init_getIssueType = __esm({
       ["MISSING_X_FRAME_OPTIONS" /* MissingXFrameOptions */]: "Missing X-Frame-Options Header",
       ["IMPROPER_VALIDATION_OF_ARRAY_INDEX" /* ImproperValidationOfArrayIndex */]: "Improper Validation of Array Index",
       ["INCORRECT_INTEGER_CONVERSION" /* IncorrectIntegerConversion */]: "Incorrect Integer Conversion",
-      ["IMPROPER_CERTIFICATE_VALIDATION" /* ImproperCertificateValidation */]: "Improper Certificate Validation"
+      ["IMPROPER_CERTIFICATE_VALIDATION" /* ImproperCertificateValidation */]: "Improper Certificate Validation",
+      ["OFTEN_MISUSED_BOOLEAN_GET_BOOLEAN" /* OftenMisusedBooleanGetBoolean */]: "Often Misused: Boolean.getBoolean()"
     };
     issueTypeZ = z5.nativeEnum(IssueType_Enum);
     getIssueTypeFriendlyString = (issueType) => {
@@ -4384,6 +4438,18 @@ if (!semver.satisfies(process.version, packageJson.engines.node)) {
 // src/utils/gitUtils.ts
 import simpleGit from "simple-git";
+var tag = (sink) => (data, msg) => {
+  if (msg) {
+    const sanitizedMsg = String(msg).replace(/\n|\r/g, "");
+    sink(`[GIT] ${sanitizedMsg}`, data);
+  } else {
+    sink("[GIT]", data);
+  }
+};
+var defaultLogger = {
+  debug: tag(console.log),
+  warn: tag(console.warn)
+};
 // src/utils/index.ts
 var sleep = (ms = 2e3) => new Promise((r) => setTimeout(r, ms));
@@ -5037,7 +5103,8 @@ var fixDetailsData = {
   ["MISSING_X_FRAME_OPTIONS" /* MissingXFrameOptions */]: void 0,
   ["IMPROPER_VALIDATION_OF_ARRAY_INDEX" /* ImproperValidationOfArrayIndex */]: void 0,
   ["INCORRECT_INTEGER_CONVERSION" /* IncorrectIntegerConversion */]: void 0,
-  ["IMPROPER_CERTIFICATE_VALIDATION" /* ImproperCertificateValidation */]: void 0
+  ["IMPROPER_CERTIFICATE_VALIDATION" /* ImproperCertificateValidation */]: void 0,
+  ["OFTEN_MISUSED_BOOLEAN_GET_BOOLEAN" /* OftenMisusedBooleanGetBoolean */]: void 0
 };
 // src/features/analysis/scm/shared/src/commitDescriptionMarkup.ts
@@ -7174,7 +7241,8 @@ var GQLClient = class {
     repoUrl,
     reference,
     sha,
-    shouldScan
+    shouldScan,
+    baselineCommit
   }) {
     const res = await this._clientSdk.DigestVulnerabilityReport({
       fixReportId,
@@ -7183,7 +7251,8 @@ var GQLClient = class {
       scanSource,
       repoUrl,
       reference,
-      sha
+      sha,
+      baselineCommit
     });
     if (res.digestVulnerabilityReport.__typename !== "VulnerabilityReport") {
       throw new Error("Digesting vulnerability report failed");
@@ -7437,8 +7506,16 @@ var ADO_PAT_PATTERN = {
   severity: "high",
   validator: (match) => match.length >= 52 && match.length <= 100
 };
+var DATADOG_APP_KEY_PATTERN = {
+  type: "DATADOG_APP_KEY",
+  regex: /\bddapp_[a-zA-Z0-9]{30,}\b/g,
+  priority: 95,
+  placeholder: "[DATADOG_APP_KEY_{n}]",
+  description: "Datadog Application Key",
+  severity: "high"
+};
 var openRedaction = new OpenRedaction({
-  customPatterns: [ADO_PAT_PATTERN],
+  customPatterns: [ADO_PAT_PATTERN, DATADOG_APP_KEY_PATTERN],
   patterns: [
     // Core Personal Data
     // Removed EMAIL - causes false positives in code/test snippets (e.g. --author="Eve Author <eve@example.com>")
@@ -8092,7 +8169,7 @@ function getStableComputerName() {
 }
 // src/args/commands/upload_ai_blame.ts
-var defaultLogger = {
+var defaultLogger2 = {
   info: (msg, data) => {
     if (data !== void 0) {
       console.log(msg, data);
@@ -8309,7 +8386,7 @@ async function uploadAiBlameHandler(options) {
     exitOnError = true,
     apiUrl,
     webAppUrl,
-    logger = defaultLogger
+    logger = defaultLogger2
   } = options;
   const prompts = args.prompt || [];
   const inferences = args.inference || [];