mobbdev 1.4.21 → 1.4.23

package/dist/index.mjs

@@ -417,6 +417,7 @@ var init_client_generates = __esm({
       return Vulnerability_Report_Issue_State_Enum2;
     })(Vulnerability_Report_Issue_State_Enum || {});
     Vulnerability_Report_Issue_Tag_Enum = /* @__PURE__ */ ((Vulnerability_Report_Issue_Tag_Enum3) => {
+      Vulnerability_Report_Issue_Tag_Enum3["AgenticRemediationInProgress"] = "AGENTIC_REMEDIATION_IN_PROGRESS";
       Vulnerability_Report_Issue_Tag_Enum3["AutogeneratedCode"] = "AUTOGENERATED_CODE";
       Vulnerability_Report_Issue_Tag_Enum3["AuxiliaryCode"] = "AUXILIARY_CODE";
       Vulnerability_Report_Issue_Tag_Enum3["FalsePositive"] = "FALSE_POSITIVE";
@@ -1592,7 +1593,8 @@ var init_getIssueType = __esm({
       ["TEST_CODE" /* TestCode */]: "The flagged code resides in a test-specific path or context. This categorization indicates that **it supports testing scenarios and is isolated from production use**.",
       ["UNFIXABLE" /* Unfixable */]: "The flagged code cannot be fixed",
       ["VENDOR_CODE" /* VendorCode */]: "The flagged code originates from a third-party library or dependency maintained externally. This categorization suggests that **the issue lies outside the application's direct control** and should be addressed by the vendor if necessary.",
-      ["SUPPRESSED" /* Suppressed */]: "Suppressed in the scan report."
+      ["SUPPRESSED" /* Suppressed */]: "Suppressed in the scan report.",
+      ["AGENTIC_REMEDIATION_IN_PROGRESS" /* AgenticRemediationInProgress */]: "Mobb is currently retrying remediation on this issue. The state will refresh automatically once the run finishes."
     };
   }
 });
@@ -3872,9 +3874,9 @@ var init_GitService = __esm({
           this.log("[GitService] Git repository validation successful", "debug");
           return { isValid: true };
         } catch (error) {
-          const errorMessage = `Failed to verify git repository: ${error.message}`;
-          this.log(`[GitService] ${errorMessage}`, "error", { error });
-          return { isValid: false, error: errorMessage };
+          const errorMessage3 = `Failed to verify git repository: ${error.message}`;
+          this.log(`[GitService] ${errorMessage3}`, "error", { error });
+          return { isValid: false, error: errorMessage3 };
         }
       }
       /**
@@ -3920,9 +3922,9 @@ var init_GitService = __esm({
           });
           return { files, deletedFiles, status };
         } catch (error) {
-          const errorMessage = `Failed to get git status: ${error.message}`;
-          this.log(`[GitService] ${errorMessage}`, "error", { error });
-          throw new Error(errorMessage);
+          const errorMessage3 = `Failed to get git status: ${error.message}`;
+          this.log(`[GitService] ${errorMessage3}`, "error", { error });
+          throw new Error(errorMessage3);
         }
       }
       /**
@@ -3948,9 +3950,9 @@ var init_GitService = __esm({
             reference
           };
         } catch (error) {
-          const errorMessage = `Failed to get git repository information: ${error.message}`;
-          this.log(`[GitService] ${errorMessage}`, "error", { error });
-          throw new Error(errorMessage);
+          const errorMessage3 = `Failed to get git repository information: ${error.message}`;
+          this.log(`[GitService] ${errorMessage3}`, "error", { error });
+          throw new Error(errorMessage3);
         }
       }
       /**
@@ -3988,9 +3990,9 @@ var init_GitService = __esm({
           this.log("[GitService] Current branch retrieved", "debug", { branch });
           return branch;
         } catch (error) {
-          const errorMessage = `Failed to get current branch: ${error.message}`;
-          this.log(`[GitService] ${errorMessage}`, "error", { error });
-          throw new Error(errorMessage);
+          const errorMessage3 = `Failed to get current branch: ${error.message}`;
+          this.log(`[GitService] ${errorMessage3}`, "error", { error });
+          throw new Error(errorMessage3);
         }
       }
       /**
@@ -4003,9 +4005,9 @@ var init_GitService = __esm({
           this.log("[GitService] Current commit hash retrieved", "debug", { hash });
           return hash;
         } catch (error) {
-          const errorMessage = `Failed to get current commit hash: ${error.message}`;
-          this.log(`[GitService] ${errorMessage}`, "error", { error });
-          throw new Error(errorMessage);
+          const errorMessage3 = `Failed to get current commit hash: ${error.message}`;
+          this.log(`[GitService] ${errorMessage3}`, "error", { error });
+          throw new Error(errorMessage3);
         }
       }
       /**
@@ -4053,8 +4055,8 @@ var init_GitService = __esm({
           );
           return { hash, branch };
         } catch (error) {
-          const errorMessage = `Failed to get current commit hash and branch: ${error.message}`;
-          this.log(`[GitService] ${errorMessage}`, "error", { error });
+          const errorMessage3 = `Failed to get current commit hash and branch: ${error.message}`;
+          this.log(`[GitService] ${errorMessage3}`, "error", { error });
           return { hash: "", branch: "" };
         }
       }
@@ -4072,9 +4074,9 @@ var init_GitService = __esm({
           });
           return normalizedUrl;
         } catch (error) {
-          const errorMessage = `Failed to get remote repository URL: ${error.message}`;
-          this.log(`[GitService] ${errorMessage}`, "error", { error });
-          throw new Error(errorMessage);
+          const errorMessage3 = `Failed to get remote repository URL: ${error.message}`;
+          this.log(`[GitService] ${errorMessage3}`, "error", { error });
+          throw new Error(errorMessage3);
         }
       }
       /**
@@ -4195,9 +4197,9 @@ var init_GitService = __esm({
             commitCount: commitsProcessed
           };
         } catch (error) {
-          const errorMessage = `Failed to get recently changed files: ${error.message}`;
-          this.log(`[GitService] ${errorMessage}`, "error", { error });
-          throw new Error(errorMessage);
+          const errorMessage3 = `Failed to get recently changed files: ${error.message}`;
+          this.log(`[GitService] ${errorMessage3}`, "error", { error });
+          throw new Error(errorMessage3);
         }
       }
       /**
@@ -4241,8 +4243,8 @@ ${rootContent}`;
           );
           return combinedContent.trimEnd();
         } catch (error) {
-          const errorMessage = `Failed to get .gitignore contents: ${error.message}`;
-          this.log(`[GitService] ${errorMessage}`, "error", { error });
+          const errorMessage3 = `Failed to get .gitignore contents: ${error.message}`;
+          this.log(`[GitService] ${errorMessage3}`, "error", { error });
           return null;
         }
       }
@@ -4262,9 +4264,9 @@ ${rootContent}`;
           this.log("[GitService] Git root retrieved", "debug", { gitRoot });
           return gitRoot;
         } catch (error) {
-          const errorMessage = `Failed to get git repository root: ${error.message}`;
-          this.log(`[GitService] ${errorMessage}`, "error", { error });
-          throw new Error(errorMessage);
+          const errorMessage3 = `Failed to get git repository root: ${error.message}`;
+          this.log(`[GitService] ${errorMessage3}`, "error", { error });
+          throw new Error(errorMessage3);
         }
       }
       /**
@@ -4303,9 +4305,9 @@ ${rootContent}`;
           });
           return true;
         } catch (error) {
-          const errorMessage = `Failed to ensure .gitignore entry: ${error.message}`;
-          this.log(`[GitService] ${errorMessage}`, "error", { error, entry });
-          throw new Error(errorMessage);
+          const errorMessage3 = `Failed to ensure .gitignore entry: ${error.message}`;
+          this.log(`[GitService] ${errorMessage3}`, "error", { error, entry });
+          throw new Error(errorMessage3);
         }
       }
       /**
@@ -4323,9 +4325,9 @@ ${rootContent}`;
           });
           return exists2;
         } catch (error) {
-          const errorMessage = `Failed to check .gitignore existence: ${error.message}`;
-          this.log(`[GitService] ${errorMessage}`, "error", { error });
-          throw new Error(errorMessage);
+          const errorMessage3 = `Failed to check .gitignore existence: ${error.message}`;
+          this.log(`[GitService] ${errorMessage3}`, "error", { error });
+          throw new Error(errorMessage3);
         }
       }
       /**
@@ -4385,8 +4387,8 @@ ${rootContent}`;
             coAuthors: parsed.coAuthors
           };
         } catch (error) {
-          const errorMessage = `Failed to get local commit data: ${error.message}`;
-          this.log(`[GitService] ${errorMessage}`, "debug", { error, commitSha });
+          const errorMessage3 = `Failed to get local commit data: ${error.message}`;
+          this.log(`[GitService] ${errorMessage3}`, "debug", { error, commitSha });
           return null;
         }
       }
@@ -4395,7 +4397,7 @@ ${rootContent}`;
 });
 
 // src/index.ts
-import Debug22 from "debug";
+import Debug23 from "debug";
 import { hideBin } from "yargs/helpers";
 
 // src/args/yargs.ts
@@ -5231,6 +5233,48 @@ var languages = {
 init_client_generates();
 import { z as z4 } from "zod";
 
+// src/features/analysis/scm/shared/src/storedQuestionData/cpp/index.ts
+init_client_generates();
+
+// src/features/analysis/scm/shared/src/storedQuestionData/cpp/commandInjection.ts
+var commandInjection = {
+  isUnixShellCommandPart: {
+    content: () => "Is the input data interpolated into a shell command (not the program name or shell structure)?",
+    description: () => `\`system()\` / \`popen()\` hand the whole string to \`/bin/sh -c\`. Answer **yes** when the input is *data* placed into a fixed command, for example:
+
+- \`sprintf(cmd, "grep %s file.txt", input); system(cmd);\`
+- \`sprintf(cmd, "ping -c 5 %s", input); system(cmd);\`
+
+Answer **no** (the input is not plain data) when the input is:
+
+1. The program/executable itself:
+  - \`system(input);\`
+  - \`sprintf(cmd, "%s -x", input);\`
+2. A command after a pipe or redirect:
+  - \`sprintf(cmd, "cat file.txt | %s", input);\`
+3. A part of a non-Unix or cross-platform shell command.
+4. A part of embedded code in another language:
+  - \`sprintf(cmd, "php -r \\"echo '%s';\\"", input);\`
+  - \`sprintf(cmd, "awk '%s' file", input);\`
+5. A flag/option that controls a tool's behaviour:
+  - \`sprintf(cmd, "git --upload-pack %s", input);\``,
+    guidance: () => "If yes and the command can run without a shell, it is rewritten to a no-shell argument-vector call (`posix_spawn`); if it needs the shell, the tainted argument is escaped in place so the shell keeps working. If the answer is no (the input controls the program or shell structure), there is no safe automatic rewrite, so the fix is withheld and the sink is left for manual review."
+  },
+  executableLocationPath: {
+    content: () => "What is the absolute path of the directory containing the executable?",
+    description: () => `When \`system()\` is rewritten to an \`execv()\` argument-vector call, the program is run by its path with **no \`$PATH\` search**, so a relative program name (e.g. \`tail\`) cannot be resolved and a poisoned \`PATH\` cannot be used to run a look-alike binary.
+
+Provide the absolute directory that contains the executable (e.g. \`/usr/bin\`); the fix prepends it to the bare program name to form an absolute path.`,
+    guidance: () => "Only asked when the program name in the command has no `/`. A program that is already an absolute or relative path (contains `/`) is used as written."
+  }
+};
+
+// src/features/analysis/scm/shared/src/storedQuestionData/cpp/index.ts
+var vulnerabilities11 = {
+  ["CMDi" /* CmDi */]: commandInjection
+};
+var cpp_default = vulnerabilities11;
+
 // src/features/analysis/scm/shared/src/storedQuestionData/csharp/index.ts
 init_client_generates();
 
@@ -5527,7 +5571,7 @@ var xxe = {
 };
 
 // src/features/analysis/scm/shared/src/storedQuestionData/csharp/index.ts
-var vulnerabilities11 = {
+var vulnerabilities12 = {
   ["LOG_FORGING" /* LogForging */]: logForging,
   ["SSRF" /* Ssrf */]: ssrf2,
   ["XXE" /* Xxe */]: xxe,
@@ -5548,7 +5592,7 @@ var vulnerabilities11 = {
   ["SQL_Injection" /* SqlInjection */]: sqlInjection2,
   ["REQUEST_PARAMETERS_BOUND_VIA_INPUT" /* RequestParametersBoundViaInput */]: requestParametersBoundViaInput
 };
-var csharp_default2 = vulnerabilities11;
+var csharp_default2 = vulnerabilities12;
 
 // src/features/analysis/scm/shared/src/storedQuestionData/go/index.ts
 init_client_generates();
@@ -5581,18 +5625,18 @@ var websocketMissingOriginCheck = {
 };
 
 // src/features/analysis/scm/shared/src/storedQuestionData/go/index.ts
-var vulnerabilities12 = {
+var vulnerabilities13 = {
   ["LOG_FORGING" /* LogForging */]: logForging2,
   ["MISSING_SSL_MINVERSION" /* MissingSslMinversion */]: missingSslMinversion,
   ["WEBSOCKET_MISSING_ORIGIN_CHECK" /* WebsocketMissingOriginCheck */]: websocketMissingOriginCheck
 };
-var go_default2 = vulnerabilities12;
+var go_default2 = vulnerabilities13;
 
 // src/features/analysis/scm/shared/src/storedQuestionData/java/index.ts
 init_client_generates();
 
 // src/features/analysis/scm/shared/src/storedQuestionData/java/commandInjection.ts
-var commandInjection = {
+var commandInjection2 = {
   isUnixShellCommandPart: {
     content: () => "Is the input part of Unix shell command?",
     description: () => `For example:
@@ -6046,10 +6090,10 @@ var xxe2 = {
 };
 
 // src/features/analysis/scm/shared/src/storedQuestionData/java/index.ts
-var vulnerabilities13 = {
+var vulnerabilities14 = {
   ["SQL_Injection" /* SqlInjection */]: sqlInjection3,
   ["CMDi_relative_path_command" /* CmDiRelativePathCommand */]: relativePathCommand,
-  ["CMDi" /* CmDi */]: commandInjection,
+  ["CMDi" /* CmDi */]: commandInjection2,
   ["CONFUSING_NAMING" /* ConfusingNaming */]: confusingNaming,
   ["ERROR_CONDTION_WITHOUT_ACTION" /* ErrorCondtionWithoutAction */]: errorConditionWithoutAction,
   ["XXE" /* Xxe */]: xxe2,
@@ -6074,7 +6118,7 @@ var vulnerabilities13 = {
   ["ERRONEOUS_STRING_COMPARE" /* ErroneousStringCompare */]: erroneousStringCompare,
   ["DUPLICATED_STRINGS" /* DuplicatedStrings */]: duplicatedStrings
 };
-var java_default2 = vulnerabilities13;
+var java_default2 = vulnerabilities14;
 
 // src/features/analysis/scm/shared/src/storedQuestionData/js/index.ts
 init_client_generates();
@@ -6089,7 +6133,7 @@ var csrf2 = {
 };
 
 // src/features/analysis/scm/shared/src/storedQuestionData/js/commandInjection.ts
-var commandInjection2 = {
+var commandInjection3 = {
   isCommandExecutable: {
     content: () => "Commands can be intrinsically unsafe if they call out to other executables or run arbitary code",
     description: () => `Does the command fall into one of the following categories:
@@ -6403,8 +6447,8 @@ var xss3 = {
 };
 
 // src/features/analysis/scm/shared/src/storedQuestionData/js/index.ts
-var vulnerabilities14 = {
-  ["CMDi" /* CmDi */]: commandInjection2,
+var vulnerabilities15 = {
+  ["CMDi" /* CmDi */]: commandInjection3,
   ["GRAPHQL_DEPTH_LIMIT" /* GraphqlDepthLimit */]: graphqlDepthLimit,
   ["INSECURE_RANDOMNESS" /* InsecureRandomness */]: insecureRandomness2,
   ["SSRF" /* Ssrf */]: ssrf4,
@@ -6426,7 +6470,7 @@ var vulnerabilities14 = {
   ["HARDCODED_DOMAIN_IN_HTML" /* HardcodedDomainInHtml */]: hardcodedDomainInHtml,
   ["CSRF" /* Csrf */]: csrf2
 };
-var js_default = vulnerabilities14;
+var js_default = vulnerabilities15;
 
 // src/features/analysis/scm/shared/src/storedQuestionData/python/index.ts
 init_client_generates();
@@ -6500,7 +6544,7 @@ var uncheckedLoopCondition3 = {
 };
 
 // src/features/analysis/scm/shared/src/storedQuestionData/python/index.ts
-var vulnerabilities15 = {
+var vulnerabilities16 = {
   ["CSRF" /* Csrf */]: csrf2,
   ["LOG_FORGING" /* LogForging */]: logForging5,
   ["OPEN_REDIRECT" /* OpenRedirect */]: openRedirect3,
@@ -6509,7 +6553,7 @@ var vulnerabilities15 = {
   ["MISSING_ENCODING_FILE_OPEN" /* MissingEncodingFileOpen */]: missingEncoding,
   ["SSRF" /* Ssrf */]: ssrf5
 };
-var python_default2 = vulnerabilities15;
+var python_default2 = vulnerabilities16;
 
 // src/features/analysis/scm/shared/src/storedQuestionData/xml/index.ts
 init_client_generates();
@@ -6526,10 +6570,10 @@ A value too high will cause performance issues up to and including denial of ser
 };
 
 // src/features/analysis/scm/shared/src/storedQuestionData/xml/index.ts
-var vulnerabilities16 = {
+var vulnerabilities17 = {
   ["WEAK_XML_SCHEMA_UNBOUNDED_OCCURRENCES" /* WeakXmlSchemaUnboundedOccurrences */]: unboundedOccurrences
 };
-var xml_default2 = vulnerabilities16;
+var xml_default2 = vulnerabilities17;
 
 // src/features/analysis/scm/shared/src/storedQuestionData/yaml/index.ts
 init_client_generates();
@@ -6562,12 +6606,12 @@ var writableFilesystemService = {
 };
 
 // src/features/analysis/scm/shared/src/storedQuestionData/yaml/index.ts
-var vulnerabilities17 = {
+var vulnerabilities18 = {
   ["PORT_ALL_INTERFACES" /* PortAllInterfaces */]: portAllInterfaces,
   ["WRITABLE_FILESYSTEM_SERVICE" /* WritableFilesystemService */]: writableFilesystemService,
   ["NO_NEW_PRIVILEGES" /* NoNewPrivileges */]: noNewPrivileges
 };
-var yaml_default = vulnerabilities17;
+var yaml_default = vulnerabilities18;
 
 // src/features/analysis/scm/shared/src/storedQuestionData/index.ts
 var StoredQuestionDataItemZ = z4.object({
@@ -6582,6 +6626,7 @@ var languages2 = {
   ["CSharp" /* CSharp */]: csharp_default2,
   ["Python" /* Python */]: python_default2,
   ["Go" /* Go */]: go_default2,
+  ["Cpp" /* Cpp */]: cpp_default,
   ["YAML" /* Yaml */]: yaml_default
 };
 var storedQuestionData_default = languages2;
@@ -9325,8 +9370,8 @@ function handleGitHubError(error, scmType = "GitHub" /* GitHub */) {
       (Number.parseInt(headers["x-ratelimit-reset"], 10) * 1e3 - Date.now()) / 1e3
     )
   ) : void 0;
-  const errorMessage = errorObj.message || (error instanceof Error ? error.message : String(error));
-  if (status === 403 && retryAfter !== void 0 || errorMessage.toLowerCase().includes("rate limit") || errorMessage.toLowerCase().includes("api rate limit exceeded")) {
+  const errorMessage3 = errorObj.message || (error instanceof Error ? error.message : String(error));
+  if (status === 403 && retryAfter !== void 0 || errorMessage3.toLowerCase().includes("rate limit") || errorMessage3.toLowerCase().includes("api rate limit exceeded")) {
     throw new RateLimitError(
       "GitHub API rate limit exceeded",
       scmType,
@@ -9354,7 +9399,7 @@ function handleGitHubError(error, scmType = "GitHub" /* GitHub */) {
   const errorCode = errorObj.code || errorObj.response?.code;
   if (errorCode === "ECONNREFUSED" || errorCode === "ETIMEDOUT" || errorCode === "ENOTFOUND" || errorCode === "EAI_AGAIN") {
     throw new NetworkError(
-      `GitHub network error: ${errorMessage}`,
+      `GitHub network error: ${errorMessage3}`,
       scmType,
       errorCode
     );
@@ -9362,7 +9407,7 @@ function handleGitHubError(error, scmType = "GitHub" /* GitHub */) {
   if (error instanceof RateLimitError || error instanceof InvalidAccessTokenError || error instanceof ScmBadCredentialsError || error instanceof InvalidRepoUrlError || error instanceof NetworkError || error instanceof InvalidUrlPatternError) {
     throw error;
   }
-  throw new Error(`GitHub API error: ${errorMessage}`);
+  throw new Error(`GitHub API error: ${errorMessage3}`);
 }
 async function githubValidateParams(url, accessToken) {
   try {
@@ -9596,48 +9641,65 @@ function getGithubSdk(params = {}) {
         return false;
       }
     },
-    async getGithubRepoList() {
+    async listAuthenticatedUserReposPage(params2) {
+      const {
+        sort = { field: "updated", order: "desc" },
+        perPage = 10,
+        page = 1
+      } = params2;
+      const githubSort = sort.field === "name" ? "full_name" : sort.field === "created" ? "created" : "updated";
       try {
-        const allRepos = [];
-        let page = 1;
-        const perPage = 100;
-        let hasMore = true;
-        while (hasMore) {
-          const githubRepos = await octokit.request(GET_USER_REPOS, {
-            sort: "updated",
-            per_page: perPage,
-            page
-          });
-          for (const repo of githubRepos.data) {
-            allRepos.push({
-              repoName: repo.name,
-              repoUrl: repo.html_url,
-              repoOwner: repo.owner.login,
-              repoLanguages: repo.language ? [repo.language] : [],
-              repoIsPublic: !repo.private,
-              repoUpdatedAt: repo.updated_at
-            });
-          }
-          hasMore = githubRepos.data.length >= perPage;
-          page++;
-        }
-        return allRepos;
+        const githubRepos = await octokit.request(GET_USER_REPOS, {
+          sort: githubSort,
+          direction: sort.order,
+          per_page: perPage,
+          page
+        });
+        const items = githubRepos.data.map((repo) => ({
+          repoName: repo.name,
+          repoUrl: repo.html_url,
+          repoOwner: repo.owner.login,
+          repoLanguages: repo.language ? [repo.language] : [],
+          repoIsPublic: !repo.private,
+          repoUpdatedAt: repo.updated_at
+        }));
+        return {
+          items,
+          hasMore: githubRepos.data.length >= perPage
+        };
       } catch (e) {
         if (e instanceof RequestError && e.status === 401) {
           console.warn(
             "GitHub API returned 401 Unauthorized when listing repos - token may be expired or lack repo scope"
           );
-          return [];
+          return { items: [], hasMore: false };
         }
         if (e instanceof RequestError && e.status === 404) {
           console.warn(
             "GitHub API returned 404 Not Found when listing repos - user may not exist"
           );
-          return [];
+          return { items: [], hasMore: false };
         }
         throw e;
       }
     },
+    async getGithubRepoList() {
+      const allRepos = [];
+      let page = 1;
+      const perPage = 100;
+      let hasMore = true;
+      while (hasMore) {
+        const pageResult = await this.listAuthenticatedUserReposPage({
+          sort: { field: "updated", order: "desc" },
+          perPage,
+          page
+        });
+        allRepos.push(...pageResult.items);
+        hasMore = pageResult.hasMore;
+        page++;
+      }
+      return allRepos;
+    },
     async getGithubRepoDefaultBranch(repoUrl) {
       const { owner, repo } = parseGithubOwnerAndRepo(repoUrl);
       const repos = await octokit.rest.repos.get({ repo, owner });
@@ -10697,23 +10759,25 @@ var GithubSCMLib = class extends SCMLib {
     });
   }
   /**
-   * Override searchRepos to use GitHub's Search API for efficient pagination.
-   * This is much faster than fetching all repos and filtering in-memory.
-   *
-   * Note: GitHub Search API doesn't support sorting by name, so when name sorting
-   * is requested, we fall back to fetching all repos and sorting in-memory.
+   * Override searchRepos for efficient server-side pagination.
+   * - With scmOrg: GitHub Search API (`org:…`)
+   * - Without scmOrg: paginated `GET /user/repos`
+   * - Name sort: in-memory over full list
    */
   async searchRepos(params) {
     this._validateAccessToken();
     const sort = params.sort || { field: "updated", order: "desc" };
-    if (!params.scmOrg || sort.field === "name") {
+    if (sort.field === "name") {
       return this.searchReposInMemory(params);
     }
+    if (!params.scmOrg) {
+      return this.searchReposWithUserReposApi(params);
+    }
     return this.searchReposWithApi(params);
   }
   /**
    * Search repos by fetching all and sorting/paginating in-memory.
-   * Used when name sorting is requested or no organization is provided.
+   * Used only when name sorting is requested.
    */
   async searchReposInMemory(params) {
     const repos = await this.getRepoList(params.scmOrg);
@@ -10741,6 +10805,24 @@ var GithubSCMLib = class extends SCMLib {
       hasMore: nextOffset < sortedRepos.length
     };
   }
+  /**
+   * Paginated repo list for authenticated user when no GitHub org is configured.
+   */
+  async searchReposWithUserReposApi(params) {
+    const page = parseCursorSafe(params.cursor, 1);
+    const perPage = params.limit || 10;
+    const sort = params.sort || { field: "updated", order: "desc" };
+    const pageResult = await this.githubSdk.listAuthenticatedUserReposPage({
+      sort,
+      perPage,
+      page
+    });
+    return {
+      results: pageResult.items,
+      nextCursor: pageResult.hasMore ? String(page + 1) : void 0,
+      hasMore: pageResult.hasMore
+    };
+  }
   /**
    * Search repos using GitHub Search API for efficient server-side pagination.
    * Only supports date-based sorting (updated/created).
@@ -13112,7 +13194,7 @@ import path10 from "path";
 import { env as env2 } from "process";
 import { pipeline } from "stream/promises";
 import chalk7 from "chalk";
-import Debug21 from "debug";
+import Debug22 from "debug";
 import extract from "extract-zip";
 import { createSpinner as createSpinner4 } from "nanospinner";
 import fetch4 from "node-fetch";
@@ -13123,7 +13205,7 @@ import { z as z31 } from "zod";
 // src/commands/AuthManager.ts
 import crypto from "crypto";
 import os3 from "os";
-import Debug10 from "debug";
+import Debug11 from "debug";
 import open from "open";
 
 // src/features/analysis/graphql/gql.ts
@@ -13778,11 +13860,11 @@ var GQLClient = class {
           {
             next: async (data) => {
               if (!data.analysis?.state || data.analysis?.state === "Failed" /* Failed */) {
-                const errorMessage = data.analysis?.failReason || `Analysis failed with id: ${data.analysis?.id}`;
+                const errorMessage3 = data.analysis?.failReason || `Analysis failed with id: ${data.analysis?.id}`;
                 subscription.unsubscribe();
                 reject(
                   new ReportDigestError(
-                    errorMessage,
+                    errorMessage3,
                     data.analysis?.failReason ?? ""
                   )
                 );
@@ -13846,9 +13928,9 @@ var GQLClient = class {
         `[pollForAnalysisState] Poll #${pollCount} - current state: ${analysis.state}`
       );
       if (!analysis.state || analysis.state === "Failed" /* Failed */) {
-        const errorMessage = analysis.failReason || `Analysis failed with id: ${analysis.id}`;
-        debug7(`[pollForAnalysisState] Analysis failed: ${errorMessage}`);
-        throw new ReportDigestError(errorMessage, analysis.failReason ?? "");
+        const errorMessage3 = analysis.failReason || `Analysis failed with id: ${analysis.id}`;
+        debug7(`[pollForAnalysisState] Analysis failed: ${errorMessage3}`);
+        throw new ReportDigestError(errorMessage3, analysis.failReason ?? "");
       }
       if (callbackStates.includes(analysis.state)) {
         debug7(
@@ -13949,7 +14031,7 @@ var GQLClient = class {
 };
 
 // src/features/analysis/graphql/tracy-batch-upload.ts
-import Debug9 from "debug";
+import Debug10 from "debug";
 
 // src/args/commands/upload_ai_blame.ts
 import fsPromises2 from "fs/promises";
@@ -14068,12 +14150,28 @@ init_urlParser2();
 import Debug8 from "debug";
 import fetch3, { File, fileFrom, FormData } from "node-fetch";
 var debug9 = Debug8("mobbdev:upload-file");
+var S3UploadError = class extends Error {
+  constructor(status, s3Code, s3Message) {
+    super(`Failed to upload the file: ${status}`);
+    this.status = status;
+    this.s3Code = s3Code;
+    this.s3Message = s3Message;
+    this.name = "S3UploadError";
+  }
+};
+function parseS3ErrorBody(body) {
+  return {
+    code: body.match(/<Code>([^<]+)<\/Code>/)?.[1],
+    message: body.match(/<Message>([^<]+)<\/Message>/)?.[1]
+  };
+}
 async function uploadFile({
   file,
   url,
   uploadKey,
   uploadFields,
-  logger: logger3
+  logger: logger3,
+  signal
 }) {
   const logInfo2 = logger3 || ((_message, _data) => {
   });
@@ -14095,18 +14193,44 @@ async function uploadFile({
   } else {
     debug9("upload file from buffer");
     logInfo2(`FileUpload: upload file from buffer`);
-    form.append("file", new File([new Uint8Array(file)], "file"));
+    form.append(
+      "file",
+      new File(
+        [
+          new Uint8Array(
+            file.buffer,
+            file.byteOffset,
+            file.byteLength
+          )
+        ],
+        "file"
+      )
+    );
   }
   const agent = getProxyAgent(url);
   const response = await fetch3(url, {
     method: "POST",
     body: form,
-    agent
+    agent,
+    signal
   });
   if (!response.ok) {
-    debug9("error from S3 %s %s", response.body, response.status);
-    logInfo2(`FileUpload: error from S3 ${response.body} ${response.status}`);
-    throw new Error(`Failed to upload the file: ${response.status}`);
+    let bodyText = "";
+    try {
+      bodyText = await response.text();
+    } catch {
+    }
+    const { code, message } = parseS3ErrorBody(bodyText);
+    debug9(
+      "error from S3 status=%d code=%s message=%s",
+      response.status,
+      code,
+      message
+    );
+    logInfo2(
+      `FileUpload: error from S3 status=${response.status} code=${code ?? "unknown"}`
+    );
+    throw new S3UploadError(response.status, code, message);
   }
   debug9("upload file done");
   logInfo2(`FileUpload: upload file done`);
@@ -14772,39 +14896,240 @@ function withTimeout(promise, ms, label) {
   ]);
 }
 
+// src/features/analysis/graphql/s3-raw-data-upload.ts
+import { setTimeout as sleep2 } from "timers/promises";
+import Debug9 from "debug";
+var debug10 = Debug9("mobbdev:tracy-s3-upload");
+var S3_OP_TIMEOUT_MS = 3e4;
+var MAX_TOTAL_S3_UPLOAD_MS = 12e4;
+var MAX_CONCURRENT_S3_UPLOADS = 5;
+var URL_REFRESH_MS = 20 * 60 * 1e3;
+var MAX_UPLOAD_ATTEMPTS = 3;
+var RETRY_BACKOFF_MS = 500;
+var MAX_S3_MESSAGE_CHARS = 120;
+var errorMessage = (e) => e instanceof Error ? e.message : String(e);
+function classifyUploadError(reason) {
+  if (reason instanceof S3UploadError) {
+    return {
+      status: reason.status,
+      s3Code: reason.s3Code,
+      s3Message: reason.s3Message,
+      retryable: reason.status !== 400 && reason.status !== 401
+    };
+  }
+  return { retryable: true };
+}
+function createPresignedUrlProvider(client) {
+  let creds = null;
+  let fetchedAt = 0;
+  const fetchFresh = async () => {
+    let res;
+    try {
+      res = await withTimeout(
+        client.getTracyRawDataUploadUrl(),
+        S3_OP_TIMEOUT_MS,
+        "[step:s3-url] getTracyRawDataUploadUrl"
+      );
+    } catch (err) {
+      throw new Error(
+        `[step:s3-url] Failed to fetch S3 upload URL: ${errorMessage(err)}`
+      );
+    }
+    const { url, uploadFieldsJSON, keyPrefix } = res.getTracyRawDataUploadUrl;
+    if (!url || !uploadFieldsJSON || !keyPrefix) {
+      throw new Error(
+        `[step:s3-url] Missing S3 upload fields (url=${!!url}, fields=${!!uploadFieldsJSON}, prefix=${!!keyPrefix})`
+      );
+    }
+    try {
+      return { url, uploadFields: JSON.parse(uploadFieldsJSON), keyPrefix };
+    } catch {
+      throw new Error("[step:s3-url] Malformed uploadFieldsJSON from server");
+    }
+  };
+  const refresh = async () => {
+    creds = await fetchFresh();
+    fetchedAt = Date.now();
+    return creds;
+  };
+  return {
+    refresh,
+    /** Cached creds, refreshed if missing or near expiry. */
+    async current() {
+      if (!creds || Date.now() - fetchedAt > URL_REFRESH_MS) return refresh();
+      return creds;
+    }
+  };
+}
+async function uploadRawDataToS3(client, entries, serializedByIndex) {
+  const uploaded = /* @__PURE__ */ new Map();
+  const urls = createPresignedUrlProvider(client);
+  debug10(
+    "[step:s3-upload] Uploading %d files to S3 (concurrency=%d)",
+    entries.length,
+    MAX_CONCURRENT_S3_UPLOADS
+  );
+  const start = Date.now();
+  const deadline = start + MAX_TOTAL_S3_UPLOAD_MS;
+  const uploadPass = async (pass) => {
+    const failures = [];
+    for (let i = 0; i < pass.length; i += MAX_CONCURRENT_S3_UPLOADS) {
+      if (Date.now() > deadline) {
+        for (const entry of pass.slice(i)) {
+          failures.push({
+            entry,
+            kind: { retryable: false },
+            message: `[step:s3-upload] aborted: exceeded ${MAX_TOTAL_S3_UPLOAD_MS}ms total upload budget`
+          });
+        }
+        break;
+      }
+      const { url, uploadFields, keyPrefix } = await urls.current();
+      const chunk = pass.slice(i, i + MAX_CONCURRENT_S3_UPLOADS);
+      const settled = await Promise.allSettled(
+        chunk.map(async (entry) => {
+          const rawDataJson = serializedByIndex.get(entry.index);
+          if (!rawDataJson) {
+            debug10("No serialized rawData for recordId=%s", entry.recordId);
+            return;
+          }
+          const uploadKey = `${keyPrefix}${entry.recordId}.json`;
+          const signal = AbortSignal.timeout(S3_OP_TIMEOUT_MS);
+          try {
+            await uploadFile({
+              file: Buffer.from(rawDataJson, "utf-8"),
+              url,
+              uploadKey,
+              uploadFields,
+              signal
+            });
+          } catch (err) {
+            if (signal.aborted) {
+              throw new Error(
+                `[step:s3-upload] uploadFile ${entry.recordId} timed out after ${S3_OP_TIMEOUT_MS}ms`
+              );
+            }
+            throw err;
+          }
+          uploaded.set(entry.index, uploadKey);
+          serializedByIndex.delete(entry.index);
+        })
+      );
+      settled.forEach((outcome, idx) => {
+        if (outcome.status === "rejected") {
+          failures.push({
+            entry: chunk[idx],
+            kind: classifyUploadError(outcome.reason),
+            message: errorMessage(outcome.reason)
+          });
+        }
+      });
+    }
+    return failures;
+  };
+  const failuresByRecord = /* @__PURE__ */ new Map();
+  try {
+    await urls.refresh();
+    let pending = entries;
+    for (let attempt = 1; attempt <= MAX_UPLOAD_ATTEMPTS; attempt++) {
+      const failures = await uploadPass(pending);
+      for (const entry of pending) failuresByRecord.delete(entry.recordId);
+      for (const failure of failures)
+        failuresByRecord.set(failure.entry.recordId, failure);
+      const retryable = failures.filter((failure) => failure.kind.retryable);
+      if (retryable.length === 0 || attempt === MAX_UPLOAD_ATTEMPTS || Date.now() > deadline) {
+        break;
+      }
+      debug10(
+        "[step:s3-upload] attempt %d failed for %d record(s); refreshing URL and retrying",
+        attempt,
+        retryable.length
+      );
+      await sleep2(RETRY_BACKOFF_MS * attempt);
+      await urls.refresh();
+      pending = retryable.map((failure) => failure.entry);
+    }
+  } catch (err) {
+    return { uploaded, errors: [errorMessage(err)] };
+  }
+  debug10("[perf] s3-upload %d files: %dms", entries.length, Date.now() - start);
+  const missing = entries.filter((entry) => !uploaded.has(entry.index));
+  if (missing.length === 0) {
+    debug10("[step:s3-upload] S3 uploads complete");
+    return { uploaded, errors: null };
+  }
+  const detail = missing.map((entry) => {
+    const failure = failuresByRecord.get(entry.recordId);
+    const code = failure?.kind.s3Code ? ` ${failure.kind.s3Code}` : "";
+    const message = failure?.kind.s3Message ? ` "${failure.kind.s3Message.slice(0, MAX_S3_MESSAGE_CHARS)}"` : "";
+    return `[step:s3-upload] ${entry.recordId}: HTTP ${failure?.kind.status ?? "n/a"}${code}${message} (${failure?.message ?? "unknown"})`;
+  });
+  debug10(
+    "[step:s3-upload] Records missing S3 keys: %O",
+    missing.map((entry) => entry.recordId)
+  );
+  return {
+    uploaded,
+    errors: [
+      `[step:s3-upload] Failed to upload rawData for ${missing.length} record(s): ${missing.map((entry) => entry.recordId).join(", ")}`,
+      ...detail
+    ]
+  };
+}
+
 // src/features/analysis/graphql/tracy-batch-upload.ts
-var debug10 = Debug9("mobbdev:tracy-batch-upload");
+var debug11 = Debug10("mobbdev:tracy-batch-upload");
+var errorMessage2 = (e) => e instanceof Error ? e.message : String(e);
 function timedStep(label, fn) {
   const start = Date.now();
   const result = fn();
   const maybePromise = result instanceof Promise ? result : Promise.resolve(result);
   return maybePromise.then(
     (val) => {
-      debug10("[perf] %s: %dms", label, Date.now() - start);
+      debug11("[perf] %s: %dms", label, Date.now() - start);
       return val;
     },
     (err) => {
-      debug10("[perf] %s FAILED: %dms", label, Date.now() - start);
+      debug11("[perf] %s FAILED: %dms", label, Date.now() - start);
       throw err;
     }
   );
 }
 var BATCH_TIMEOUT_MS = 3e4;
+var MIN_RAWDATA_BYTES = 5;
+var MAX_DEGENERATE_SAMPLE_CHARS = 500;
+var REDACTED_SAMPLE = "<redacted: sanitization disabled>";
+var MAX_DEGENERATE_LOG_RECORDS = 20;
+var DEGENERATE_RECORDS_LOG_MESSAGE = "Skipped empty/degenerate rawData records before S3 upload";
+function degenerateRecordsLogFields(degenerate) {
+  return {
+    count: degenerate.length,
+    records: degenerate.slice(0, MAX_DEGENERATE_LOG_RECORDS)
+  };
+}
+function isStructurallyEmptyPayload(serialized) {
+  const trimmed = serialized.trim();
+  if (trimmed === "" || trimmed === "null" || trimmed === '""') return true;
+  const isObject = trimmed.startsWith("{") && trimmed.endsWith("}");
+  const isArray = trimmed.startsWith("[") && trimmed.endsWith("]");
+  if (isObject || isArray) return trimmed.slice(1, -1).trim() === "";
+  return false;
+}
 async function sanitizeRawData(rawData) {
   const start = Date.now();
   try {
     const sanitized = await sanitizeData(rawData);
     const serialized = JSON.stringify(sanitized);
-    debug10(
+    debug11(
       "[perf] sanitizeRawData: %dms (%d bytes)",
       Date.now() - start,
       serialized.length
     );
     return serialized;
   } catch (err) {
-    console.warn(
-      "[tracy] sanitizeRawData failed, falling back to unsanitized:",
-      err.message
+    debug11(
+      "[tracy] sanitizeRawData failed, falling back to unsanitized: %s",
+      errorMessage2(err)
     );
     return JSON.stringify(rawData);
   }
@@ -14814,12 +15139,13 @@ async function prepareAndSendTracyRecords(client, rawRecords, workingDir, option
   const defaultClientVersion = packageJson.version;
   const shouldSanitize = options?.sanitize ?? true;
   const defaults = workingDir != null ? await readRepoState(workingDir) : { repositoryUrl: null, branch: null, commitSha: null };
-  debug10(
+  debug11(
     "[step:sanitize] %s %d records",
     shouldSanitize ? "Sanitizing" : "Serializing",
     rawRecords.length
   );
   const serializedRawDataByIndex = /* @__PURE__ */ new Map();
+  const degenerate = [];
   const records = await timedStep(
     `${shouldSanitize ? "sanitize" : "serialize"} ${rawRecords.length} records`,
     async () => {
@@ -14828,7 +15154,19 @@ async function prepareAndSendTracyRecords(client, rawRecords, workingDir, option
         const record = rawRecords[index];
         if (record.rawData != null && record.rawDataS3Key == null) {
           const serialized = shouldSanitize ? await sanitizeRawData(record.rawData) : JSON.stringify(record.rawData);
-          serializedRawDataByIndex.set(index, serialized);
+          const bytes = Buffer.byteLength(serialized, "utf-8");
+          if (bytes < MIN_RAWDATA_BYTES || isStructurallyEmptyPayload(serialized)) {
+            degenerate.push({
+              recordId: record.recordId,
+              platform: record.platform,
+              filePath: record.filePath,
+              editType: record.editType,
+              bytes,
+              sample: shouldSanitize ? serialized.slice(0, MAX_DEGENERATE_SAMPLE_CHARS) : REDACTED_SAMPLE
+            });
+          } else {
+            serializedRawDataByIndex.set(index, serialized);
+          }
         }
         const { rawData: _rawData, ...rest } = record;
         results.push({
@@ -14844,104 +15182,19 @@ async function prepareAndSendTracyRecords(client, rawRecords, workingDir, option
       return results;
     }
   );
-  const recordsWithRawData = rawRecords.map((r, i) => ({ recordId: r.recordId, index: i })).filter((entry) => serializedRawDataByIndex.has(entry.index));
+  const degenerateOut = degenerate.length > 0 ? degenerate : void 0;
+  const finish = (result) => ({ ...result, degenerate: degenerateOut });
+  const recordsWithRawData = rawRecords.map((record, index) => ({ recordId: record.recordId, index })).filter((entry) => serializedRawDataByIndex.has(entry.index));
   if (recordsWithRawData.length > 0) {
-    debug10(
-      "[step:s3-url] Requesting presigned URL for %d rawData files",
-      recordsWithRawData.length
-    );
-    let uploadUrlResult;
-    try {
-      uploadUrlResult = await withTimeout(
-        client.getTracyRawDataUploadUrl(),
-        BATCH_TIMEOUT_MS,
-        "[step:s3-url] getTracyRawDataUploadUrl"
-      );
-    } catch (err) {
-      return {
-        ok: false,
-        errors: [
-          `[step:s3-url] Failed to fetch S3 upload URL: ${err.message}`
-        ]
-      };
-    }
-    const { url, uploadFieldsJSON, keyPrefix } = uploadUrlResult.getTracyRawDataUploadUrl;
-    if (!url || !uploadFieldsJSON || !keyPrefix) {
-      return {
-        ok: false,
-        errors: [
-          `[step:s3-url] Missing S3 upload fields (url=${!!url}, fields=${!!uploadFieldsJSON}, prefix=${!!keyPrefix})`
-        ]
-      };
-    }
-    let uploadFields;
-    try {
-      uploadFields = JSON.parse(uploadFieldsJSON);
-    } catch {
-      return {
-        ok: false,
-        errors: ["[step:s3-url] Malformed uploadFieldsJSON from server"]
-      };
-    }
-    const MAX_CONCURRENT_S3_UPLOADS = 5;
-    debug10(
-      "[step:s3-upload] Uploading %d files to S3 (concurrency=%d)",
-      recordsWithRawData.length,
-      MAX_CONCURRENT_S3_UPLOADS
+    const { uploaded, errors } = await uploadRawDataToS3(
+      client,
+      recordsWithRawData,
+      serializedRawDataByIndex
     );
-    const s3Start = Date.now();
-    const uploadResults = [];
-    for (let i = 0; i < recordsWithRawData.length; i += MAX_CONCURRENT_S3_UPLOADS) {
-      const chunk = recordsWithRawData.slice(i, i + MAX_CONCURRENT_S3_UPLOADS);
-      const chunkResults = await Promise.allSettled(
-        chunk.map(async (entry) => {
-          const rawDataJson = serializedRawDataByIndex.get(entry.index);
-          if (!rawDataJson) {
-            debug10("No serialized rawData for recordId=%s", entry.recordId);
-            return;
-          }
-          const uploadKey = `${keyPrefix}${entry.recordId}.json`;
-          await withTimeout(
-            uploadFile({
-              file: Buffer.from(rawDataJson, "utf-8"),
-              url,
-              uploadKey,
-              uploadFields
-            }),
-            BATCH_TIMEOUT_MS,
-            `[step:s3-upload] uploadFile ${entry.recordId}`
-          );
-          records[entry.index].rawDataS3Key = uploadKey;
-        })
-      );
-      uploadResults.push(...chunkResults);
-    }
-    debug10(
-      "[perf] s3-upload %d files: %dms",
-      recordsWithRawData.length,
-      Date.now() - s3Start
-    );
-    const uploadErrors = uploadResults.filter((r) => r.status === "rejected").map((r) => r.reason.message);
-    if (uploadErrors.length > 0) {
-      debug10("[step:s3-upload] S3 upload errors: %O", uploadErrors);
-    }
-    const missingS3Keys = recordsWithRawData.filter(
-      (entry) => !records[entry.index].rawDataS3Key
-    );
-    if (missingS3Keys.length > 0) {
-      const missingIds = missingS3Keys.map((e) => e.recordId);
-      debug10("[step:s3-upload] Records missing S3 keys: %O", missingIds);
-      return {
-        ok: false,
-        errors: [
-          `[step:s3-upload] Failed to upload rawData for ${missingS3Keys.length} record(s): ${missingIds.join(", ")}`,
-          ...uploadErrors
-        ]
-      };
-    }
-    debug10("[step:s3-upload] S3 uploads complete");
+    for (const [index, key] of uploaded) records[index].rawDataS3Key = key;
+    if (errors) return finish({ ok: false, errors });
   }
-  debug10("[step:gql-submit] Submitting %d records via GraphQL", records.length);
+  debug11("[step:gql-submit] Submitting %d records via GraphQL", records.length);
   try {
     const result = await timedStep(
       `gql-submit ${records.length} records`,
@@ -14952,21 +15205,21 @@ async function prepareAndSendTracyRecords(client, rawRecords, workingDir, option
       )
     );
     if (result.uploadTracyRecords.status !== "OK") {
-      return {
+      return finish({
         ok: false,
         errors: [
           `[step:gql-submit] Server rejected: ${result.uploadTracyRecords.error ?? "Unknown server error"}`
         ]
-      };
+      });
     }
   } catch (err) {
-    debug10("[step:gql-submit] Upload failed: %s", err.message);
-    return {
+    debug11("[step:gql-submit] Upload failed: %s", errorMessage2(err));
+    return finish({
       ok: false,
-      errors: [`[step:gql-submit] ${err.message}`]
-    };
+      errors: [`[step:gql-submit] ${errorMessage2(err)}`]
+    });
   }
-  return { ok: true, errors: null };
+  return finish({ ok: true, errors: null });
 }
 
 // src/mcp/services/types.ts
@@ -15002,7 +15255,7 @@ function buildLoginUrl(baseUrl, loginId, hostname, context) {
 }
 
 // src/commands/AuthManager.ts
-var debug11 = Debug10("mobbdev:auth");
+var debug12 = Debug11("mobbdev:auth");
 var LOGIN_MAX_WAIT = 2 * 60 * 1e3;
 var LOGIN_CHECK_DELAY = 2 * 1e3;
 var _AuthManager = class _AuthManager {
@@ -15032,7 +15285,7 @@ var _AuthManager = class _AuthManager {
       return false;
     }
     if (_AuthManager.browserCooldownMs > 0 && Date.now() - _AuthManager.lastBrowserOpenTime < _AuthManager.browserCooldownMs) {
-      debug11("browser cooldown active, skipping open");
+      debug12("browser cooldown active, skipping open");
       return false;
     }
     open(this.currentBrowserUrl);
@@ -15085,7 +15338,7 @@ var _AuthManager = class _AuthManager {
       const result = await this.checkAuthentication();
       this.authenticated = result.isAuthenticated;
       if (!result.isAuthenticated) {
-        debug11("isAuthenticated: false \u2014 %s (%s)", result.message, result.reason);
+        debug12("isAuthenticated: false \u2014 %s (%s)", result.message, result.reason);
       }
     }
     return this.authenticated;
@@ -15173,9 +15426,9 @@ var _AuthManager = class _AuthManager {
       return null;
     } catch (error) {
       if (isTransientError(error)) {
-        debug11("getApiToken: transient error, will retry");
+        debug12("getApiToken: transient error, will retry");
       } else {
-        debug11("getApiToken: unexpected error: %O", error);
+        debug12("getApiToken: unexpected error: %O", error);
       }
       return null;
     }
@@ -15228,10 +15481,10 @@ __publicField(_AuthManager, "lastBrowserOpenTime", 0);
 var AuthManager = _AuthManager;
 
 // src/features/analysis/add_fix_comments_for_pr/add_fix_comments_for_pr.ts
-import Debug14 from "debug";
+import Debug15 from "debug";
 
 // src/features/analysis/add_fix_comments_for_pr/utils/utils.ts
-import Debug13 from "debug";
+import Debug14 from "debug";
 import parseDiff from "parse-diff";
 import { z as z29 } from "zod";
 
@@ -15243,9 +15496,9 @@ function keyBy(array, keyBy2) {
 }
 
 // src/features/analysis/utils/send_report.ts
-import Debug11 from "debug";
+import Debug12 from "debug";
 init_client_generates();
-var debug12 = Debug11("mobbdev:index");
+var debug13 = Debug12("mobbdev:index");
 async function sendReport({
   spinner,
   submitVulnerabilityReportVariables,
@@ -15257,7 +15510,7 @@ async function sendReport({
       submitVulnerabilityReportVariables
     );
     if (submitRes.submitVulnerabilityReport.__typename !== "VulnerabilityReport") {
-      debug12("error submit vul report %s", submitRes);
+      debug13("error submit vul report %s", submitRes);
       throw new Error("\u{1F575}\uFE0F\u200D\u2642\uFE0F Mobb analysis failed");
     }
     spinner.update({ text: progressMassages.processingVulnerabilityReport });
@@ -15269,7 +15522,7 @@ async function sendReport({
       "Finished" /* Finished */
     ];
     if (polling) {
-      debug12("[sendReport] Using POLLING mode for analysis state updates");
+      debug13("[sendReport] Using POLLING mode for analysis state updates");
       await gqlClient.pollForAnalysisState({
         analysisId: submitRes.submitVulnerabilityReport.fixReportId,
         callback,
@@ -15277,7 +15530,7 @@ async function sendReport({
         timeoutInMs: VUL_REPORT_DIGEST_TIMEOUT_MS
       });
     } else {
-      debug12("[sendReport] Using WEBSOCKET mode for analysis state updates");
+      debug13("[sendReport] Using WEBSOCKET mode for analysis state updates");
       await gqlClient.subscribeToAnalysis({
         subscribeToAnalysisParams: {
           analysisId: submitRes.submitVulnerabilityReport.fixReportId
@@ -15321,10 +15574,10 @@ var scannerToFriendlyString = {
 };
 
 // src/features/analysis/add_fix_comments_for_pr/utils/buildCommentBody.ts
-import Debug12 from "debug";
+import Debug13 from "debug";
 import { z as z28 } from "zod";
 init_client_generates();
-var debug13 = Debug12("mobbdev:handle-finished-analysis");
+var debug14 = Debug13("mobbdev:handle-finished-analysis");
 var getCommitFixButton = (commitUrl) => `<a href="${commitUrl}"><img src=${COMMIT_FIX_SVG}></a>`;
 function buildFixCommentBody({
   fix,
@@ -15375,7 +15628,7 @@ function buildFixCommentBody({
     safeIssueType: z28.nativeEnum(IssueType_Enum)
   }).safeParse(fix);
   if (!validFixParseRes.success) {
-    debug13(
+    debug14(
       `fix ${fixId} has custom issue type or language, therefore the commit description will not be added`,
       validFixParseRes.error
     );
@@ -15439,7 +15692,7 @@ ${issuePageLink}`;
 }
 
 // src/features/analysis/add_fix_comments_for_pr/utils/utils.ts
-var debug14 = Debug13("mobbdev:handle-finished-analysis");
+var debug15 = Debug14("mobbdev:handle-finished-analysis");
 function calculateRanges(integers) {
   if (integers.length === 0) {
     return [];
@@ -15473,7 +15726,7 @@ function deleteAllPreviousComments({
     try {
       return scm.deleteComment({ comment_id: comment.id });
     } catch (e) {
-      debug14("delete comment failed %s", e);
+      debug15("delete comment failed %s", e);
       return Promise.resolve();
     }
   });
@@ -15489,7 +15742,7 @@ function deleteAllPreviousGeneralPrComments(params) {
     try {
       return scm.deleteGeneralPrComment({ commentId: comment.id });
     } catch (e) {
-      debug14("delete comment failed %s", e);
+      debug15("delete comment failed %s", e);
       return Promise.resolve();
     }
   });
@@ -15633,7 +15886,7 @@ async function postAnalysisInsightComment(params) {
     fixablePrVuls,
     nonFixablePrVuls
   } = prVulenrabilities;
-  debug14({
+  debug15({
     fixablePrVuls,
     nonFixablePrVuls,
     vulnerabilitiesOutsidePr,
@@ -15688,7 +15941,7 @@ ${contactUsMarkdown}`;
 }
 
 // src/features/analysis/add_fix_comments_for_pr/add_fix_comments_for_pr.ts
-var debug15 = Debug14("mobbdev:handle-finished-analysis");
+var debug16 = Debug15("mobbdev:handle-finished-analysis");
 async function addFixCommentsForPr({
   analysisId,
   scm: _scm,
@@ -15700,7 +15953,7 @@ async function addFixCommentsForPr({
   }
   const scm = _scm;
   const getAnalysisRes = await gqlClient.getAnalysis(analysisId);
-  debug15("getAnalysis %o", getAnalysisRes);
+  debug16("getAnalysis %o", getAnalysisRes);
   const {
     vulnerabilityReport: {
       projectId,
@@ -15810,8 +16063,8 @@ ${contextString}` : description;
 
 // src/features/analysis/auto_pr_handler.ts
 init_client_generates();
-import Debug15 from "debug";
-var debug16 = Debug15("mobbdev:handleAutoPr");
+import Debug16 from "debug";
+var debug17 = Debug16("mobbdev:handleAutoPr");
 async function handleAutoPr(params) {
   const {
     gqlClient,
@@ -15832,7 +16085,7 @@ async function handleAutoPr(params) {
       prId,
       prStrategy: createOnePr ? "CONDENSE" /* Condense */ : "SPREAD" /* Spread */
     });
-    debug16("auto pr analysis res %o", autoPrAnalysisRes);
+    debug17("auto pr analysis res %o", autoPrAnalysisRes);
     if (autoPrAnalysisRes.autoPrAnalysis?.__typename === "AutoPrError") {
       createAutoPrSpinner.error({
         text: `\u{1F504} Automatic pull request failed - ${autoPrAnalysisRes.autoPrAnalysis.error}`
@@ -15854,14 +16107,14 @@ async function handleAutoPr(params) {
   };
   const callbackStates = ["Finished" /* Finished */];
   if (polling) {
-    debug16("[handleAutoPr] Using POLLING mode for analysis state updates");
+    debug17("[handleAutoPr] Using POLLING mode for analysis state updates");
     return await gqlClient.pollForAnalysisState({
       analysisId,
       callback,
       callbackStates
     });
   } else {
-    debug16("[handleAutoPr] Using WEBSOCKET mode for analysis state updates");
+    debug17("[handleAutoPr] Using WEBSOCKET mode for analysis state updates");
     return await gqlClient.subscribeToAnalysis({
       subscribeToAnalysisParams: {
         analysisId
@@ -15874,15 +16127,15 @@ async function handleAutoPr(params) {
 
 // src/features/analysis/git.ts
 init_GitService();
-import Debug16 from "debug";
-var debug17 = Debug16("mobbdev:git");
+import Debug17 from "debug";
+var debug18 = Debug17("mobbdev:git");
 async function getGitInfo(srcDirPath) {
-  debug17("getting git info for %s", srcDirPath);
+  debug18("getting git info for %s", srcDirPath);
   const gitService = new GitService(srcDirPath);
   try {
     const validationResult = await gitService.validateRepository();
     if (!validationResult.isValid) {
-      debug17("folder is not a git repo");
+      debug18("folder is not a git repo");
       return {
         success: false,
         hash: void 0,
@@ -15897,9 +16150,9 @@ async function getGitInfo(srcDirPath) {
     };
   } catch (e) {
     if (e instanceof Error) {
-      debug17("failed to run git %o", e);
+      debug18("failed to run git %o", e);
       if (e.message.includes(" spawn ")) {
-        debug17("git cli not installed");
+        debug18("git cli not installed");
       } else {
         throw e;
       }
@@ -15913,13 +16166,13 @@ init_configs();
 import fs9 from "fs";
 import path8 from "path";
 import AdmZip from "adm-zip";
-import Debug17 from "debug";
+import Debug18 from "debug";
 import { globby } from "globby";
 import { isBinary as isBinary2 } from "istextorbinary";
 import { simpleGit as simpleGit3 } from "simple-git";
 import { parseStringPromise } from "xml2js";
 import { z as z30 } from "zod";
-var debug18 = Debug17("mobbdev:pack");
+var debug19 = Debug18("mobbdev:pack");
 var FPR_SOURCE_CODE_FILE_MAPPING_SCHEMA = z30.object({
   properties: z30.object({
     entry: z30.array(
@@ -15941,7 +16194,7 @@ function getManifestFilesSuffixes() {
   return ["package.json", "pom.xml"];
 }
 async function pack(srcDirPath, vulnFiles, isIncludeAllFiles = false) {
-  debug18("pack folder %s", srcDirPath);
+  debug19("pack folder %s", srcDirPath);
   let git;
   try {
     git = simpleGit3({
@@ -15951,13 +16204,13 @@ async function pack(srcDirPath, vulnFiles, isIncludeAllFiles = false) {
     });
     await git.status();
   } catch (e) {
-    debug18("failed to run git %o", e);
+    debug19("failed to run git %o", e);
     git = void 0;
     if (e instanceof Error) {
       if (e.message.includes(" spawn ")) {
-        debug18("git cli not installed");
+        debug19("git cli not installed");
       } else if (e.message.includes("not a git repository")) {
-        debug18("folder is not a git repo");
+        debug19("folder is not a git repo");
       } else {
         throw e;
       }
@@ -15972,9 +16225,9 @@ async function pack(srcDirPath, vulnFiles, isIncludeAllFiles = false) {
     followSymbolicLinks: false,
     dot: true
   });
-  debug18("files found %d", filepaths.length);
+  debug19("files found %d", filepaths.length);
   const zip = new AdmZip();
-  debug18("compressing files");
+  debug19("compressing files");
   for (const filepath of filepaths) {
     const absFilepath = path8.join(srcDirPath, filepath.toString());
     if (!isIncludeAllFiles) {
@@ -15983,12 +16236,12 @@ async function pack(srcDirPath, vulnFiles, isIncludeAllFiles = false) {
         absFilepath.toString().replaceAll(path8.win32.sep, path8.posix.sep),
         vulnFiles
       )) {
-        debug18("ignoring %s because it is not a vulnerability file", filepath);
+        debug19("ignoring %s because it is not a vulnerability file", filepath);
         continue;
       }
     }
     if (fs9.lstatSync(absFilepath).size > MCP_MAX_FILE_SIZE) {
-      debug18(
+      debug19(
         "ignoring %s \u2014 file size exceeds MCP_MAX_FILE_SIZE (%d bytes)",
         filepath,
         MCP_MAX_FILE_SIZE
@@ -16006,16 +16259,16 @@ async function pack(srcDirPath, vulnFiles, isIncludeAllFiles = false) {
       data = fs9.readFileSync(absFilepath);
     }
     if (isBinary2(null, data)) {
-      debug18("ignoring %s because is seems to be a binary file", filepath);
+      debug19("ignoring %s because is seems to be a binary file", filepath);
       continue;
     }
     zip.addFile(filepath.toString(), data);
   }
-  debug18("get zip file buffer");
+  debug19("get zip file buffer");
   return zip.toBuffer();
 }
 async function repackFpr(fprPath) {
-  debug18("repack fpr file %s", fprPath);
+  debug19("repack fpr file %s", fprPath);
   const zipIn = new AdmZip(fprPath);
   const zipOut = new AdmZip();
   const mappingXML = zipIn.readAsText("src-archive/index.xml", "utf-8");
@@ -16030,7 +16283,7 @@ async function repackFpr(fprPath) {
       zipOut.addFile(realPath, buf);
     }
   }
-  debug18("get repacked zip file buffer");
+  debug19("get repacked zip file buffer");
   return zipOut.toBuffer();
 }
 
@@ -16101,7 +16354,7 @@ async function snykArticlePrompt() {
 // src/features/analysis/scanners/checkmarx.ts
 import { createRequire } from "module";
 import chalk5 from "chalk";
-import Debug19 from "debug";
+import Debug20 from "debug";
 import { existsSync } from "fs";
 import { createSpinner as createSpinner2 } from "nanospinner";
 import { type } from "os";
@@ -16113,7 +16366,7 @@ var cxOperatingSystemSupportMessage = `Your operating system does not support ch
 
 // src/utils/child_process.ts
 import cp from "child_process";
-import Debug18 from "debug";
+import Debug19 from "debug";
 import * as process2 from "process";
 function createFork({ args, processPath, name }, options) {
   const child = cp.fork(processPath, args, {
@@ -16131,16 +16384,16 @@ function createSpawn({ args, processPath, name, cwd, env: env3 }, options) {
   return createChildProcess({ childProcess: child, name }, options);
 }
 function createChildProcess({ childProcess, name }, options) {
-  const debug23 = Debug18(`mobbdev:${name}`);
+  const debug24 = Debug19(`mobbdev:${name}`);
   const { display } = options;
   return new Promise((resolve, reject) => {
     let out = "";
     const onData = (chunk) => {
-      debug23(`chunk received from ${name} std ${chunk}`);
+      debug24(`chunk received from ${name} std ${chunk}`);
       out += chunk;
     };
     if (!childProcess?.stdout || !childProcess?.stderr) {
-      debug23(`unable to fork ${name}`);
+      debug24(`unable to fork ${name}`);
       reject(new Error(`unable to fork ${name}`));
     }
     childProcess.stdout?.on("data", onData);
@@ -16150,18 +16403,18 @@ function createChildProcess({ childProcess, name }, options) {
       childProcess.stderr?.pipe(process2.stderr);
     }
     childProcess.on("exit", (code) => {
-      debug23(`${name} exit code ${code}`);
+      debug24(`${name} exit code ${code}`);
       resolve({ message: out, code });
     });
     childProcess.on("error", (err) => {
-      debug23(`${name} error %o`, err);
+      debug24(`${name} error %o`, err);
       reject(err);
     });
   });
 }
 
 // src/features/analysis/scanners/checkmarx.ts
-var debug19 = Debug19("mobbdev:checkmarx");
+var debug20 = Debug20("mobbdev:checkmarx");
 var moduleUrl;
 if (typeof __filename !== "undefined") {
   moduleUrl = __filename;
@@ -16220,14 +16473,14 @@ function validateCheckmarxInstallation() {
   existsSync(getCheckmarxPath());
 }
 async function forkCheckmarx(args, { display }) {
-  debug19("fork checkmarx with args %o %s", args.join(" "), display);
+  debug20("fork checkmarx with args %o %s", args.join(" "), display);
   return createSpawn(
     { args, processPath: getCheckmarxPath(), name: "checkmarx" },
     { display }
   );
 }
 async function getCheckmarxReport({ reportPath, repositoryRoot, branch, projectName }, { skipPrompts = false }) {
-  debug19("get checkmarx report start %s %s", reportPath, repositoryRoot);
+  debug20("get checkmarx report start %s %s", reportPath, repositoryRoot);
   const { code: loginCode } = await forkCheckmarx(VALIDATE_COMMAND, {
     display: false
   });
@@ -16295,10 +16548,10 @@ async function validateCheckamxCredentials() {
 // src/features/analysis/scanners/snyk.ts
 import { createRequire as createRequire2 } from "module";
 import chalk6 from "chalk";
-import Debug20 from "debug";
+import Debug21 from "debug";
 import { createSpinner as createSpinner3 } from "nanospinner";
 import open2 from "open";
-var debug20 = Debug20("mobbdev:snyk");
+var debug21 = Debug21("mobbdev:snyk");
 var moduleUrl2;
 if (typeof __filename !== "undefined") {
   moduleUrl2 = __filename;
@@ -16320,13 +16573,13 @@ if (typeof __filename !== "undefined") {
 var costumeRequire2 = createRequire2(moduleUrl2);
 var SNYK_PATH = costumeRequire2.resolve("snyk/bin/snyk");
 var SNYK_ARTICLE_URL = "https://docs.snyk.io/scan-using-snyk/snyk-code/configure-snyk-code#enable-snyk-code";
-debug20("snyk executable path %s", SNYK_PATH);
+debug21("snyk executable path %s", SNYK_PATH);
 async function forkSnyk(args, { display }) {
-  debug20("fork snyk with args %o %s", args, display);
+  debug21("fork snyk with args %o %s", args, display);
   return createFork({ args, processPath: SNYK_PATH, name: "snyk" }, { display });
 }
 async function getSnykReport(reportPath, repoRoot, { skipPrompts = false }) {
-  debug20("get snyk report start %s %s", reportPath, repoRoot);
+  debug21("get snyk report start %s %s", reportPath, repoRoot);
   const config2 = await forkSnyk(["config"], { display: false });
   const { message: configMessage } = config2;
   if (!configMessage.includes("api: ")) {
@@ -16340,7 +16593,7 @@ async function getSnykReport(reportPath, repoRoot, { skipPrompts = false }) {
     snykLoginSpinner.update({
       text: "\u{1F513} Waiting for Snyk login to complete"
     });
-    debug20("no token in the config %s", config2);
+    debug21("no token in the config %s", config2);
     await forkSnyk(["auth"], { display: true });
     snykLoginSpinner.success({ text: "\u{1F513} Login to Snyk Successful" });
   }
@@ -16350,12 +16603,12 @@ async function getSnykReport(reportPath, repoRoot, { skipPrompts = false }) {
     { display: true }
   );
   if (scanOutput.includes("Snyk Code is not supported for org")) {
-    debug20("snyk code is not enabled %s", scanOutput);
+    debug21("snyk code is not enabled %s", scanOutput);
     snykSpinner.error({ text: "\u{1F50D} Snyk configuration needed" });
     const answer = await snykArticlePrompt();
-    debug20("answer %s", answer);
+    debug21("answer %s", answer);
     if (answer) {
-      debug20("opening the browser");
+      debug21("opening the browser");
       await open2(SNYK_ARTICLE_URL);
     }
     console.log(
@@ -16403,9 +16656,9 @@ async function downloadRepo({
 }) {
   const { createSpinner: createSpinner5 } = Spinner2({ ci });
   const repoSpinner = createSpinner5("\u{1F4BE} Downloading Repo").start();
-  debug21("download repo %s %s %s", repoUrl, dirname);
+  debug22("download repo %s %s %s", repoUrl, dirname);
   const zipFilePath = path10.join(dirname, "repo.zip");
-  debug21("download URL: %s auth headers: %o", downloadUrl, authHeaders);
+  debug22("download URL: %s auth headers: %o", downloadUrl, authHeaders);
   const response = await fetch4(downloadUrl, {
     method: "GET",
     headers: {
@@ -16413,7 +16666,7 @@ async function downloadRepo({
     }
   });
   if (!response.ok) {
-    debug21("SCM zipball request failed %s %s", response.body, response.status);
+    debug22("SCM zipball request failed %s %s", response.body, response.status);
     repoSpinner.error({ text: "\u{1F4BE} Repo download failed" });
     throw new Error(`Can't access ${chalk7.bold(repoUrl)}`);
   }
@@ -16427,7 +16680,7 @@ async function downloadRepo({
   if (!repoRoot) {
     throw new Error("Repo root not found");
   }
-  debug21("repo root %s", repoRoot);
+  debug22("repo root %s", repoRoot);
   repoSpinner.success({ text: "\u{1F4BE} Repo downloaded successfully" });
   return path10.join(dirname, repoRoot);
 }
@@ -16436,7 +16689,7 @@ var getReportUrl = ({
   projectId,
   fixReportId
 }) => `${WEB_APP_URL}/organization/${organizationId}/project/${projectId}/report/${fixReportId}`;
-var debug21 = Debug21("mobbdev:index");
+var debug22 = Debug22("mobbdev:index");
 async function runAnalysis(params, options) {
   const tmpObj = tmp2.dirSync({
     unsafeCleanup: true
@@ -16583,7 +16836,7 @@ async function _scan(params, { skipPrompts = false } = {}) {
     polling,
     baselineCommit
   } = params;
-  debug21("start %s %s", dirname, repo);
+  debug22("start %s %s", dirname, repo);
   const { createSpinner: createSpinner5 } = Spinner2({ ci });
   skipPrompts = skipPrompts || ci;
   const gqlClient = await getAuthenticatedGQLClient({
@@ -16623,8 +16876,8 @@ async function _scan(params, { skipPrompts = false } = {}) {
   });
   if (!isRepoAvailable) {
     if (ci || !cloudScmLibType || !scmAuthUrl) {
-      const errorMessage = scmAuthUrl ? `Cannot access repo ${repo}. Make sure that the repo is accessible and the SCM token configured on Mobb is correct.` : `Cannot access repo ${repo} with the provided token, please visit ${scmAuthUrl} to refresh your source control management system token`;
-      throw new Error(errorMessage);
+      const errorMessage3 = scmAuthUrl ? `Cannot access repo ${repo}. Make sure that the repo is accessible and the SCM token configured on Mobb is correct.` : `Cannot access repo ${repo} with the provided token, please visit ${scmAuthUrl} to refresh your source control management system token`;
+      throw new Error(errorMessage3);
     }
     if (cloudScmLibType && scmAuthUrl) {
       await handleScmIntegration(tokenInfo.accessToken, scmAuthUrl, repo);
@@ -16656,8 +16909,8 @@ async function _scan(params, { skipPrompts = false } = {}) {
     );
   }
   const { sha } = getReferenceDataRes.gitReference;
-  debug21("project id %s", projectId);
-  debug21("default branch %s", reference);
+  debug22("project id %s", projectId);
+  debug22("default branch %s", reference);
   if (command === "scan") {
     reportPath = await getReport(
       {
@@ -16994,7 +17247,7 @@ async function _digestReport({
       text: progressMassages.processingVulnerabilityReportSuccess
     });
     if (polling) {
-      debug21(
+      debug22(
         "[_digestReport] Using POLLING mode for analysis state updates (--polling flag enabled)"
       );
       console.log(
@@ -17009,7 +17262,7 @@ async function _digestReport({
         timeoutInMs: VUL_REPORT_DIGEST_TIMEOUT_MS
       });
     } else {
-      debug21(
+      debug22(
         "[_digestReport] Using WEBSOCKET mode for analysis state updates (default)"
       );
       console.log(
@@ -17034,9 +17287,9 @@ async function _digestReport({
     });
     return vulnFiles;
   } catch (e) {
-    const errorMessage = e instanceof ReportDigestError ? e.getDisplayMessage() : ReportDigestError.defaultMessage;
+    const errorMessage3 = e instanceof ReportDigestError ? e.getDisplayMessage() : ReportDigestError.defaultMessage;
     digestSpinner.error({
-      text: errorMessage
+      text: errorMessage3
     });
     throw e;
   }
@@ -17073,7 +17326,7 @@ async function waitForAnaysisAndReviewPr({
     });
   };
   if (polling) {
-    debug21(
+    debug22(
       "[waitForAnaysisAndReviewPr] Using POLLING mode for analysis state updates"
     );
     console.log(
@@ -17087,7 +17340,7 @@ async function waitForAnaysisAndReviewPr({
       callbackStates: ["Finished" /* Finished */]
     });
   } else {
-    debug21(
+    debug22(
       "[waitForAnaysisAndReviewPr] Using WEBSOCKET mode for analysis state updates"
     );
     console.log(
@@ -17391,11 +17644,11 @@ function throwRepoUrlErrorMessage({
   repoUrl,
   command
 }) {
-  const errorMessage = error.issues[error.issues.length - 1]?.message;
+  const errorMessage3 = error.issues[error.issues.length - 1]?.message;
   const formattedErrorMessage = `
 Error: ${chalk9.bold(
     repoUrl
-  )} is ${errorMessage}
+  )} is ${errorMessage3}
 Example: 
 	mobbdev ${command} -r ${chalk9.bold(
     "https://github.com/WebGoat/WebGoat"
@@ -17523,7 +17776,7 @@ import { spawn } from "child_process";
 import { readFileSync, writeFileSync as writeFileSync2 } from "fs";
 import * as os8 from "os";
 import path24 from "path";
-import { setTimeout as sleep2 } from "timers/promises";
+import { setTimeout as sleep3 } from "timers/promises";
 import Configstore3 from "configstore";
 
 // src/features/analysis/skill_quarantine/runQuarantineCheck.ts
@@ -19410,7 +19663,7 @@ function createLogger(config2) {
   const info = pinoLogger.info.bind(pinoLogger);
   const warn = pinoLogger.warn.bind(pinoLogger);
   const error = pinoLogger.error.bind(pinoLogger);
-  const debug23 = pinoLogger.debug.bind(pinoLogger);
+  const debug24 = pinoLogger.debug.bind(pinoLogger);
   function heartbeat(message, data) {
     pinoLogger.info({ data, heartbeat: true }, message);
   }
@@ -19453,7 +19706,7 @@ function createLogger(config2) {
     info,
     warn,
     error,
-    debug: debug23,
+    debug: debug24,
     heartbeat,
     timed,
     flushLogs,
@@ -19468,7 +19721,7 @@ function createLogger(config2) {
 
 // src/features/claude_code/hook_logger.ts
 var DD_RUM_TOKEN = true ? "pubf59c0182545bfb4c299175119f1abf9b" : "";
-var CLI_VERSION = true ? "1.4.21" : "unknown";
+var CLI_VERSION = true ? "1.4.23" : "unknown";
 var NAMESPACE = "mobbdev-claude-code-hook-logs";
 var claudeCodeVersion;
 function buildDdTags() {
@@ -19996,6 +20249,12 @@ async function processTranscript(input, sessionStore, log2, maxEntries = DAEMON_
       sanitize
     })
   );
+  if (result.degenerate?.length) {
+    log2.warn(
+      { data: degenerateRecordsLogFields(result.degenerate) },
+      DEGENERATE_RECORDS_LOG_MESSAGE
+    );
+  }
   if (result.ok) {
     const lastRawEntry = rawEntries[rawEntries.length - 1];
     const cursor = {
@@ -20566,7 +20825,7 @@ async function startDaemon() {
       },
       "daemon poll cycle"
     );
-    await sleep2(DAEMON_POLL_INTERVAL_MS);
+    await sleep3(DAEMON_POLL_INTERVAL_MS);
   }
 }
 async function acquirePidFile() {
@@ -21289,7 +21548,7 @@ var McpGQLClient = class extends GQLClient {
                   { data }
                 );
                 if (!data.analysis?.state || data.analysis?.state === "Failed" /* Failed */) {
-                  const errorMessage = data.analysis?.failReason || `Analysis failed with id: ${data.analysis?.id}`;
+                  const errorMessage3 = data.analysis?.failReason || `Analysis failed with id: ${data.analysis?.id}`;
                   logError(`[${scanContext}] GraphQL: Analysis failed`, {
                     analysisId: data.analysis?.id,
                     state: data.analysis?.state,
@@ -21297,7 +21556,7 @@ var McpGQLClient = class extends GQLClient {
                     ...this.getErrorContext()
                   });
                   subscription.unsubscribe();
-                  reject(new Error(errorMessage));
+                  reject(new Error(errorMessage3));
                   return;
                 }
                 if (callbackStates.includes(data.analysis?.state)) {
@@ -21409,17 +21668,17 @@ var McpGQLClient = class extends GQLClient {
         });
         return createdProject.createProject.projectId;
       } catch (createError) {
-        const errorMessage = createError instanceof Error ? createError.message : String(createError);
-        const isConstraintViolation = errorMessage.includes(
+        const errorMessage3 = createError instanceof Error ? createError.message : String(createError);
+        const isConstraintViolation = errorMessage3.includes(
           "duplicate key value violates unique constraint"
-        ) && errorMessage.includes("project_name_organization_id_key");
+        ) && errorMessage3.includes("project_name_organization_id_key");
         if (isConstraintViolation) {
           logDebug(
             "[GraphQL] Project creation failed due to constraint violation, retrying fetch",
             {
               organizationId: organization.id,
               projectName,
-              error: errorMessage
+              error: errorMessage3
             }
           );
           const retryOrgAndProjectRes = await this._clientSdk.getLastOrgAndNamedProject({
@@ -22829,8 +23088,8 @@ var McpServer = class {
       });
       return serializedResponse;
     } catch (error) {
-      const errorMessage = error instanceof Error ? error.message : String(error);
-      logError(`Error executing tool ${name}: ${errorMessage}`, {
+      const errorMessage3 = error instanceof Error ? error.message : String(error);
+      logError(`Error executing tool ${name}: ${errorMessage3}`, {
         error,
         toolName: name,
         args
@@ -22885,8 +23144,8 @@ var McpServer = class {
       });
       return response;
     } catch (error) {
-      const errorMessage = error instanceof Error ? error.message : String(error);
-      logError(`Error generating prompt ${name}: ${errorMessage}`, {
+      const errorMessage3 = error instanceof Error ? error.message : String(error);
+      logError(`Error generating prompt ${name}: ${errorMessage3}`, {
         error,
         promptName: name,
         args
@@ -23023,8 +23282,8 @@ var BasePrompt = class {
           const message = e.message === "Required" ? `Missing required argument '${fieldPath}'` : `Invalid value for '${fieldPath}': ${e.message}`;
           return message;
         });
-        const errorMessage = `Invalid arguments: ${errorDetails.join(", ")}`;
-        throw new Error(errorMessage);
+        const errorMessage3 = `Invalid arguments: ${errorDetails.join(", ")}`;
+        throw new Error(errorMessage3);
       }
       throw error;
     }
@@ -24733,9 +24992,9 @@ async function validatePath(inputPath) {
     logDebug("Stored validated path in WorkspaceService", { inputPath });
     return { isValid: true, path: inputPath };
   } catch (error) {
-    const errorMessage = `Path does not exist or is not accessible: ${inputPath}`;
-    logError(errorMessage, { error });
-    return { isValid: false, error: errorMessage, path: inputPath };
+    const errorMessage3 = `Path does not exist or is not accessible: ${inputPath}`;
+    logError(errorMessage3, { error });
+    return { isValid: false, error: errorMessage3, path: inputPath };
   }
 }
 
@@ -24773,8 +25032,8 @@ var BaseTool = class {
           const message = e.message === "Required" ? `Missing required parameter '${fieldPath}'` : `Invalid value for '${fieldPath}': ${e.message}`;
           return message;
         });
-        const errorMessage = `Invalid arguments: ${errorDetails.join(", ")}`;
-        throw new Error(errorMessage);
+        const errorMessage3 = `Invalid arguments: ${errorDetails.join(", ")}`;
+        throw new Error(errorMessage3);
       }
       throw error;
     }
@@ -25746,9 +26005,9 @@ var LocalMobbFolderService = class {
       });
       return mobbFolderPath;
     } catch (error) {
-      const errorMessage = `Failed to get/create .mobb folder: ${error}`;
-      logError(errorMessage, { repoPath: this.repoPath, error });
-      throw new Error(errorMessage);
+      const errorMessage3 = `Failed to get/create .mobb folder: ${error}`;
+      logError(errorMessage3, { repoPath: this.repoPath, error });
+      throw new Error(errorMessage3);
     }
   }
   /**
@@ -25909,8 +26168,8 @@ var LocalMobbFolderService = class {
         message: `Patch saved successfully as ${uniqueFileName}`
       };
     } catch (error) {
-      const errorMessage = `Failed to save patch for fix ${fix.id}: ${error}`;
-      logError(errorMessage, {
+      const errorMessage3 = `Failed to save patch for fix ${fix.id}: ${error}`;
+      logError(errorMessage3, {
         fixId: fix.id,
         fileName,
         severity,
@@ -25920,8 +26179,8 @@ var LocalMobbFolderService = class {
       });
       return {
         success: false,
-        error: errorMessage,
-        message: errorMessage
+        error: errorMessage3,
+        message: errorMessage3
       };
     }
   }
@@ -26011,12 +26270,12 @@ var LocalMobbFolderService = class {
         message: `Fix details logged to patchInfo.md`
       };
     } catch (error) {
-      const errorMessage = `Failed to log patch info: ${error}`;
-      logError(errorMessage, { fixId: fix.id, error });
+      const errorMessage3 = `Failed to log patch info: ${error}`;
+      logError(errorMessage3, { fixId: fix.id, error });
       return {
         success: false,
-        error: errorMessage,
-        message: errorMessage
+        error: errorMessage3,
+        message: errorMessage3
       };
     }
   }
@@ -26711,12 +26970,12 @@ var PatchApplicationService = class {
           failedFixes.push({ fix, error: result.error || "Unknown error" });
         }
       } catch (error) {
-        const errorMessage = error instanceof Error ? error.message : String(error);
+        const errorMessage3 = error instanceof Error ? error.message : String(error);
         logError(`[${scanContext}] Failed to apply standalone fix ${fix.id}`, {
-          error: errorMessage,
+          error: errorMessage3,
           issueType: fix.safeIssueType
         });
-        failedFixes.push({ fix, error: errorMessage });
+        failedFixes.push({ fix, error: errorMessage3 });
       }
     }
   }
@@ -26767,17 +27026,17 @@ var PatchApplicationService = class {
         return { success: false, error: result.error };
       }
     } catch (error) {
-      const errorMessage = error instanceof Error ? error.message : String(error);
+      const errorMessage3 = error instanceof Error ? error.message : String(error);
       logInfo(
         `[${scanContext}] Fix ${fix.id} threw exception for ${targetFile}, trying next option if available`,
         {
-          error: errorMessage,
+          error: errorMessage3,
           issueType: fix.safeIssueType,
           attemptNumber,
           remainingOptions: totalAttempts - attemptNumber
         }
       );
-      return { success: false, error: errorMessage };
+      return { success: false, error: errorMessage3 };
     }
   }
   /**
@@ -27281,18 +27540,18 @@ var PatchApplicationService = class {
       );
       return { success: true };
     } catch (patchError) {
-      const errorMessage = patchError instanceof Error ? patchError.message : String(patchError);
+      const errorMessage3 = patchError instanceof Error ? patchError.message : String(patchError);
       logError(
         `[${scanContext}] In-memory patch application failed for fix ${fix.id}`,
         {
-          errorMessage,
+          errorMessage: errorMessage3,
           patchErrorType: patchError instanceof Error ? patchError.name : typeof patchError,
           targetFiles
         }
       );
       return {
         success: false,
-        error: `Patch application failed: ${errorMessage}`
+        error: `Patch application failed: ${errorMessage3}`
       };
     }
   }
@@ -27912,22 +28171,22 @@ var _CheckForNewAvailableFixesService = class _CheckForNewAvailableFixesService
       this.updateFilesScanTimestamps(filesToScan);
       this.isInitialScanComplete = true;
     } catch (error) {
-      const errorMessage = error.message;
-      if (errorMessage.includes("Authentication failed") || errorMessage.includes("access-denied") || errorMessage.includes("Authentication hook unauthorized")) {
+      const errorMessage3 = error.message;
+      if (errorMessage3.includes("Authentication failed") || errorMessage3.includes("access-denied") || errorMessage3.includes("Authentication hook unauthorized")) {
         logError(
           `[${scanContext}] Periodic scan skipped due to authentication failure. Please re-authenticate by running a manual scan.`,
           {
-            error: errorMessage
+            error: errorMessage3
           }
         );
         this.hasAuthenticationFailed = true;
         return;
       }
-      if (errorMessage.includes("ReportInitializationError")) {
+      if (errorMessage3.includes("ReportInitializationError")) {
         logError(
           `[${scanContext}] Periodic scan failed during report initialization`,
           {
-            error: errorMessage
+            error: errorMessage3
           }
         );
         return;
@@ -28162,12 +28421,12 @@ var _CheckForNewAvailableFixesService = class _CheckForNewAvailableFixesService
       const loginContext = createMcpLoginContext("check_new_fixes");
       this.gqlClient = await createAuthenticatedMcpGQLClient({ loginContext });
     } catch (error) {
-      const errorMessage = error.message;
-      if (errorMessage.includes("Authentication failed") || errorMessage.includes("access-denied") || errorMessage.includes("Authentication hook unauthorized")) {
+      const errorMessage3 = error.message;
+      if (errorMessage3.includes("Authentication failed") || errorMessage3.includes("access-denied") || errorMessage3.includes("Authentication hook unauthorized")) {
         logError(
           `[${scanContext}] Failed to create authenticated client due to authentication failure`,
           {
-            error: errorMessage
+            error: errorMessage3
           }
         );
         this.hasAuthenticationFailed = true;
@@ -30037,13 +30296,13 @@ var parseArgs = async (args) => {
 };
 
 // src/index.ts
-var debug22 = Debug22("mobbdev:index");
+var debug23 = Debug23("mobbdev:index");
 async function run() {
   return parseArgs(hideBin(process.argv));
 }
 (async () => {
   try {
-    debug22("Bugsy CLI v%s running...", packageJson.version);
+    debug23("Bugsy CLI v%s running...", packageJson.version);
     await run();
     process.exit(0);
   } catch (err) {