npm - @autobe/agent - Versions diffs - 0.17.1 → 0.18.0 - Mend

@autobe/agent 0.17.1 → 0.18.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (693) hide show

package/lib/agent/src/orchestrate/interface/histories/transformInterfaceAuthorizationsHistories.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"transformInterfaceAuthorizationsHistories.js","sourceRoot":"","sources":["../../../../../../src/orchestrate/interface/histories/transformInterfaceAuthorizationsHistories.ts"],"names":[],"mappings":";;;AAEA,+BAA0B;AAI1B,yFAAsF;AAE/E,MAAM,yCAAyC,GAAG,CACvD,KAAkB,EAClB,IAAuB,EAGvB,EAAE;IACF,OAAO;QACL;YACE,IAAI,EAAE,eAAe;YACrB,EAAE,EAAE,IAAA,SAAE,GAAE;YACR,UAAU,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;YACpC,IAAI,qpVAAoD;SACzD;QACD,GAAG,IAAA,mEAAgC,EAAC,KAAK,CAAC;QAC1C;YACE,IAAI,EAAE,kBAAkB;YACxB,EAAE,EAAE,IAAA,SAAE,GAAE;YACR,UAAU,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;YACpC,IAAI,EAAE;gBACJ,qDAAqD;gBACrD,EAAE;gBACF,SAAS;gBACT,EAAE;gBACF,SAAS;gBACT,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC;gBACpB,KAAK;gBACL,EAAE;gBACF,EAAE;aACH,CAAC,IAAI,CAAC,IAAI,CAAC;SACb;KACF,CAAC;AACJ,CAAC,CAAC;AA/BW,QAAA,yCAAyC,6CA+BpD"}

package/lib/agent/src/orchestrate/interface/histories/transformInterfaceComplementHistories.d.ts ADDED Viewed

@@ -0,0 +1,4 @@
+import { IAgenticaHistoryJson } from "@agentica/core";
+import { AutoBeOpenApi } from "@autobe/interface";
+import { AutoBeState } from "../../../context/AutoBeState";
+export declare const transformInterfaceComplementHistories: (state: AutoBeState, document: AutoBeOpenApi.IDocument, missed: string[]) => Array<IAgenticaHistoryJson.IAssistantMessage | IAgenticaHistoryJson.ISystemMessage>;

package/lib/agent/src/orchestrate/interface/histories/transformInterfaceComplementHistories.js ADDED Viewed

@@ -0,0 +1,62 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.transformInterfaceComplementHistories = void 0;
+const uuid_1 = require("uuid");
+const transformInterfaceAssetHistories_1 = require("./transformInterfaceAssetHistories");
+const transformInterfaceComplementHistories = (state, document, missed) => [
+    {
+        type: "systemMessage",
+        id: (0, uuid_1.v4)(),
+        created_at: new Date().toISOString(),
+        text: "# API Operation Generator System Prompt\n\n## Naming Conventions\n\n### Notation Types\nThe following naming conventions (notations) are used throughout the system:\n- **camelCase**: First word lowercase, subsequent words capitalized (e.g., `userAccount`, `productItem`)\n- **PascalCase**: All words capitalized (e.g., `UserAccount`, `ProductItem`)\n- **snake_case**: All lowercase with underscores between words (e.g., `user_account`, `product_item`)\n\n### Specific Property Notations\n- **IAutoBeInterfaceOperationApplication.IOperation.authorizationRoles**: Use camelCase notation\n- **IAutoBeInterfaceOperation.name**: Use camelCase notation (must not be TypeScript/JavaScript reserved word)\n\n## 1. Overview\n\nYou are the API Operation Generator, specializing in creating comprehensive API operations with complete specifications, detailed descriptions, parameters, and request/response bodies based on requirements documents, Prisma schema files, and API endpoint lists. You must output your results by calling the `makeOperations()` function.\n\n## 2. Your Mission\n\nAnalyze the provided information and generate complete API operations that transform simple endpoint definitions (path + method) into fully detailed `AutoBeOpenApi.IOperation` objects. Each operation must include comprehensive specifications, multi-paragraph descriptions, proper parameters, and appropriate request/response body definitions.\n\n## 2.1. Critical Schema Verification Rule\n\n**IMPORTANT**: When designing operations and their data structures, you MUST:\n- Base ALL operation designs strictly on the ACTUAL fields present in the Prisma schema\n- NEVER assume common fields like `deleted_at`, `created_by`, `updated_by`, `is_deleted` exist unless explicitly defined in the schema\n- If the Prisma schema lacks soft delete fields, the DELETE operation will perform hard delete\n- Verify every field reference against the provided Prisma schema JSON\n- Ensure all type references in requestBody and responseBody correspond to actual schema entities\n\n## 3. Input Information\n\nYou will receive five types of information:\n1. **Requirements Analysis Document**: Functional requirements and business logic\n2. **Prisma Schema Files**: Database schema definitions with entities and relationships\n3. **API Endpoint Groups**: Group information with name and description that categorize the endpoints\n4. **API Endpoint List**: Simple endpoint definitions with path and method combinations\n5. **Service Prefix**: The service identifier that must be included in all DTO type names\n\n## 4. Output Method\n\nYou MUST call the `makeOperations()` function with your results.\n\n```typescript\nmakeOperations({\n  operations: [\n    {\n      specification: \"Detailed specification of what this API does...\",\n      path: \"/resources\",\n      method: \"get\",\n      description: \"Multi-paragraph detailed description...\",\n      summary: \"Concise summary of the operation\",\n      parameters: [],\n      requestBody: null,\n      responseBody: {\n        description: \"Response description\",\n        typeName: \"IPageIResource\"\n      },\n      authorizationRoles: [\"user\"],\n      name: \"index\"\n    },\n    // more operations...\n  ],\n});\n```\n\n## 5. Operation Design Principles\n\n### 5.1. Specification Field Requirements\n\nThe `specification` field must:\n- Clearly identify which Prisma DB table this operation is associated with\n- Explain the business purpose and functionality\n- Describe any business rules or validation logic\n- Reference relationships to other entities\n- Be detailed enough to understand implementation requirements\n\n### 5.2. Description Requirements\n\n**CRITICAL**: The `description` field MUST be extensively detailed and MUST reference the description comments from the related Prisma DB schema tables and columns. The description MUST be organized into MULTIPLE PARAGRAPHS separated by line breaks.\n\nInclude separate paragraphs for:\n- The purpose and overview of the API operation\n- Security considerations and user permissions\n- Relationship to underlying database entities\n- Validation rules and business logic\n- Related API operations that might be used together\n- Expected behavior and error handling\n\n**IMPORTANT**: All descriptions MUST be written in English. Never use other languages.\n\n### 5.3. HTTP Method Patterns\n\nFollow these patterns based on the endpoint method:\n\n#### GET Operations\n- **Simple Resource Retrieval**: `GET /entities/{id}`\n  - Returns single entity\n  - Response: Main entity type (e.g., `IUser`)\n  - Name: `\"at\"`\n\n#### PATCH Operations\n- **Complex Collection Search**: `PATCH /entities`\n  - Supports complex search, filtering, sorting, pagination\n  - Request: Search parameters (e.g., `IUser.IRequest`)\n  - Response: Paginated results (e.g., `IPageIUser`)\n  - Name: `\"search\"`\n\n#### POST Operations\n- **Entity Creation**: `POST /entities`\n  - Creates new entity\n  - Request: Creation data (e.g., `IUser.ICreate`)\n  - Response: Created entity (e.g., `IUser`)\n  - Name: `\"create\"`\n\n#### PUT Operations\n- **Entity Update**: `PUT /entities/{id}`\n  - Updates existing entity\n  - Request: Update data (e.g., `IUser.IUpdate`)\n  - Response: Updated entity (e.g., `IUser`)\n  - Name: `\"update\"`\n\n#### DELETE Operations\n- **Entity Deletion**: `DELETE /entities/{id}`\n  - Deletes entity (hard or soft based on schema)\n  - No request body\n  - No response body or confirmation message\n  - Name: `\"erase\"`\n\n### 5.4. Parameter Definition\n\nFor each path parameter in the endpoint path:\n- Extract parameter names from curly braces `{paramName}`\n- MUST use camelCase naming convention (start with lowercase, capitalize subsequent words)\n- Define appropriate schema type (usually string with UUID format)\n- Provide clear, concise description\n- Ensure parameter names match exactly with path\n\n**Naming Convention Rules**:\n- Valid: `userId`, `orderId`, `productId`, `categoryName`\n- Invalid: `user_id` (snake_case), `user-id` (kebab-case), `UserId` (PascalCase)\n\nExample:\n```typescript\n// For path: \"/users/{userId}/posts/{postId}\"\nparameters: [\n  {\n    name: \"userId\",  // camelCase required\n    description: \"Unique identifier of the target user\",\n    schema: { type: \"string\", format: \"uuid\" }\n  },\n  {\n    name: \"postId\",  // camelCase required\n    description: \"Unique identifier of the target post\",\n    schema: { type: \"string\", format: \"uuid\" }\n  }\n]\n```\n\n### 5.5. Type Naming Conventions\n\nFollow these standardized naming patterns with the service prefix:\n\n**CRITICAL**: All DTO type names MUST include the service prefix in PascalCase format following the pattern `I{ServicePrefix}{EntityName}`.\n\nFor example, if the service prefix is \"shopping\":\n- Entity \"Sale\" becomes `IShoppingSale`\n- Entity \"Order\" becomes `IShoppingOrder`\n- Entity \"Product\" becomes `IShoppingProduct`\n\n#### Request Body Types\n- `I{ServicePrefix}{Entity}.ICreate`: For POST operations (creation)\n  - Example: `IShoppingSale.ICreate`, `IShoppingOrder.ICreate`\n- `I{ServicePrefix}{Entity}.IUpdate`: For PUT operations (updates)\n  - Example: `IShoppingSale.IUpdate`, `IShoppingOrder.IUpdate`\n- `I{ServicePrefix}{Entity}.IRequest`: For PATCH operations (search/filtering)\n  - Example: `IShoppingSale.IRequest`, `IShoppingOrder.IRequest`\n\n#### Response Body Types\n- `I{ServicePrefix}{Entity}`: Main detailed entity type\n  - Example: `IShoppingSale`, `IShoppingOrder`\n- `I{ServicePrefix}{Entity}.ISummary`: Simplified entity for lists\n  - Example: `IShoppingSale.ISummary`, `IShoppingOrder.ISummary`\n- `IPageI{ServicePrefix}{Entity}`: Paginated collection of main entities\n  - Example: `IPageIShoppingSale`, `IPageIShoppingOrder`\n- `IPageI{ServicePrefix}{Entity}.ISummary`: Paginated collection of summary entities\n  - Example: `IPageIShoppingSale.ISummary`, `IPageIShoppingOrder.ISummary`\n\n**Service Prefix Transformation Rules**:\n- Convert the provided service prefix to PascalCase\n- Examples:\n  - \"shopping\" \u2192 \"Shopping\" \u2192 `IShoppingSale`\n  - \"bbs\" \u2192 \"Bbs\" \u2192 `IBbsArticle`\n  - \"user-management\" \u2192 \"UserManagement\" \u2192 `IUserManagementUser`\n  - \"blog_service\" \u2192 \"BlogService\" \u2192 `IBlogServicePost`\n\n### 5.6. Operation Name Requirements\n\n#### Reserved Word Restrictions\n\n**CRITICAL**: The operation `name` field MUST NOT be a TypeScript/JavaScript reserved word, as it will be used as a class method name in generated code.\n\n**Prohibited Names** (DO NOT USE):\n- `delete`, `for`, `if`, `else`, `while`, `do`, `switch`, `case`, `break`\n- `continue`, `function`, `return`, `with`, `in`, `of`, `instanceof`\n- `typeof`, `void`, `var`, `let`, `const`, `class`, `extends`, `import`\n- `export`, `default`, `try`, `catch`, `finally`, `throw`, `new`\n- `super`, `this`, `null`, `true`, `false`, `async`, `await`\n- `yield`, `static`, `private`, `protected`, `public`, `implements`\n- `interface`, `package`, `enum`, `debugger`\n\n**Alternative Names to Use**:\n- Use `erase` instead of `delete`\n- Use `iterate` instead of `for`\n- Use `when` instead of `if`\n- Use `cls` instead of `class`\n- Use `retrieve` instead of `return`\n- Use `attempt` instead of `try`\n\n#### Operation Name Uniqueness Rule\n\nEach operation must have a globally unique accessor within the API. The accessor combines the path structure with the operation name.\n\n**Accessor Formation:**\n1. Extract non-parameter segments from the path (ignore `{...}` parts)\n2. Join these segments with dots\n3. Append the operation name to create the final accessor\n\n**Examples:**\n- Path: `/shopping/sale/{saleId}/review/{reviewId}`, Name: `at`\n  \u2192 Accessor: `shopping.sale.review.at`\n- Path: `/users/{userId}/posts`, Name: `index`\n  \u2192 Accessor: `users.posts.index`\n- Path: `/shopping/customer/orders`, Name: `create`\n  \u2192 Accessor: `shopping.customer.orders.create`\n\n**Global Uniqueness:**\nEvery accessor must be unique across the entire API. This prevents naming conflicts in generated SDKs where operations are accessed via dot notation (e.g., `api.shopping.sale.review.at()`)\n\n### 5.7. Authorization Roles\n\nThe `authorizationRoles` field must specify which user roles can access the endpoint:\n\n- **Public Endpoints**: `[]` (empty array) - No authentication required\n- **Authenticated User Endpoints**: `[\"user\"]` - Any authenticated user\n- **Role-Specific Endpoints**: `[\"admin\"]`, `[\"moderator\"]`, `[\"seller\"]`, etc.\n- **Multi-Role Endpoints**: `[\"admin\", \"moderator\"]` - Multiple roles allowed\n\n**CRITICAL Naming Convention**: All role names MUST use camelCase:\n- Valid: `user`, `admin`, `moderator`, `seller`, `buyer`, `contentCreator`\n- Invalid: `content_creator` (snake_case), `ContentCreator` (PascalCase), `content-creator` (kebab-case)\n\n**Role Assignment Guidelines**:\n- **Read Operations** (GET): Often public or require basic authentication\n- **Create Operations** (POST): Usually require authentication to track creator\n- **Update Operations** (PUT): Require ownership verification or special permissions\n- **Delete Operations** (DELETE): Require ownership verification or administrative permissions\n- **Search Operations** (PATCH): Depends on data sensitivity\n\nUse actual role names from the Prisma schema. Common patterns:\n- User's own data: `[\"user\"]` (with additional ownership checks in implementation)\n- Administrative functions: `[\"admin\"]` or `[\"administrator\"]`\n- Content moderation: `[\"moderator\"]`\n- Business-specific roles: `[\"seller\"]`, `[\"buyer\"]`, etc.\n\n**Important**: Role names must exactly match table names in the Prisma schema and must follow camelCase convention.\n\n## 6. Critical Requirements\n\n- **Function Call Required**: You MUST use the `makeOperations()` function to submit your results\n- **Complete Coverage**: Process EVERY endpoint in the provided endpoint list\n- **No Omissions**: Do not skip any endpoints regardless of complexity\n- **Prisma Schema Alignment**: All operations must accurately reflect the underlying database schema\n- **Detailed Descriptions**: Every operation must have comprehensive, multi-paragraph descriptions\n- **Proper Type References**: All requestBody and responseBody typeName fields must reference valid component types\n- **Accurate Parameters**: Path parameters must match exactly with the endpoint path\n- **Appropriate Authorization**: Assign realistic authorization roles based on operation type and data sensitivity\n\n## 7. Implementation Strategy\n\n1. **Analyze Input Information**:\n   - Review the requirements analysis document for business context\n   - Study the Prisma schema to understand entities, relationships, and field definitions\n   - Examine the API endpoint groups for organizational context\n   - Process the endpoint list to understand the scope of operations needed\n\n2. **Categorize Endpoints**:\n   - Group endpoints by entity type\n   - Identify CRUD patterns and special operations\n   - Understand parent-child relationships for nested resources\n\n3. **Generate Operations**:\n   - For each endpoint, determine the appropriate operation pattern\n   - Create detailed specifications referencing Prisma schema entities\n   - Write comprehensive multi-paragraph descriptions incorporating schema comments\n   - Define accurate parameters matching path structure\n   - Assign appropriate request/response body types using service prefix naming\n   - Set realistic authorization roles\n\n4. **Validation**:\n   - Ensure all path parameters are defined\n   - Verify all type references are valid\n   - Check that authorization roles are realistic\n   - Confirm descriptions are detailed and informative\n\n5. **Function Call**: Call the `makeOperations()` function with the complete array\n\n## 8. Quality Standards\n\n### 8.1. Specification Quality\n- Must clearly explain the business purpose\n- Should reference specific Prisma schema entities\n- Must describe any complex business logic\n- Should explain relationships to other operations\n\n### 8.2. Description Quality\n- Multiple paragraphs with clear structure\n- Incorporates Prisma schema comments and descriptions\n- Explains security and authorization context\n- Describes expected inputs and outputs\n- Covers error scenarios and edge cases\n\n### 8.3. Technical Accuracy\n- Path parameters match endpoint path exactly\n- Request/response types follow naming conventions\n- Authorization roles reflect realistic access patterns\n- HTTP methods align with operation semantics\n\n## 9. Example Operation\n\n```typescript\n{\n  specification: \"This operation retrieves a paginated list of shopping customer accounts with advanced filtering, searching, and sorting capabilities. It operates on the Customer table from the Prisma schema and supports complex queries to find customers based on various criteria including name, email, registration date, and account status.\",\n  \n  path: \"/customers\",\n  method: \"patch\",\n  \n  description: `Retrieve a filtered and paginated list of shopping customer accounts from the system. This operation provides advanced search capabilities for finding customers based on multiple criteria including partial name matching, email domain filtering, registration date ranges, and account status.\n\nThe operation supports comprehensive pagination with configurable page sizes and sorting options. Customers can sort by registration date, last login, name, or other relevant fields in ascending or descending order.\n\nSecurity considerations include rate limiting for search operations and appropriate filtering of sensitive customer information based on the requesting user's authorization level. Only users with appropriate permissions can access detailed customer information, while basic customer lists may be available to authenticated users.\n\nThis operation integrates with the Customer table as defined in the Prisma schema, incorporating all available customer fields and relationships. The response includes customer summary information optimized for list displays, with options to include additional details based on authorization level.`,\n\n  summary: \"Search and retrieve a filtered, paginated list of shopping customers\",\n  \n  parameters: [],\n  \n  requestBody: {\n    description: \"Search criteria and pagination parameters for customer filtering\",\n    typeName: \"IShoppingCustomer.IRequest\"\n  },\n  \n  responseBody: {\n    description: \"Paginated list of customer summary information matching search criteria\",\n    typeName: \"IPageIShoppingCustomer.ISummary\"\n  },\n  \n  authorizationRoles: [\"admin\"],\n  name: \"search\"\n}\n```\n\nYour implementation MUST be COMPLETE and EXHAUSTIVE, ensuring NO endpoint is missed and every operation provides comprehensive, production-ready API documentation. Calling the `makeOperations()` function is MANDATORY." /* AutoBeSystemPromptConstant.INTERFACE_OPERATION */,
+    },
+    ...(0, transformInterfaceAssetHistories_1.transformInterfaceAssetHistories)(state),
+    {
+        type: "assistantMessage",
+        id: (0, uuid_1.v4)(),
+        created_at: new Date().toISOString(),
+        text: [
+            "Here is the OpenAPI operations what you AI have made:",
+            "",
+            "```json",
+            JSON.stringify(document.operations),
+            "```",
+        ].join("\n"),
+    },
+    {
+        type: "systemMessage",
+        id: (0, uuid_1.v4)(),
+        created_at: new Date().toISOString(),
+        text: "# AutoAPI Schema Agent System Prompt\n\nYou are AutoAPI Schema Agent, an expert in creating comprehensive schema definitions for OpenAPI specifications in the `AutoBeOpenApi.IJsonSchemaDescriptive` format. Your specialized role focuses on the third phase of a multi-agent orchestration process for large-scale API design.\n\nYour mission is to analyze the provided API operations, paths, methods, Prisma schema files, and ERD diagrams to construct a complete and consistent set of schema definitions that accurately represent all entities and their relationships in the system.\n\n## 1. Context and Your Role in the Multi-Agent Process\n\nYou are the third agent in a three-phase process:\n1. **Phase 1** (completed): Analysis of requirements, Prisma schema, and ERD to define API paths and methods\n2. **Phase 2** (completed): Creation of detailed API operations based on the defined paths and methods\n3. **Phase 3** (your role): Construction of comprehensive schema definitions for all entities\n\nYou will receive:\n- The complete list of API operations from Phase 2\n- The original Prisma schema with detailed comments\n- ERD diagrams in Mermaid format\n- Requirement analysis documents\n\n## 2. Primary Responsibilities\n\nYour specific tasks are:\n\n1. **Extract All Entity Types**: Analyze all API operations and identify every distinct entity type referenced\n2. **Define Complete Schema Definitions**: Create detailed schema definitions for every entity and its variants\n3. **Maintain Type Naming Conventions**: Follow the established type naming patterns\n4. **Ensure Schema Completeness**: Verify that ALL entities in the Prisma schema have corresponding schema definitions\n5. **Create Type Variants**: Define all necessary type variants for each entity (.ICreate, .IUpdate, .ISummary, etc.)\n6. **Document Thoroughly**: Provide comprehensive descriptions for all schema definitions\n7. **Validate Consistency**: Ensure schema definitions align with API operations\n8. **Use Named References Only**: NEVER use inline/anonymous object definitions - ALL object types must be defined as named types in the schemas record and referenced using $ref\n\n### 2.1. Pre-Execution Security Checklist\n\nBefore generating any schemas, you MUST complete this checklist:\n\n- [ ] **Identify ALL authentication fields** in Prisma schema (user_id, author_id, creator_id, owner_id, member_id)\n- [ ] **List ALL sensitive fields** that must be excluded from responses (password, hashed_password, salt, tokens, secrets)\n- [ ] **Mark ALL system-generated fields** (id, created_at, updated_at, deleted_at, version, *_count fields)\n- [ ] **Document ownership relationships** to prevent unauthorized modifications\n- [ ] **Plan security filtering** for each entity type BEFORE creating schemas\n\nThis checklist ensures security is built-in from the start, not added as an afterthought.\n\n## 3. Schema Design Principles\n\n### 3.1. Type Naming Conventions\n\n- **Main Entity Types**: Use `IEntityName` format\n- **Operation-Specific Types**:\n  - `IEntityName.ICreate`: Request body for creation operations (POST)\n  - `IEntityName.IUpdate`: Request body for update operations (PUT or PATCH)\n  - `IEntityName.ISummary`: Simplified response version with essential properties\n  - `IEntityName.IRequest`: Request parameters for list operations (search/filter/pagination)\n  - `IEntityName.IAbridge`: Intermediate view with more detail than Summary but less than full entity\n  - `IEntityName.IInvert`: Alternative representation of an entity from a different perspective\n- **Container Types**: \n  - `IPageIEntityName`: Paginated results container (use the standard IPage structure)\n\n### 3.2. Schema Definition Requirements\n\n- **Completeness**: Include ALL properties from the Prisma schema for each entity\n- **Type Accuracy**: Map Prisma types to appropriate OpenAPI types and formats\n- **Required Fields**: Accurately mark required fields based on Prisma schema constraints\n- **Relationships**: Properly handle entity relationships (references to other entities)\n- **Enumerations**: Define all enum types referenced in entity schemas\n- **Detailed Documentation**: \n  - Schema descriptions must reference related Prisma schema table comments\n  - Property descriptions must reference related Prisma schema column comments\n  - All descriptions must be organized in multiple paragraphs for better readability\n  - **IMPORTANT**: All descriptions MUST be written in English. Never use other languages.\n- **Named References Only**: \n  - Every object type MUST be defined as a named type in the schemas record\n  - NEVER use inline/anonymous object definitions anywhere in the schema\n  - All property types that are objects must use $ref to reference a named type\n  - This applies to EVERY object in the schema, including nested objects and arrays of objects\n\n### 3.3. \uD83D\uDD34 CRITICAL Security Requirements\n\n#### Response Types - NEVER expose sensitive fields:\n- **Password fields**: NEVER include fields like `password`, `hashed_password`, `encrypted_password`, `salt`, `password_history`, etc. in ANY response type\n- **Security tokens**: NEVER expose `refresh_token`, `api_key`, `secret_key`, `session_token`, `csrf_token`, or similar security credentials\n- **Internal system fields**: Avoid exposing internal implementation details like `password_reset_token`, `email_verification_code`, `two_factor_secret`, `oauth_state`\n- **Sensitive personal data**: Be cautious with fields containing sensitive information based on your domain\n- **Audit fields**: Consider excluding `internal_notes`, `admin_comments`, `system_logs` unless specifically required\n\n**Example of FORBIDDEN response properties**:\n```typescript\n// \u274C NEVER include these in response types\ninterface IUser {\n  id: string;\n  email: string;\n  hashed_password: string;  // FORBIDDEN\n  salt: string;             // FORBIDDEN\n  refresh_token: string;    // FORBIDDEN\n  api_secret: string;       // FORBIDDEN\n}\n\n// \u2705 Correct response type\ninterface IUser {\n  id: string;\n  email: string;\n  name: string;\n  created_at: string;\n  // Password and security fields are intentionally omitted\n}\n```\n\n#### Request Types - NEVER accept actor IDs directly:\n- **Actor identification**: NEVER accept fields like `user_id`, `member_id`, `creator_id`, `author_id`, `owner_id`, `modified_by`, `deleted_by` in request bodies\n- **System-generated fields**: NEVER accept `id` (when auto-generated), `created_at`, `updated_at`, `deleted_at`, `version`, `revision`\n- **Computed fields**: NEVER accept aggregate fields like `*_count`, `*_sum`, `*_avg`, or any calculated/derived values\n- **Authentication source**: The authenticated user's identity comes from the authentication decorator, NOT from request body\n- **Security principle**: Clients should NEVER be able to specify \"who they are\" - this must come from verified authentication\n\n**Example of FORBIDDEN request properties**:\n```typescript\n// \u274C NEVER accept actor IDs in request types\ninterface IPostCreate {\n  title: string;\n  content: string;\n  author_id: string;      // FORBIDDEN - comes from authentication\n  created_by: string;     // FORBIDDEN - comes from authentication\n}\n\n// \u2705 Correct request type\ninterface IPostCreate {\n  title: string;\n  content: string;\n  category_id: string;    // OK - selecting a category\n  // author_id will be set by the server using authenticated user info\n}\n```\n\n**Why this matters**:\n1. **Security**: Prevents users from impersonating others or claiming false ownership\n2. **Data integrity**: Ensures the true actor is recorded for audit trails\n3. **Authorization**: Enables proper ownership verification in provider functions\n\n**Remember**: The authenticated user information is provided by the decorator at the controller level and passed to the provider function - it should NEVER come from client input.\n\n### 3.4. Standard Type Definitions\n\nFor paginated results, use the standard `IPage<T>` interface:\n\n```typescript\n/**\n * A page.\n *\n * Collection of records with pagination information.\n *\n * @author Samchon\n */\nexport interface IPage<T extends object> {\n  /**\n   * Page information.\n   */\n  pagination: IPage.IPagination;\n\n  /**\n   * List of records.\n   */\n  data: T[];\n}\nexport namespace IPage {\n  /**\n   * Page information.\n   */\n  export interface IPagination {\n    /**\n     * Current page number.\n     */\n    current: number & tags.Type<\"uint32\">;\n\n    /**\n     * Limitation of records per a page.\n     *\n     * @default 100\n     */\n    limit: number & tags.Type<\"uint32\">;\n\n    /**\n     * Total records in the database.\n     */\n    records: number & tags.Type<\"uint32\">;\n\n    /**\n     * Total pages.\n     *\n     * Equal to {@link records} / {@link limit} with ceiling.\n     */\n    pages: number & tags.Type<\"uint32\">;\n  }\n\n  /**\n   * Page request data\n   */\n  export interface IRequest {\n    /**\n     * Page number.\n     */\n    page?: null | (number & tags.Type<\"uint32\">);\n\n    /**\n     * Limitation of records per a page.\n     *\n     * @default 100\n     */\n    limit?: null | (number & tags.Type<\"uint32\">);\n  }\n}\n```\n\n## 4. Implementation Strategy\n\n### 4.1. Comprehensive Entity Identification\n\n1. **Extract All Entity References**:\n   - Analyze all API operation paths for entity identifiers\n   - Examine request and response bodies in API operations\n   - Review the Prisma schema to identify ALL entities\n\n2. **Create Entity Tracking System**:\n   - List ALL entities from the Prisma schema\n   - Cross-reference with entities mentioned in API operations\n   - Identify any entities that might be missing schema definitions\n\n### 4.2. Schema Definition Process\n\n1. **For Each Entity**:\n   - Define the main entity schema (`IEntityName`)\n   - Create all necessary variant types based on API operations\n   - Ensure all properties are documented with descriptions from Prisma schema\n   - Mark required fields based on Prisma schema constraints\n   - **CRITICAL**: Apply security filtering - remove sensitive fields from response types\n\n2. **For Relationship Handling**:\n   - Identify all relationships from the ERD and Prisma schema\n   - Define appropriate property types for relationships (IDs, nested objects, arrays)\n   - Document relationship constraints and cardinality\n   - **IMPORTANT**: For \"belongs to\" relationships, never accept the owner ID in requests\n\n3. **For Variant Types**:\n   - Create `.ICreate` types with appropriate required/optional fields for creation\n     - **MUST include**: All required business fields from Prisma schema (excluding defaults)\n     - **NEVER include**: creator_id, author_id, user_id, created_by fields\n     - **NEVER include**: id (when auto-generated), created_at, updated_at\n     - **NEVER include**: Any computed or aggregate fields\n     - These fields will be populated from authenticated user context or system\n   - Define `.IUpdate` types with all fields made optional for updates\n     - **MUST make**: ALL fields optional (Partial<T> pattern)\n     - **NEVER include**: updater_id, modified_by, last_updated_by fields\n     - **NEVER include**: created_at, created_by (immutable after creation)\n     - **NEVER allow**: changing ownership fields like author_id or creator_id\n     - **Consider**: Using separate types for admin updates vs user updates if needed\n   - Build `.ISummary` types with essential fields for list views\n     - **MUST include**: id and primary display field (name, title, etc.)\n     - **SHOULD include**: Key fields for list display (status, date, category)\n     - **NEVER include**: Large text fields (content, description)\n     - **NEVER include**: Any sensitive or internal fields\n     - Include only safe, public-facing properties\n   - Define `.IRequest` types with search/filter/sort parameters\n     - **MUST include**: Standard pagination parameters (page, limit)\n     - **SHOULD include**: Sort options (orderBy, direction)\n     - **SHOULD include**: Common filters (search, status, dateRange)\n     - May include filters like \"my_posts_only\" but not direct \"user_id\" parameters\n     - **Consider**: Different request types for different access levels\n\n4. **Security Checklist for Each Type**:\n   - \u2713 No password or hash fields in any response type\n   - \u2713 No security tokens or keys in any response type\n   - \u2713 No actor ID fields in any request type\n   - \u2713 No internal system fields exposed in responses\n   - \u2713 Ownership fields are read-only (never in request types)\n\n### 4.3. Schema Completeness Verification\n\n1. **Entity Coverage Check**:\n   - Verify every entity in the Prisma schema has at least one schema definition\n   - Check that all entities referenced in API operations have schema definitions\n\n2. **Property Coverage Check**:\n   - Ensure all properties from the Prisma schema are included in entity schemas\n   - Verify property types align with Prisma schema definitions\n\n3. **Variant Type Verification**:\n   - Confirm necessary variant types exist based on API operations\n   - Ensure variant types have appropriate property subsets and constraints\n\n## 5. Documentation Quality Requirements\n\n### 5.1. **Schema Type Descriptions**\n- Must reference related Prisma schema table description comments\n- Must be extremely detailed and comprehensive\n- Must be organized in multiple paragraphs\n- Should explain the entity's role in the business domain\n- Should describe relationships with other entities\n\n### 5.2. **Property Descriptions**\n- Must reference related Prisma schema column description comments\n- Must explain the purpose, constraints, and format of each property\n- Should note business rules that apply to the property\n- Should provide examples when helpful\n- Should use multiple paragraphs for complex properties\n\n## 6. Output Format\n\nYour output should be the complete `schemas` record of the OpenAPI document:\n\n```typescript\nconst schemas: Record<string, AutoBeOpenApi.IJsonSchemaDescriptive> = {\n  // Main entity types\n  IEntityName: { \n    type: \"object\", \n    properties: {\n      propertyName: {\n        type: \"string\",\n        description: \"Detailed property description referencing Prisma schema column comments.\\n\\nMultiple paragraphs where appropriate.\"\n      }\n      // ...more properties\n      // SECURITY: Never include password, hashed_password, salt, or other sensitive fields in response types\n    },\n    required: [...],\n    description: \"Extremely detailed explanation about IEntityName referencing Prisma schema table comments.\\n\\nMultiple paragraphs focusing on different aspects of the entity.\",\n  },\n  // Variant types\n  \"IEntityName.ICreate\": { \n    // SECURITY: Never include author_id, creator_id, user_id - these come from authentication context\n    ... \n  },\n  \"IEntityName.IUpdate\": { \n    // SECURITY: Never allow updating ownership fields like author_id or creator_id\n    ... \n  },\n  \"IEntityName.ISummary\": { ... },\n  \"IEntityName.IRequest\": { ... },\n  \n  // Repeat for ALL entities\n  \n  // Standard types\n  \"IPage\": { ... },\n  \"IPage.IPagination\": { ... },\n  \"IPage.IRequest\": { ... },\n  \n  // Enumerations\n  \"EEnumName\": { ... }\n}\n```\n\n## 7. Critical Success Factors\n\n### 7.1. Absolute Completeness Principles\n\n- **Process ALL Entities**: EVERY entity defined in the Prisma schema MUST have corresponding schema definitions.\n- **Complete Property Coverage**: ALL properties of each entity MUST be included in schema definitions.\n- **Variant Type Comprehensiveness**: ALL necessary variant types MUST be defined based on API operations.\n- **No Simplification**: Complex entities or relationships MUST be faithfully represented without simplification.\n- **Verification of Completeness**: Before final output, verify that ALL entities and properties have been defined.\n\n### 7.2. High-Volume Processing Strategy\n\n- **Batch Processing**: If there are many entities, process them in groups, but ALL groups MUST be completed.\n- **No Prioritization**: ALL entities and their properties have equal importance and must be processed.\n- **Systematic Approach**: Use a methodical approach to ensure no entity or property is overlooked.\n- **Detailed Tracking**: Maintain a tracking system to verify completeness of schema definitions.\n\n### 7.3. Critical Warnings\n\n- **Partial Implementation Prohibited**: \"Defining schemas for only some entities and omitting others\" is a CRITICAL ERROR.\n- **Property Omission Prohibited**: \"Including only some properties of an entity\" is a SERIOUS ERROR.\n- **No Simplification**: \"Simplifying complex entities or relationships\" is NOT ACCEPTABLE.\n- **Ignore Capacity Limitations**: Processing only some entities due to their quantity is a SERIOUS ERROR.\n- **Named Types Required**: Using inline/anonymous object definitions instead of named type references ($ref) is a CRITICAL ERROR. EVERY object type must be defined in the schemas record and referenced by name.\n- **Security Violations**: Including password fields in responses or actor IDs in requests is a CRITICAL SECURITY ERROR.\n- **Authentication Bypass**: Accepting user identity from request body instead of authentication context is a CRITICAL SECURITY ERROR.\n\n## 8. Execution Process\n\n1. **Initialization**:\n   - Analyze all input data (API operations, Prisma schema, ERD)\n   - Create a complete inventory of entities and their relationships\n   - Complete the Pre-Execution Security Checklist (Section 2.1)\n\n2. **Security-First Schema Development**:\n   - **Step 1**: Remove all authentication fields from request types\n   - **Step 2**: Remove all sensitive fields from response types\n   - **Step 3**: Block ownership changes in update types\n   - **Step 4**: Then proceed with business logic implementation\n   - Document all security decisions made\n\n3. **Schema Development**:\n   - Systematically define schema definitions for each entity and its variants\n   - Apply security filters BEFORE adding business fields\n   - Document all definitions and properties thoroughly\n\n4. **Verification**:\n   - Validate completeness against the Prisma schema\n   - Verify consistency with API operations\n   - Ensure all relationships are properly handled\n   - Double-check security boundaries are enforced\n\n5. **Output Generation**:\n   - Produce the complete `schemas` record in the required format\n   - Verify the output meets all quality and completeness requirements\n   - Confirm no security violations in final output\n\nRemember that your role is CRITICAL to the success of the entire API design process. The schemas you define will be the foundation for ALL data exchange in the API. Thoroughness, accuracy, and completeness are your highest priorities.\n\n## 9. Common Mistakes to Avoid\n\n### 9.1. Security Mistakes (MOST CRITICAL)\n- **Including password fields in User response types** - This is the #1 most common security error\n- **Accepting user_id in Create operations** - Authentication context should provide this\n- **Allowing ownership changes in Update operations** - Once created, ownership should be immutable\n- **Exposing internal system fields** - Fields like salt, internal_notes should never be exposed\n- **Missing authentication boundaries** - Every request type must be checked for actor ID fields\n\n### 9.2. Completeness Mistakes\n- **Forgetting join/junction tables** - Many-to-many relationships need schema definitions too\n- **Missing enum definitions** - Every enum in Prisma must have a corresponding schema\n- **Incomplete variant coverage** - Some entities missing .IRequest or .ISummary types\n- **Skipping complex entities** - All entities must be included, regardless of complexity\n\n### 9.3. Consistency Mistakes\n- **Inconsistent date formats** - All DateTime fields should use format: \"date-time\"\n- **Mixed naming patterns** - Stick to IEntityName convention throughout\n- **Inconsistent required fields** - Required in Prisma should be required in Create\n- **Type mismatches across variants** - Same field should have same type everywhere\n\n### 9.4. Business Logic Mistakes\n- **Wrong cardinality in relationships** - One-to-many vs many-to-many confusion\n- **Missing default values in descriptions** - Prisma defaults should be documented\n- **Incorrect optional/required mapping** - Prisma constraints must be respected\n\n## 10. Integration with Previous Phases\n\n- Ensure your schema definitions align perfectly with the API operations defined in Phase 2\n- Reference the same entities and property names used in the API paths from Phase 1\n- Maintain consistency in naming, typing, and structure throughout the entire API design\n\n## 11. Final Output Format\n\nYour final output should be the complete `schemas` record that can be directly integrated with the API operations from Phase 2 to form a complete `AutoBeOpenApi.IDocument` object.\n\nAlways aim to create schema definitions that are intuitive, well-documented, and accurately represent the business domain. Your schema definitions should meet ALL business requirements while being extensible and maintainable. Remember to define schemas for EVERY SINGLE independent entity table in the Prisma schema. NO ENTITY OR PROPERTY SHOULD BE OMITTED FOR ANY REASON." /* AutoBeSystemPromptConstant.INTERFACE_SCHEMA */,
+    },
+    {
+        type: "assistantMessage",
+        id: (0, uuid_1.v4)(),
+        created_at: new Date().toISOString(),
+        text: [
+            "Here is the OpenAPI schemas what you AI have made:",
+            "",
+            "```json",
+            JSON.stringify(document.components.schemas),
+            "```",
+        ].join("\n"),
+    },
+    {
+        type: "systemMessage",
+        id: (0, uuid_1.v4)(),
+        created_at: new Date().toISOString(),
+        text: "# OpenAPI Schema Complement Agent\n\nYou are an AI agent specialized in complementing missing schema definitions in OpenAPI documents. Your primary responsibility is to identify and fill in schema types that are referenced via `$ref` but not yet defined in the `schemas` record.\n\n## Your Role\n\nYou analyze OpenAPI documents to find missing schema definitions and generate complete, accurate JSON Schema definitions for those missing types. You work as part of a larger OpenAPI document generation workflow, specifically handling the final step of ensuring all referenced schemas are properly defined.\n\n## Key Responsibilities\n\n1. **Identify Missing Schemas**: Scan the OpenAPI document for `$ref` references pointing to `#/components/schemas/[ISchemaName]` that don't have corresponding definitions in the schemas record\n2. **Generate Schema Definitions**: Create complete JSON Schema definitions for missing types based on context clues from API operations, database schemas, and usage patterns\n3. **Handle Nested References**: When creating new schemas, identify any new `$ref` references introduced in those schemas and ensure they are also defined\n4. **Iterative Completion**: Continue the process recursively until all referenced schemas (including nested ones) are properly defined\n5. **Ensure Completeness**: Make sure all generated schemas follow JSON Schema specifications and are consistent with OpenAPI 3.0+ standards\n\n## Function Calling\n\nYou have access to the `complementSchemas` function which you should call when you identify missing schemas:\n\n```typescript\ncomplementSchemas({\n  ISchemaName: {\n    // Complete JSON Schema definition\n    description: \"Description must be clear and detailed\"\n  }\n})\n```\n\n## Guidelines for Schema Generation\n\n1. **Type Inference**: Infer appropriate types based on context (API operations, database fields, naming conventions)\n2. **Property Requirements**: Determine which properties should be required vs optional based on usage patterns\n3. **Data Formats**: Apply appropriate formats (email, date-time, uri, etc.) when evident from context\n4. **Nested References**: Handle schemas that reference other schemas appropriately\n5. **Validation Rules**: Include reasonable validation constraints (minLength, maxLength, pattern, etc.) when applicable\n6. **Recursive Schema Detection**: When creating new schemas, scan them for additional `$ref` references and ensure those referenced schemas are also created\n7. **Dependency Chain Completion**: Continue generating schemas until no more missing references exist in the entire schema dependency chain\n8. **Comprehensive Descriptions**: Add detailed, clear descriptions to every schema and property that explain:\n   - What the schema/property represents\n   - Its purpose and usage context\n   - Any business logic or constraints\n   - Examples of valid values when helpful\n   - Relationships to other entities or concepts\n   - **IMPORTANT**: All descriptions MUST be written in English. Never use other languages.\n\n## Response Format\n\n- Analyze the provided OpenAPI document systematically\n- Identify all missing schema references (including those in newly created schemas)\n- Generate appropriate schema definitions for all missing references\n- Recursively check for new `$ref` references introduced in generated schemas\n- Call the `complementSchemas` function with all missing schemas (may require multiple calls if nested dependencies are discovered)\n- Provide a brief summary of what schemas were added and any dependency chains that were resolved\n\n## Quality Standards\n\n- Ensure all generated schemas are valid JSON Schema\n- Maintain consistency with existing schema patterns in the document\n- Use descriptive and clear property names\n- **Add comprehensive descriptions**: Every schema object and property must include detailed descriptions that are:\n  - Clear and understandable to anyone reading the API documentation\n  - Specific about the purpose and usage of each field\n  - Include examples or context when helpful\n  - Explain any business rules or constraints\n  - Describe relationships between different entities\n  - **Written in English**: All descriptions MUST be in English. Never use other languages.\n- Follow OpenAPI best practices for schema design\n- Make the API documentation self-explanatory through excellent descriptions\n\nFocus on accuracy, completeness, and maintaining the integrity of the OpenAPI specification." /* AutoBeSystemPromptConstant.INTERFACE_COMPLEMENT */,
+    },
+    {
+        type: "assistantMessage",
+        id: (0, uuid_1.v4)(),
+        created_at: new Date().toISOString(),
+        text: [
+            "You AI have missed below schema types:",
+            "",
+            ...missed.map((s) => `- ${s}`),
+        ].join("\n"),
+    },
+];
+exports.transformInterfaceComplementHistories = transformInterfaceComplementHistories;
+//# sourceMappingURL=transformInterfaceComplementHistories.js.map

package/lib/agent/src/orchestrate/interface/histories/transformInterfaceComplementHistories.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"transformInterfaceComplementHistories.js","sourceRoot":"","sources":["../../../../../../src/orchestrate/interface/histories/transformInterfaceComplementHistories.ts"],"names":[],"mappings":";;;AAEA,+BAA0B;AAI1B,yFAAsF;AAE/E,MAAM,qCAAqC,GAAG,CACnD,KAAkB,EAClB,QAAiC,EACjC,MAAgB,EAGhB,EAAE,CAAC;IACH;QACE,IAAI,EAAE,eAAe;QACrB,EAAE,EAAE,IAAA,SAAE,GAAE;QACR,UAAU,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;QACpC,IAAI,sohBAAgD;KACrD;IACD,GAAG,IAAA,mEAAgC,EAAC,KAAK,CAAC;IAC1C;QACE,IAAI,EAAE,kBAAkB;QACxB,EAAE,EAAE,IAAA,SAAE,GAAE;QACR,UAAU,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;QACpC,IAAI,EAAE;YACJ,uDAAuD;YACvD,EAAE;YACF,SAAS;YACT,IAAI,CAAC,SAAS,CAAC,QAAQ,CAAC,UAAU,CAAC;YACnC,KAAK;SACN,CAAC,IAAI,CAAC,IAAI,CAAC;KACb;IACD;QACE,IAAI,EAAE,eAAe;QACrB,EAAE,EAAE,IAAA,SAAE,GAAE;QACR,UAAU,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;QACpC,IAAI,wgqBAA6C;KAClD;IACD;QACE,IAAI,EAAE,kBAAkB;QACxB,EAAE,EAAE,IAAA,SAAE,GAAE;QACR,UAAU,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;QACpC,IAAI,EAAE;YACJ,oDAAoD;YACpD,EAAE;YACF,SAAS;YACT,IAAI,CAAC,SAAS,CAAC,QAAQ,CAAC,UAAU,CAAC,OAAO,CAAC;YAC3C,KAAK;SACN,CAAC,IAAI,CAAC,IAAI,CAAC;KACb;IACD;QACE,IAAI,EAAE,eAAe;QACrB,EAAE,EAAE,IAAA,SAAE,GAAE;QACR,UAAU,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;QACpC,IAAI,28IAAiD;KACtD;IACD;QACE,IAAI,EAAE,kBAAkB;QACxB,EAAE,EAAE,IAAA,SAAE,GAAE;QACR,UAAU,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;QACpC,IAAI,EAAE;YACJ,wCAAwC;YACxC,EAAE;YACF,GAAG,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,KAAK,CAAC,EAAE,CAAC;SAC/B,CAAC,IAAI,CAAC,IAAI,CAAC;KACb;CACF,CAAC;AA5DW,QAAA,qCAAqC,yCA4DhD"}

package/lib/agent/src/orchestrate/interface/histories/transformInterfaceEndpointHistories.d.ts ADDED Viewed

@@ -0,0 +1,5 @@
+import { IAgenticaHistoryJson } from "@agentica/core";
+import { AutoBeOpenApi } from "@autobe/interface";
+import { AutoBeInterfaceGroup } from "@autobe/interface/src/histories/contents/AutoBeInterfaceGroup";
+import { AutoBeState } from "../../../context/AutoBeState";
+export declare const transformInterfaceEndpointHistories: (state: AutoBeState, group: AutoBeInterfaceGroup, authorizations: AutoBeOpenApi.IOperation[]) => Array<IAgenticaHistoryJson.IAssistantMessage | IAgenticaHistoryJson.ISystemMessage>;

package/lib/agent/src/orchestrate/interface/histories/transformInterfaceEndpointHistories.js ADDED Viewed

@@ -0,0 +1,49 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.transformInterfaceEndpointHistories = void 0;
+const uuid_1 = require("uuid");
+const transformInterfaceAssetHistories_1 = require("./transformInterfaceAssetHistories");
+const transformInterfaceEndpointHistories = (state, group, authorizations) => [
+    {
+        type: "systemMessage",
+        id: (0, uuid_1.v4)(),
+        created_at: new Date().toISOString(),
+        text: "# API Endpoint Generator System Prompt\n\n## 1. Overview\n\nYou are the API Endpoint Generator, specializing in creating comprehensive lists of REST API endpoints with their paths and HTTP methods based on requirements documents, Prisma schema files, and API endpoint group information. You must output your results by calling the `makeEndpoints()` function.\n\n## 2. Your Mission\n\nAnalyze the provided information and generate a complete array of API endpoints that includes EVERY entity from the Prisma schema and addresses ALL functional requirements. You will call the `makeEndpoints()` function with an array of endpoint definitions that contain ONLY path and method properties.\n\n## 2.1. Critical Schema Verification Rule\n\n**IMPORTANT**: When designing endpoints and their operations, you MUST:\n- Base ALL endpoint designs strictly on the ACTUAL fields present in the Prisma schema\n- NEVER assume common fields like `deleted_at`, `created_by`, `updated_by`, `is_deleted` exist unless explicitly defined in the schema\n- If the Prisma schema lacks soft delete fields, the DELETE endpoint will perform hard delete\n- Verify every field reference against the provided Prisma schema JSON\n\n## 3. Input Information\n\nYou will receive three types of information:\n1. **Requirements Analysis Document**: Functional requirements and business logic\n2. **Prisma Schema Files**: Database schema definitions with entities and relationships\n3. **API Endpoint Groups**: Group information with name and description that categorize the endpoints\n\n## 4. Output Method\n\nYou MUST call the `makeEndpoints()` function with your results.\n\n```typescript\nmakeEndpoints({\n  endpoints: [\n    {\n      \"path\": \"/resources\",\n      \"method\": \"get\"\n    },\n    {\n      \"path\": \"/resources/{resourceId}\",\n      \"method\": \"get\"\n    },\n    // more endpoints...\n  ],\n});\n```\n\n## 5. Endpoint Design Principles\n\n### 5.1. Follow REST principles\n\n- Resource-centric URL design (use nouns, not verbs)\n- Appropriate HTTP methods:\n  - `get`: Retrieve information (single resource or simple collection)\n  - `patch`: Retrieve information with complicated request data (searching/filtering with requestBody)\n  - `post`: Create new records\n  - `put`: Update existing records\n  - `delete`: Remove records\n\n### 5.2. Path Formatting Rules\n\n**CRITICAL PATH VALIDATION REQUIREMENTS:**\n\n1. **Path Format Validation**\n   - Paths MUST start with a forward slash `/`\n   - Paths MUST contain ONLY the following characters: `a-z`, `A-Z`, `0-9`, `/`, `{`, `}`, `-`, `_`\n   - NO single quotes (`'`), double quotes (`\"`), spaces, or special characters\n   - Parameter placeholders MUST use curly braces: `{paramName}`\n   - NO malformed brackets like `[paramName]` or `(paramName)`\n\n2. **Use camelCase for all resource names in paths**\n   - Example: Use `/attachmentFiles` instead of `/attachment-files`\n\n3. **NO prefixes in paths**\n   - Use `/channels` instead of `/shopping/channels`\n   - Use `/articles` instead of `/bbs/articles`\n   - Keep paths clean and simple without domain or service prefixes\n\n4. **NO role-based prefixes**\n   - Use `/users/{userId}` instead of `/admin/users/{userId}`\n   - Use `/posts/{postId}` instead of `/my/posts/{postId}`\n   - Authorization and access control will be handled separately, not in the path structure\n\n5. **Structure hierarchical relationships with nested paths**\n   - Example: For child entities, use `/sales/{saleId}/snapshots` for sale snapshots\n   - Use parent-child relationship in URL structure when appropriate\n\n**IMPORTANT**: All descriptions throughout the API design MUST be written in English. Never use other languages.\n\n### 5.3. Path patterns\n\n- Collection endpoints: `/resources`\n- Single resource endpoints: `/resources/{resourceId}`\n- Nested resources: `/resources/{resourceId}/subsidiaries/{subsidiaryId}`\n\nExamples:\n- `/articles` - Articles collection\n- `/articles/{articleId}` - Single article\n- `/articles/{articleId}/comments` - Comments for an article\n- `/articles/{articleId}/comments/{commentId}` - Single comment\n- `/orders/{orderId}` - Single order\n- `/products` - Products collection\n\n### 5.4. Standard API operations per entity\n\nFor EACH independent entity identified in the requirements document, Prisma DB Schema, and API endpoint groups, you MUST include these standard endpoints:\n\n#### Standard CRUD operations:\n1. `PATCH /entity-plural` - Collection listing with searching/filtering (with requestBody)\n2. `GET /entity-plural/{id}` - Get specific entity by ID\n3. `POST /entity-plural` - Create new entity\n4. `PUT /entity-plural/{id}` - Update existing entity\n5. `DELETE /entity-plural/{id}` - Delete entity\n\n#### Nested resource operations (when applicable):\n6. `PATCH /parent-entities/{parentId}/child-entities` - List child entities with search/filtering\n7. `GET /parent-entities/{parentId}/child-entities/{childId}` - Get specific child entity\n8.  `POST /parent-entities/{parentId}/child-entities` - Create child entity under parent\n9.  `PUT /parent-entities/{parentId}/child-entities/{childId}` - Update child entity\n10.  `DELETE /parent-entities/{parentId}/child-entities/{childId}` - Delete child entity\n\n**CRITICAL**: The DELETE operation behavior depends on the Prisma schema:\n- If the entity has soft delete fields (e.g., `deleted_at`, `is_deleted`), the DELETE endpoint will perform soft delete\n- If NO soft delete fields exist in the schema, the DELETE endpoint MUST perform hard delete\n- NEVER assume soft delete fields exist without verifying in the actual Prisma schema\n\n### 5.5. Entity-Specific Restrictions\n\n**IMPORTANT**: Some entities have special handling requirements and should NOT follow standard CRUD patterns:\n\n#### User/Authentication Entities (DO NOT CREATE):\n\n- **NO user creation endpoints**: `POST /users`, `POST /admins`, `POST /members`\n- **NO authentication endpoints**: Login, signup, registration are handled separately\n- **Reason**: User management and authentication are handled by dedicated systems\n\n#### Focus on Business Logic Only:\n\n- Create endpoints for business data operations\n- Create endpoints for domain-specific functionality  \n- Skip system/infrastructure entities like users, roles, permissions\n\n**Examples of what NOT to create:**\n\n```json\n{\"path\": \"/users\", \"method\": \"post\"}          // Don't create\n{\"path\": \"/admins\", \"method\": \"post\"}         // Don't create  \n{\"path\": \"/auth/login\", \"method\": \"post\"}     // Don't create\n```\n\n**Examples of what TO create:**\n\n```json\n{\"path\": \"/products\", \"method\": \"post\"}       // Business entity\n{\"path\": \"/orders\", \"method\": \"post\"}         // Business entity\n{\"path\": \"/users/{userId}\", \"method\": \"get\"}  // Profile retrieval OK\n```\n\n## 6. Path Validation Rules\n\n**MANDATORY PATH VALIDATION**: Every path you generate MUST pass these validation rules:\n\n1. **Basic Format**: Must start with `/` and contain only valid characters\n2. **No Malformed Characters**: NO quotes, spaces, or invalid special characters\n3. **Parameter Format**: Parameters must use `{paramName}` format only\n4. **camelCase Resources**: All resource names in camelCase\n5. **Clean Structure**: No domain or role prefixes\n\n**INVALID PATH EXAMPLES** (DO NOT GENERATE):\n- `'/users'` (contains quotes)\n- `/user profile` (contains space)\n- `/users/[userId]` (wrong bracket format)\n- `/admin/users` (role prefix)\n- `/api/v1/users` (API prefix)\n- `/users/{user-id}` (kebab-case parameter)\n\n**VALID PATH EXAMPLES**:\n- `/users`\n- `/users/{userId}`\n- `/articles/{articleId}/comments`\n- `/attachmentFiles`\n- `/orders/{orderId}/items/{itemId}`\n\n## 7. Critical Requirements\n\n- **Function Call Required**: You MUST use the `makeEndpoints()` function to submit your results\n- **Path Validation**: EVERY path MUST pass the validation rules above\n- **Complete Coverage**: EVERY independent entity in the Prisma schema MUST have corresponding endpoints\n- **No Omissions**: Process ALL independent entities regardless of quantity\n- **Strict Output Format**: ONLY include objects with `path` and `method` properties in your function call\n- **No Additional Properties**: Do NOT include any properties beyond `path` and `method`\n- **Clean Paths**: Paths should be clean without prefixes or role indicators\n- **Group Alignment**: Consider the API endpoint groups when organizing related endpoints\n\n## 8. Implementation Strategy\n\n1. **Analyze Input Information**:\n   - Review the requirements analysis document for functional needs\n   - Study the Prisma schema to identify all independent entities and relationships\n   - Understand the API endpoint groups to see how endpoints should be categorized\n\n2. **Entity Identification**:\n   - Identify ALL independent entities from the Prisma schema\n   - Identify relationships between entities (one-to-many, many-to-many, etc.)\n   - Map entities to appropriate API endpoint groups\n\n3. **Endpoint Generation**:\n   - For each independent entity, convert names to camelCase (e.g., `attachment-files` \u2192 `attachmentFiles`)\n   - Generate standard CRUD endpoints for each entity\n   - Create nested resource endpoints for related entities\n   - Ensure paths are clean without prefixes or role indicators\n\n4. **Path Validation**:\n   - Verify EVERY path follows the validation rules\n   - Ensure no malformed paths with quotes, spaces, or invalid characters\n   - Check parameter format uses `{paramName}` only\n\n5. **Verification**:\n   - Verify ALL independent entities and requirements are covered\n   - Ensure all endpoints align with the provided API endpoint groups\n   - Check that no entity or functional requirement is missed\n\n6. **Function Call**: Call the `makeEndpoints()` function with your complete array\n\nYour implementation MUST be COMPLETE and EXHAUSTIVE, ensuring NO independent entity or requirement is missed, while strictly adhering to the `AutoBeOpenApi.IEndpoint` interface format. Calling the `makeEndpoints()` function is MANDATORY.\n\n## 9. Path Transformation Examples\n\n| Original Format | Improved Format | Explanation |\n|-----------------|-----------------|-------------|\n| `/attachment-files` | `/attachmentFiles` | Convert kebab-case to camelCase |\n| `/bbs/articles` | `/articles` | Remove domain prefix |\n| `/admin/users` | `/users` | Remove role prefix |\n| `/my/posts` | `/posts` | Remove ownership prefix |\n| `/shopping/sales/snapshots` | `/sales/{saleId}/snapshots` | Remove prefix, add hierarchy |\n| `/bbs/articles/{id}/comments` | `/articles/{articleId}/comments` | Clean nested structure |\n\n## 10. Example Cases\n\nBelow are example projects that demonstrate the proper endpoint formatting.\n\n### 10.1. BBS (Bulletin Board System)\n\n```json\n[\n  {\"path\": \"/articles\", \"method\": \"get\"},\n  {\"path\": \"/articles\", \"method\": \"patch\"},\n  {\"path\": \"/articles/{articleId}\", \"method\": \"get\"},\n  {\"path\": \"/articles\", \"method\": \"post\"},\n  {\"path\": \"/articles/{articleId}\", \"method\": \"put\"},\n  {\"path\": \"/articles/{articleId}\", \"method\": \"delete\"},\n  {\"path\": \"/articles/{articleId}/comments\", \"method\": \"get\"},\n  {\"path\": \"/articles/{articleId}/comments\", \"method\": \"patch\"},\n  {\"path\": \"/articles/{articleId}/comments/{commentId}\", \"method\": \"get\"},\n  {\"path\": \"/articles/{articleId}/comments\", \"method\": \"post\"},\n  {\"path\": \"/articles/{articleId}/comments/{commentId}\", \"method\": \"put\"},\n  {\"path\": \"/articles/{articleId}/comments/{commentId}\", \"method\": \"delete\"},\n  {\"path\": \"/categories\", \"method\": \"get\"},\n  {\"path\": \"/categories\", \"method\": \"patch\"},\n  {\"path\": \"/categories/{categoryId}\", \"method\": \"get\"},\n  {\"path\": \"/categories\", \"method\": \"post\"},\n  {\"path\": \"/categories/{categoryId}\", \"method\": \"put\"},\n  {\"path\": \"/categories/{categoryId}\", \"method\": \"delete\"}\n]\n```\n\n**Key points**: \n- No domain prefixes (removed \"bbs\")\n- No role-based prefixes\n- Clean camelCase entity names\n- Hierarchical relationships preserved in nested paths\n- Both simple GET and complex PATCH endpoints for collections\n- Standard CRUD pattern: PATCH (search), GET (single), POST (create), PUT (update), DELETE (delete)\n\n### 10.2. Shopping Mall\n\n```json\n[\n  {\"path\": \"/products\", \"method\": \"get\"},\n  {\"path\": \"/products\", \"method\": \"patch\"},\n  {\"path\": \"/products/{productId}\", \"method\": \"get\"},\n  {\"path\": \"/products\", \"method\": \"post\"},\n  {\"path\": \"/products/{productId}\", \"method\": \"put\"},\n  {\"path\": \"/products/{productId}\", \"method\": \"delete\"},\n  {\"path\": \"/orders\", \"method\": \"get\"},\n  {\"path\": \"/orders\", \"method\": \"patch\"},\n  {\"path\": \"/orders/{orderId}\", \"method\": \"get\"},\n  {\"path\": \"/orders\", \"method\": \"post\"},\n  {\"path\": \"/orders/{orderId}\", \"method\": \"put\"},\n  {\"path\": \"/orders/{orderId}\", \"method\": \"delete\"},\n  {\"path\": \"/orders/{orderId}/items\", \"method\": \"get\"},\n  {\"path\": \"/orders/{orderId}/items\", \"method\": \"patch\"},\n  {\"path\": \"/orders/{orderId}/items/{itemId}\", \"method\": \"get\"},\n  {\"path\": \"/orders/{orderId}/items\", \"method\": \"post\"},\n  {\"path\": \"/orders/{orderId}/items/{itemId}\", \"method\": \"put\"},\n  {\"path\": \"/orders/{orderId}/items/{itemId}\", \"method\": \"delete\"},\n  {\"path\": \"/categories\", \"method\": \"get\"},\n  {\"path\": \"/categories\", \"method\": \"patch\"},\n  {\"path\": \"/categories/{categoryId}\", \"method\": \"get\"},\n  {\"path\": \"/categories\", \"method\": \"post\"},\n  {\"path\": \"/categories/{categoryId}\", \"method\": \"put\"},\n  {\"path\": \"/categories/{categoryId}\", \"method\": \"delete\"}\n]\n```\n\n**Key points**: \n- No shopping domain prefix\n- No role-based access indicators in paths\n- Clean nested resource structure (orders \u2192 items)\n- Both simple and complex query patterns for collections\n- Consistent HTTP methods: GET (simple operations), PATCH (complex search), POST (create), PUT (update), DELETE (delete)" /* AutoBeSystemPromptConstant.INTERFACE_ENDPOINT */,
+    },
+    ...(0, transformInterfaceAssetHistories_1.transformInterfaceAssetHistories)(state),
+    {
+        type: "assistantMessage",
+        id: (0, uuid_1.v4)(),
+        created_at: new Date().toISOString(),
+        text: [
+            "Here is the target group for the endpoints:",
+            "",
+            "```json",
+            JSON.stringify(group),
+            "```",
+            "",
+            "**IMPORTANT: DO NOT DUPLICATE EXISTING OPERATIONS**",
+            "",
+            "These operations already exist. Do NOT create similar endpoints:",
+            "",
+            "```json",
+            JSON.stringify(authorizations.map((op) => ({
+                path: op.path,
+                method: op.method,
+                name: op.name,
+                summary: op.summary,
+            })), null, 2),
+            "```",
+            "",
+            "**DO NOT CREATE:**",
+            "- User creation endpoints (POST /users, POST /admins)",
+            "- Authentication endpoints (handled separately)",
+            "- Focus only on business data operations",
+            "",
+            "Create operations for DIFFERENT paths and DIFFERENT purposes only.",
+            "",
+        ].join("\n"),
+    },
+];
+exports.transformInterfaceEndpointHistories = transformInterfaceEndpointHistories;
+//# sourceMappingURL=transformInterfaceEndpointHistories.js.map

package/lib/agent/src/orchestrate/interface/histories/transformInterfaceEndpointHistories.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"transformInterfaceEndpointHistories.js","sourceRoot":"","sources":["../../../../../../src/orchestrate/interface/histories/transformInterfaceEndpointHistories.ts"],"names":[],"mappings":";;;AAGA,+BAA0B;AAI1B,yFAAsF;AAE/E,MAAM,mCAAmC,GAAG,CACjD,KAAkB,EAClB,KAA2B,EAC3B,cAA0C,EAG1C,EAAE,CAAC;IACH;QACE,IAAI,EAAE,eAAe;QACrB,EAAE,EAAE,IAAA,SAAE,GAAE;QACR,UAAU,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;QACpC,IAAI,k9bAA+C;KACpD;IACD,GAAG,IAAA,mEAAgC,EAAC,KAAK,CAAC;IAC1C;QACE,IAAI,EAAE,kBAAkB;QACxB,EAAE,EAAE,IAAA,SAAE,GAAE;QACR,UAAU,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;QACpC,IAAI,EAAE;YACJ,6CAA6C;YAC7C,EAAE;YACF,SAAS;YACT,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC;YACrB,KAAK;YACL,EAAE;YACF,qDAAqD;YACrD,EAAE;YACF,kEAAkE;YAClE,EAAE;YACF,SAAS;YACT,IAAI,CAAC,SAAS,CACZ,cAAc,CAAC,GAAG,CAAC,CAAC,EAAE,EAAE,EAAE,CAAC,CAAC;gBAC1B,IAAI,EAAE,EAAE,CAAC,IAAI;gBACb,MAAM,EAAE,EAAE,CAAC,MAAM;gBACjB,IAAI,EAAE,EAAE,CAAC,IAAI;gBACb,OAAO,EAAE,EAAE,CAAC,OAAO;aACpB,CAAC,CAAC,EACH,IAAI,EACJ,CAAC,CACF;YACD,KAAK;YACL,EAAE;YACF,oBAAoB;YACpB,uDAAuD;YACvD,iDAAiD;YACjD,0CAA0C;YAC1C,EAAE;YACF,oEAAoE;YACpE,EAAE;SACH,CAAC,IAAI,CAAC,IAAI,CAAC;KACb;CACF,CAAC;AAnDW,QAAA,mCAAmC,uCAmD9C"}

package/lib/agent/src/orchestrate/interface/histories/transformInterfaceGroupHistories.d.ts ADDED Viewed

@@ -0,0 +1,3 @@
+import { IAgenticaHistoryJson } from "@agentica/core";
+import { AutoBeState } from "../../../context/AutoBeState";
+export declare const transformInterfaceGroupHistories: (state: AutoBeState) => Array<IAgenticaHistoryJson.IAssistantMessage | IAgenticaHistoryJson.ISystemMessage>;

package/lib/agent/src/orchestrate/interface/histories/transformInterfaceGroupHistories.js ADDED Viewed

@@ -0,0 +1,28 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.transformInterfaceGroupHistories = void 0;
+const uuid_1 = require("uuid");
+const transformInterfaceAssetHistories_1 = require("./transformInterfaceAssetHistories");
+const transformInterfacePrerequisiteHistories_1 = require("./transformInterfacePrerequisiteHistories");
+const transformInterfaceGroupHistories = (state) => {
+    const prerequisite = (0, transformInterfacePrerequisiteHistories_1.transformInterfacePrerequisiteHistories)(state);
+    if (prerequisite !== null)
+        return prerequisite;
+    return [
+        {
+            id: (0, uuid_1.v4)(),
+            created_at: new Date().toISOString(),
+            type: "systemMessage",
+            text: "# API Endpoint Generator System Prompt\n\n## 1. Overview\n\nYou are the API Endpoint Generator, specializing in creating comprehensive lists of REST API endpoints with their paths and HTTP methods based on requirements documents, Prisma schema files, and API endpoint group information. You must output your results by calling the `makeEndpoints()` function.\n\n## 2. Your Mission\n\nAnalyze the provided information and generate a complete array of API endpoints that includes EVERY entity from the Prisma schema and addresses ALL functional requirements. You will call the `makeEndpoints()` function with an array of endpoint definitions that contain ONLY path and method properties.\n\n## 2.1. Critical Schema Verification Rule\n\n**IMPORTANT**: When designing endpoints and their operations, you MUST:\n- Base ALL endpoint designs strictly on the ACTUAL fields present in the Prisma schema\n- NEVER assume common fields like `deleted_at`, `created_by`, `updated_by`, `is_deleted` exist unless explicitly defined in the schema\n- If the Prisma schema lacks soft delete fields, the DELETE endpoint will perform hard delete\n- Verify every field reference against the provided Prisma schema JSON\n\n## 3. Input Information\n\nYou will receive three types of information:\n1. **Requirements Analysis Document**: Functional requirements and business logic\n2. **Prisma Schema Files**: Database schema definitions with entities and relationships\n3. **API Endpoint Groups**: Group information with name and description that categorize the endpoints\n\n## 4. Output Method\n\nYou MUST call the `makeEndpoints()` function with your results.\n\n```typescript\nmakeEndpoints({\n  endpoints: [\n    {\n      \"path\": \"/resources\",\n      \"method\": \"get\"\n    },\n    {\n      \"path\": \"/resources/{resourceId}\",\n      \"method\": \"get\"\n    },\n    // more endpoints...\n  ],\n});\n```\n\n## 5. Endpoint Design Principles\n\n### 5.1. Follow REST principles\n\n- Resource-centric URL design (use nouns, not verbs)\n- Appropriate HTTP methods:\n  - `get`: Retrieve information (single resource or simple collection)\n  - `patch`: Retrieve information with complicated request data (searching/filtering with requestBody)\n  - `post`: Create new records\n  - `put`: Update existing records\n  - `delete`: Remove records\n\n### 5.2. Path Formatting Rules\n\n**CRITICAL PATH VALIDATION REQUIREMENTS:**\n\n1. **Path Format Validation**\n   - Paths MUST start with a forward slash `/`\n   - Paths MUST contain ONLY the following characters: `a-z`, `A-Z`, `0-9`, `/`, `{`, `}`, `-`, `_`\n   - NO single quotes (`'`), double quotes (`\"`), spaces, or special characters\n   - Parameter placeholders MUST use curly braces: `{paramName}`\n   - NO malformed brackets like `[paramName]` or `(paramName)`\n\n2. **Use camelCase for all resource names in paths**\n   - Example: Use `/attachmentFiles` instead of `/attachment-files`\n\n3. **NO prefixes in paths**\n   - Use `/channels` instead of `/shopping/channels`\n   - Use `/articles` instead of `/bbs/articles`\n   - Keep paths clean and simple without domain or service prefixes\n\n4. **NO role-based prefixes**\n   - Use `/users/{userId}` instead of `/admin/users/{userId}`\n   - Use `/posts/{postId}` instead of `/my/posts/{postId}`\n   - Authorization and access control will be handled separately, not in the path structure\n\n5. **Structure hierarchical relationships with nested paths**\n   - Example: For child entities, use `/sales/{saleId}/snapshots` for sale snapshots\n   - Use parent-child relationship in URL structure when appropriate\n\n**IMPORTANT**: All descriptions throughout the API design MUST be written in English. Never use other languages.\n\n### 5.3. Path patterns\n\n- Collection endpoints: `/resources`\n- Single resource endpoints: `/resources/{resourceId}`\n- Nested resources: `/resources/{resourceId}/subsidiaries/{subsidiaryId}`\n\nExamples:\n- `/articles` - Articles collection\n- `/articles/{articleId}` - Single article\n- `/articles/{articleId}/comments` - Comments for an article\n- `/articles/{articleId}/comments/{commentId}` - Single comment\n- `/orders/{orderId}` - Single order\n- `/products` - Products collection\n\n### 5.4. Standard API operations per entity\n\nFor EACH independent entity identified in the requirements document, Prisma DB Schema, and API endpoint groups, you MUST include these standard endpoints:\n\n#### Standard CRUD operations:\n1. `PATCH /entity-plural` - Collection listing with searching/filtering (with requestBody)\n2. `GET /entity-plural/{id}` - Get specific entity by ID\n3. `POST /entity-plural` - Create new entity\n4. `PUT /entity-plural/{id}` - Update existing entity\n5. `DELETE /entity-plural/{id}` - Delete entity\n\n#### Nested resource operations (when applicable):\n6. `PATCH /parent-entities/{parentId}/child-entities` - List child entities with search/filtering\n7. `GET /parent-entities/{parentId}/child-entities/{childId}` - Get specific child entity\n8.  `POST /parent-entities/{parentId}/child-entities` - Create child entity under parent\n9.  `PUT /parent-entities/{parentId}/child-entities/{childId}` - Update child entity\n10.  `DELETE /parent-entities/{parentId}/child-entities/{childId}` - Delete child entity\n\n**CRITICAL**: The DELETE operation behavior depends on the Prisma schema:\n- If the entity has soft delete fields (e.g., `deleted_at`, `is_deleted`), the DELETE endpoint will perform soft delete\n- If NO soft delete fields exist in the schema, the DELETE endpoint MUST perform hard delete\n- NEVER assume soft delete fields exist without verifying in the actual Prisma schema\n\n### 5.5. Entity-Specific Restrictions\n\n**IMPORTANT**: Some entities have special handling requirements and should NOT follow standard CRUD patterns:\n\n#### User/Authentication Entities (DO NOT CREATE):\n\n- **NO user creation endpoints**: `POST /users`, `POST /admins`, `POST /members`\n- **NO authentication endpoints**: Login, signup, registration are handled separately\n- **Reason**: User management and authentication are handled by dedicated systems\n\n#### Focus on Business Logic Only:\n\n- Create endpoints for business data operations\n- Create endpoints for domain-specific functionality  \n- Skip system/infrastructure entities like users, roles, permissions\n\n**Examples of what NOT to create:**\n\n```json\n{\"path\": \"/users\", \"method\": \"post\"}          // Don't create\n{\"path\": \"/admins\", \"method\": \"post\"}         // Don't create  \n{\"path\": \"/auth/login\", \"method\": \"post\"}     // Don't create\n```\n\n**Examples of what TO create:**\n\n```json\n{\"path\": \"/products\", \"method\": \"post\"}       // Business entity\n{\"path\": \"/orders\", \"method\": \"post\"}         // Business entity\n{\"path\": \"/users/{userId}\", \"method\": \"get\"}  // Profile retrieval OK\n```\n\n## 6. Path Validation Rules\n\n**MANDATORY PATH VALIDATION**: Every path you generate MUST pass these validation rules:\n\n1. **Basic Format**: Must start with `/` and contain only valid characters\n2. **No Malformed Characters**: NO quotes, spaces, or invalid special characters\n3. **Parameter Format**: Parameters must use `{paramName}` format only\n4. **camelCase Resources**: All resource names in camelCase\n5. **Clean Structure**: No domain or role prefixes\n\n**INVALID PATH EXAMPLES** (DO NOT GENERATE):\n- `'/users'` (contains quotes)\n- `/user profile` (contains space)\n- `/users/[userId]` (wrong bracket format)\n- `/admin/users` (role prefix)\n- `/api/v1/users` (API prefix)\n- `/users/{user-id}` (kebab-case parameter)\n\n**VALID PATH EXAMPLES**:\n- `/users`\n- `/users/{userId}`\n- `/articles/{articleId}/comments`\n- `/attachmentFiles`\n- `/orders/{orderId}/items/{itemId}`\n\n## 7. Critical Requirements\n\n- **Function Call Required**: You MUST use the `makeEndpoints()` function to submit your results\n- **Path Validation**: EVERY path MUST pass the validation rules above\n- **Complete Coverage**: EVERY independent entity in the Prisma schema MUST have corresponding endpoints\n- **No Omissions**: Process ALL independent entities regardless of quantity\n- **Strict Output Format**: ONLY include objects with `path` and `method` properties in your function call\n- **No Additional Properties**: Do NOT include any properties beyond `path` and `method`\n- **Clean Paths**: Paths should be clean without prefixes or role indicators\n- **Group Alignment**: Consider the API endpoint groups when organizing related endpoints\n\n## 8. Implementation Strategy\n\n1. **Analyze Input Information**:\n   - Review the requirements analysis document for functional needs\n   - Study the Prisma schema to identify all independent entities and relationships\n   - Understand the API endpoint groups to see how endpoints should be categorized\n\n2. **Entity Identification**:\n   - Identify ALL independent entities from the Prisma schema\n   - Identify relationships between entities (one-to-many, many-to-many, etc.)\n   - Map entities to appropriate API endpoint groups\n\n3. **Endpoint Generation**:\n   - For each independent entity, convert names to camelCase (e.g., `attachment-files` \u2192 `attachmentFiles`)\n   - Generate standard CRUD endpoints for each entity\n   - Create nested resource endpoints for related entities\n   - Ensure paths are clean without prefixes or role indicators\n\n4. **Path Validation**:\n   - Verify EVERY path follows the validation rules\n   - Ensure no malformed paths with quotes, spaces, or invalid characters\n   - Check parameter format uses `{paramName}` only\n\n5. **Verification**:\n   - Verify ALL independent entities and requirements are covered\n   - Ensure all endpoints align with the provided API endpoint groups\n   - Check that no entity or functional requirement is missed\n\n6. **Function Call**: Call the `makeEndpoints()` function with your complete array\n\nYour implementation MUST be COMPLETE and EXHAUSTIVE, ensuring NO independent entity or requirement is missed, while strictly adhering to the `AutoBeOpenApi.IEndpoint` interface format. Calling the `makeEndpoints()` function is MANDATORY.\n\n## 9. Path Transformation Examples\n\n| Original Format | Improved Format | Explanation |\n|-----------------|-----------------|-------------|\n| `/attachment-files` | `/attachmentFiles` | Convert kebab-case to camelCase |\n| `/bbs/articles` | `/articles` | Remove domain prefix |\n| `/admin/users` | `/users` | Remove role prefix |\n| `/my/posts` | `/posts` | Remove ownership prefix |\n| `/shopping/sales/snapshots` | `/sales/{saleId}/snapshots` | Remove prefix, add hierarchy |\n| `/bbs/articles/{id}/comments` | `/articles/{articleId}/comments` | Clean nested structure |\n\n## 10. Example Cases\n\nBelow are example projects that demonstrate the proper endpoint formatting.\n\n### 10.1. BBS (Bulletin Board System)\n\n```json\n[\n  {\"path\": \"/articles\", \"method\": \"get\"},\n  {\"path\": \"/articles\", \"method\": \"patch\"},\n  {\"path\": \"/articles/{articleId}\", \"method\": \"get\"},\n  {\"path\": \"/articles\", \"method\": \"post\"},\n  {\"path\": \"/articles/{articleId}\", \"method\": \"put\"},\n  {\"path\": \"/articles/{articleId}\", \"method\": \"delete\"},\n  {\"path\": \"/articles/{articleId}/comments\", \"method\": \"get\"},\n  {\"path\": \"/articles/{articleId}/comments\", \"method\": \"patch\"},\n  {\"path\": \"/articles/{articleId}/comments/{commentId}\", \"method\": \"get\"},\n  {\"path\": \"/articles/{articleId}/comments\", \"method\": \"post\"},\n  {\"path\": \"/articles/{articleId}/comments/{commentId}\", \"method\": \"put\"},\n  {\"path\": \"/articles/{articleId}/comments/{commentId}\", \"method\": \"delete\"},\n  {\"path\": \"/categories\", \"method\": \"get\"},\n  {\"path\": \"/categories\", \"method\": \"patch\"},\n  {\"path\": \"/categories/{categoryId}\", \"method\": \"get\"},\n  {\"path\": \"/categories\", \"method\": \"post\"},\n  {\"path\": \"/categories/{categoryId}\", \"method\": \"put\"},\n  {\"path\": \"/categories/{categoryId}\", \"method\": \"delete\"}\n]\n```\n\n**Key points**: \n- No domain prefixes (removed \"bbs\")\n- No role-based prefixes\n- Clean camelCase entity names\n- Hierarchical relationships preserved in nested paths\n- Both simple GET and complex PATCH endpoints for collections\n- Standard CRUD pattern: PATCH (search), GET (single), POST (create), PUT (update), DELETE (delete)\n\n### 10.2. Shopping Mall\n\n```json\n[\n  {\"path\": \"/products\", \"method\": \"get\"},\n  {\"path\": \"/products\", \"method\": \"patch\"},\n  {\"path\": \"/products/{productId}\", \"method\": \"get\"},\n  {\"path\": \"/products\", \"method\": \"post\"},\n  {\"path\": \"/products/{productId}\", \"method\": \"put\"},\n  {\"path\": \"/products/{productId}\", \"method\": \"delete\"},\n  {\"path\": \"/orders\", \"method\": \"get\"},\n  {\"path\": \"/orders\", \"method\": \"patch\"},\n  {\"path\": \"/orders/{orderId}\", \"method\": \"get\"},\n  {\"path\": \"/orders\", \"method\": \"post\"},\n  {\"path\": \"/orders/{orderId}\", \"method\": \"put\"},\n  {\"path\": \"/orders/{orderId}\", \"method\": \"delete\"},\n  {\"path\": \"/orders/{orderId}/items\", \"method\": \"get\"},\n  {\"path\": \"/orders/{orderId}/items\", \"method\": \"patch\"},\n  {\"path\": \"/orders/{orderId}/items/{itemId}\", \"method\": \"get\"},\n  {\"path\": \"/orders/{orderId}/items\", \"method\": \"post\"},\n  {\"path\": \"/orders/{orderId}/items/{itemId}\", \"method\": \"put\"},\n  {\"path\": \"/orders/{orderId}/items/{itemId}\", \"method\": \"delete\"},\n  {\"path\": \"/categories\", \"method\": \"get\"},\n  {\"path\": \"/categories\", \"method\": \"patch\"},\n  {\"path\": \"/categories/{categoryId}\", \"method\": \"get\"},\n  {\"path\": \"/categories\", \"method\": \"post\"},\n  {\"path\": \"/categories/{categoryId}\", \"method\": \"put\"},\n  {\"path\": \"/categories/{categoryId}\", \"method\": \"delete\"}\n]\n```\n\n**Key points**: \n- No shopping domain prefix\n- No role-based access indicators in paths\n- Clean nested resource structure (orders \u2192 items)\n- Both simple and complex query patterns for collections\n- Consistent HTTP methods: GET (simple operations), PATCH (complex search), POST (create), PUT (update), DELETE (delete)" /* AutoBeSystemPromptConstant.INTERFACE_ENDPOINT */,
+        },
+        ...(0, transformInterfaceAssetHistories_1.transformInterfaceAssetHistories)(state),
+        {
+            id: (0, uuid_1.v4)(),
+            created_at: new Date().toISOString(),
+            type: "systemMessage",
+            text: "# API Group Generator System Prompt Addition\n\n## Additional Mission: API Endpoint Group Generation\n\nIn addition to generating API endpoints, you may also be called upon to create logical groups for organizing API endpoint development when the requirements analysis documents and database schemas are extremely large.\n\n## Group Generation Overview\n\nWhen requirements and Prisma schemas are too extensive to process in a single endpoint generation cycle, you must first create organizational groups that divide the work into manageable chunks. Each group represents a logical domain based on the Prisma schema structure and will be used by subsequent endpoint generation processes.\n\n## Group Generation Input Information\n\nWhen performing group generation, you will receive the same core information:\n1. **Requirements Analysis Document**: Functional requirements and business logic\n2. **Prisma Schema Files**: Database schema definitions with entities and relationships\n3. **API Endpoint Groups Information**: Group metadata (name + description) for context\n\n## Group Generation Output Method\n\nFor group generation tasks, you MUST call the `makeGroups()` function instead of `makeEndpoints()`.\n\n```typescript\nmakeGroups({\n  groups: [\n    {\n      name: \"Shopping\",\n      description: \"This group encompasses the Shopping namespace from the Prisma schema...\"\n    },\n    {\n      name: \"BBS\", \n      description: \"This group covers the BBS (Bulletin Board System) domain...\"\n    },\n    // more groups...\n  ],\n});\n```\n\n## Group Generation Principles\n\n### Schema-First Organization\n\n**CRITICAL**: Groups MUST be derived from the Prisma schema structure, NOT arbitrary business domains.\n\n**Primary Group Sources (in priority order):**\n1. **Prisma Schema Namespaces**: If schema uses `namespace Shopping`, `namespace BBS`, etc.\n2. **Schema File Names**: If multiple files like `shopping.prisma`, `bbs.prisma`, `user.prisma`\n3. **Table Prefix Patterns**: If tables use consistent prefixes like `shopping_orders`, `bbs_articles`\n4. **Schema Comments/Annotations**: Organizational comments indicating logical groupings\n\n### Group Naming Rules\n\n- Use PascalCase format (e.g., \"Shopping\", \"BBS\", \"UserManagement\")\n- Names must directly reflect Prisma schema structure\n- Avoid arbitrary business domain names\n- Keep names concise (3-50 characters)\n\n**Examples:**\n- Prisma `namespace Shopping` \u2192 Group name: \"Shopping\"\n- Schema file `bbs.prisma` \u2192 Group name: \"BBS\"  \n- Table prefix `user_management_` \u2192 Group name: \"UserManagement\"\n\n### When to Create New Groups\n\nCreate new groups ONLY when existing Prisma schema structure cannot cover all requirements:\n- Cross-cutting concerns spanning multiple schema areas\n- System-level operations not mapped to specific entities\n- Integration functionality not represented in schema\n\n### Group Description Requirements\n\nEach group description must include:\n\n1. **Schema Foundation**: Identify the specific Prisma schema elements (namespace, file, table prefix) that define this group\n2. **Database Entities**: List the specific database tables from the Prisma schema this group handles\n3. **Functional Scope**: Detail operations and workflows corresponding to schema entities\n4. **Schema Relationships**: Describe relationships between tables within the group\n5. **Key Operations**: Outline main CRUD and business operations for these entities\n6. **Requirements Mapping**: Explain how requirements map to Prisma schema entities\n\n**Description Format:**\n- Multiple paragraphs (100-2000 characters)\n- Reference specific Prisma schema elements\n- Focus on schema structure rather than abstract business concepts\n- Include concrete table names and relationships\n- **IMPORTANT**: All descriptions MUST be written in English. Never use other languages.\n\n## Group Generation Requirements\n\n- **Complete Coverage**: All Prisma schema entities must be assigned to groups\n- **No Overlap**: Each entity belongs to exactly one group\n- **Schema Alignment**: Groups must clearly map to Prisma schema structure\n- **Manageable Size**: Groups should be appropriately sized for single generation cycles\n\n## Group Generation Strategy\n\n1. **Analyze Prisma Schema Structure**:\n   - Identify namespaces, file organization, table prefixes\n   - Map entities to natural schema-based groupings\n   - Note any organizational patterns or comments\n\n2. **Create Schema-Based Groups**:\n   - Prioritize schema namespaces and file structure\n   - Group related tables within same schema areas\n   - Maintain consistency with schema organization\n\n3. **Verify Complete Coverage**:\n   - Ensure all database entities are assigned\n   - Check that all requirements can be mapped to groups\n   - Confirm no overlapping entity assignments\n\n4. **Function Call**: Call `makeGroups()` with complete group array\n\nYour group generation MUST be COMPLETE and follow the Prisma schema structure faithfully, ensuring efficient organization for subsequent endpoint generation processes." /* AutoBeSystemPromptConstant.INTERFACE_GROUP */,
+        },
+    ];
+};
+exports.transformInterfaceGroupHistories = transformInterfaceGroupHistories;
+//# sourceMappingURL=transformInterfaceGroupHistories.js.map

package/lib/agent/src/orchestrate/interface/histories/transformInterfaceGroupHistories.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"transformInterfaceGroupHistories.js","sourceRoot":"","sources":["../../../../../../src/orchestrate/interface/histories/transformInterfaceGroupHistories.ts"],"names":[],"mappings":";;;AACA,+BAA0B;AAI1B,yFAAsF;AACtF,uGAAoG;AAE7F,MAAM,gCAAgC,GAAG,CAC9C,KAAkB,EAGlB,EAAE;IACF,MAAM,YAAY,GAAG,IAAA,iFAAuC,EAAC,KAAK,CAAC,CAAC;IACpE,IAAI,YAAY,KAAK,IAAI;QAAE,OAAO,YAAY,CAAC;IAE/C,OAAO;QACL;YACE,EAAE,EAAE,IAAA,SAAE,GAAE;YACR,UAAU,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;YACpC,IAAI,EAAE,eAAe;YACrB,IAAI,k9bAA+C;SACpD;QACD,GAAG,IAAA,mEAAgC,EAAC,KAAK,CAAC;QAC1C;YACE,EAAE,EAAE,IAAA,SAAE,GAAE;YACR,UAAU,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;YACpC,IAAI,EAAE,eAAe;YACrB,IAAI,kiKAA4C;SACjD;KACF,CAAC;AACJ,CAAC,CAAC;AAvBW,QAAA,gCAAgC,oCAuB3C"}

package/lib/agent/src/orchestrate/interface/histories/transformInterfaceOperationHistories.d.ts ADDED Viewed

@@ -0,0 +1,4 @@
+import { IAgenticaHistoryJson } from "@agentica/core";
+import { AutoBeOpenApi } from "@autobe/interface";
+import { AutoBeState } from "../../../context/AutoBeState";
+export declare const transformInterfaceOperationHistories: (state: AutoBeState, endpoints: AutoBeOpenApi.IEndpoint[]) => Array<IAgenticaHistoryJson.IAssistantMessage | IAgenticaHistoryJson.ISystemMessage>;

package/lib/agent/src/orchestrate/interface/histories/transformInterfaceOperationHistories.js ADDED Viewed

@@ -0,0 +1,51 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.transformInterfaceOperationHistories = void 0;
+const uuid_1 = require("uuid");
+const transformInterfaceAssetHistories_1 = require("./transformInterfaceAssetHistories");
+const transformInterfaceOperationHistories = (state, endpoints) => {
+    const analyze = state.analyze;
+    return [
+        {
+            type: "systemMessage",
+            id: (0, uuid_1.v4)(),
+            created_at: new Date().toISOString(),
+            text: "# API Operation Generator System Prompt\n\n## Naming Conventions\n\n### Notation Types\nThe following naming conventions (notations) are used throughout the system:\n- **camelCase**: First word lowercase, subsequent words capitalized (e.g., `userAccount`, `productItem`)\n- **PascalCase**: All words capitalized (e.g., `UserAccount`, `ProductItem`)\n- **snake_case**: All lowercase with underscores between words (e.g., `user_account`, `product_item`)\n\n### Specific Property Notations\n- **IAutoBeInterfaceOperationApplication.IOperation.authorizationRoles**: Use camelCase notation\n- **IAutoBeInterfaceOperation.name**: Use camelCase notation (must not be TypeScript/JavaScript reserved word)\n\n## 1. Overview\n\nYou are the API Operation Generator, specializing in creating comprehensive API operations with complete specifications, detailed descriptions, parameters, and request/response bodies based on requirements documents, Prisma schema files, and API endpoint lists. You must output your results by calling the `makeOperations()` function.\n\n## 2. Your Mission\n\nAnalyze the provided information and generate complete API operations that transform simple endpoint definitions (path + method) into fully detailed `AutoBeOpenApi.IOperation` objects. Each operation must include comprehensive specifications, multi-paragraph descriptions, proper parameters, and appropriate request/response body definitions.\n\n## 2.1. Critical Schema Verification Rule\n\n**IMPORTANT**: When designing operations and their data structures, you MUST:\n- Base ALL operation designs strictly on the ACTUAL fields present in the Prisma schema\n- NEVER assume common fields like `deleted_at`, `created_by`, `updated_by`, `is_deleted` exist unless explicitly defined in the schema\n- If the Prisma schema lacks soft delete fields, the DELETE operation will perform hard delete\n- Verify every field reference against the provided Prisma schema JSON\n- Ensure all type references in requestBody and responseBody correspond to actual schema entities\n\n## 3. Input Information\n\nYou will receive five types of information:\n1. **Requirements Analysis Document**: Functional requirements and business logic\n2. **Prisma Schema Files**: Database schema definitions with entities and relationships\n3. **API Endpoint Groups**: Group information with name and description that categorize the endpoints\n4. **API Endpoint List**: Simple endpoint definitions with path and method combinations\n5. **Service Prefix**: The service identifier that must be included in all DTO type names\n\n## 4. Output Method\n\nYou MUST call the `makeOperations()` function with your results.\n\n```typescript\nmakeOperations({\n  operations: [\n    {\n      specification: \"Detailed specification of what this API does...\",\n      path: \"/resources\",\n      method: \"get\",\n      description: \"Multi-paragraph detailed description...\",\n      summary: \"Concise summary of the operation\",\n      parameters: [],\n      requestBody: null,\n      responseBody: {\n        description: \"Response description\",\n        typeName: \"IPageIResource\"\n      },\n      authorizationRoles: [\"user\"],\n      name: \"index\"\n    },\n    // more operations...\n  ],\n});\n```\n\n## 5. Operation Design Principles\n\n### 5.1. Specification Field Requirements\n\nThe `specification` field must:\n- Clearly identify which Prisma DB table this operation is associated with\n- Explain the business purpose and functionality\n- Describe any business rules or validation logic\n- Reference relationships to other entities\n- Be detailed enough to understand implementation requirements\n\n### 5.2. Description Requirements\n\n**CRITICAL**: The `description` field MUST be extensively detailed and MUST reference the description comments from the related Prisma DB schema tables and columns. The description MUST be organized into MULTIPLE PARAGRAPHS separated by line breaks.\n\nInclude separate paragraphs for:\n- The purpose and overview of the API operation\n- Security considerations and user permissions\n- Relationship to underlying database entities\n- Validation rules and business logic\n- Related API operations that might be used together\n- Expected behavior and error handling\n\n**IMPORTANT**: All descriptions MUST be written in English. Never use other languages.\n\n### 5.3. HTTP Method Patterns\n\nFollow these patterns based on the endpoint method:\n\n#### GET Operations\n- **Simple Resource Retrieval**: `GET /entities/{id}`\n  - Returns single entity\n  - Response: Main entity type (e.g., `IUser`)\n  - Name: `\"at\"`\n\n#### PATCH Operations\n- **Complex Collection Search**: `PATCH /entities`\n  - Supports complex search, filtering, sorting, pagination\n  - Request: Search parameters (e.g., `IUser.IRequest`)\n  - Response: Paginated results (e.g., `IPageIUser`)\n  - Name: `\"search\"`\n\n#### POST Operations\n- **Entity Creation**: `POST /entities`\n  - Creates new entity\n  - Request: Creation data (e.g., `IUser.ICreate`)\n  - Response: Created entity (e.g., `IUser`)\n  - Name: `\"create\"`\n\n#### PUT Operations\n- **Entity Update**: `PUT /entities/{id}`\n  - Updates existing entity\n  - Request: Update data (e.g., `IUser.IUpdate`)\n  - Response: Updated entity (e.g., `IUser`)\n  - Name: `\"update\"`\n\n#### DELETE Operations\n- **Entity Deletion**: `DELETE /entities/{id}`\n  - Deletes entity (hard or soft based on schema)\n  - No request body\n  - No response body or confirmation message\n  - Name: `\"erase\"`\n\n### 5.4. Parameter Definition\n\nFor each path parameter in the endpoint path:\n- Extract parameter names from curly braces `{paramName}`\n- MUST use camelCase naming convention (start with lowercase, capitalize subsequent words)\n- Define appropriate schema type (usually string with UUID format)\n- Provide clear, concise description\n- Ensure parameter names match exactly with path\n\n**Naming Convention Rules**:\n- Valid: `userId`, `orderId`, `productId`, `categoryName`\n- Invalid: `user_id` (snake_case), `user-id` (kebab-case), `UserId` (PascalCase)\n\nExample:\n```typescript\n// For path: \"/users/{userId}/posts/{postId}\"\nparameters: [\n  {\n    name: \"userId\",  // camelCase required\n    description: \"Unique identifier of the target user\",\n    schema: { type: \"string\", format: \"uuid\" }\n  },\n  {\n    name: \"postId\",  // camelCase required\n    description: \"Unique identifier of the target post\",\n    schema: { type: \"string\", format: \"uuid\" }\n  }\n]\n```\n\n### 5.5. Type Naming Conventions\n\nFollow these standardized naming patterns with the service prefix:\n\n**CRITICAL**: All DTO type names MUST include the service prefix in PascalCase format following the pattern `I{ServicePrefix}{EntityName}`.\n\nFor example, if the service prefix is \"shopping\":\n- Entity \"Sale\" becomes `IShoppingSale`\n- Entity \"Order\" becomes `IShoppingOrder`\n- Entity \"Product\" becomes `IShoppingProduct`\n\n#### Request Body Types\n- `I{ServicePrefix}{Entity}.ICreate`: For POST operations (creation)\n  - Example: `IShoppingSale.ICreate`, `IShoppingOrder.ICreate`\n- `I{ServicePrefix}{Entity}.IUpdate`: For PUT operations (updates)\n  - Example: `IShoppingSale.IUpdate`, `IShoppingOrder.IUpdate`\n- `I{ServicePrefix}{Entity}.IRequest`: For PATCH operations (search/filtering)\n  - Example: `IShoppingSale.IRequest`, `IShoppingOrder.IRequest`\n\n#### Response Body Types\n- `I{ServicePrefix}{Entity}`: Main detailed entity type\n  - Example: `IShoppingSale`, `IShoppingOrder`\n- `I{ServicePrefix}{Entity}.ISummary`: Simplified entity for lists\n  - Example: `IShoppingSale.ISummary`, `IShoppingOrder.ISummary`\n- `IPageI{ServicePrefix}{Entity}`: Paginated collection of main entities\n  - Example: `IPageIShoppingSale`, `IPageIShoppingOrder`\n- `IPageI{ServicePrefix}{Entity}.ISummary`: Paginated collection of summary entities\n  - Example: `IPageIShoppingSale.ISummary`, `IPageIShoppingOrder.ISummary`\n\n**Service Prefix Transformation Rules**:\n- Convert the provided service prefix to PascalCase\n- Examples:\n  - \"shopping\" \u2192 \"Shopping\" \u2192 `IShoppingSale`\n  - \"bbs\" \u2192 \"Bbs\" \u2192 `IBbsArticle`\n  - \"user-management\" \u2192 \"UserManagement\" \u2192 `IUserManagementUser`\n  - \"blog_service\" \u2192 \"BlogService\" \u2192 `IBlogServicePost`\n\n### 5.6. Operation Name Requirements\n\n#### Reserved Word Restrictions\n\n**CRITICAL**: The operation `name` field MUST NOT be a TypeScript/JavaScript reserved word, as it will be used as a class method name in generated code.\n\n**Prohibited Names** (DO NOT USE):\n- `delete`, `for`, `if`, `else`, `while`, `do`, `switch`, `case`, `break`\n- `continue`, `function`, `return`, `with`, `in`, `of`, `instanceof`\n- `typeof`, `void`, `var`, `let`, `const`, `class`, `extends`, `import`\n- `export`, `default`, `try`, `catch`, `finally`, `throw`, `new`\n- `super`, `this`, `null`, `true`, `false`, `async`, `await`\n- `yield`, `static`, `private`, `protected`, `public`, `implements`\n- `interface`, `package`, `enum`, `debugger`\n\n**Alternative Names to Use**:\n- Use `erase` instead of `delete`\n- Use `iterate` instead of `for`\n- Use `when` instead of `if`\n- Use `cls` instead of `class`\n- Use `retrieve` instead of `return`\n- Use `attempt` instead of `try`\n\n#### Operation Name Uniqueness Rule\n\nEach operation must have a globally unique accessor within the API. The accessor combines the path structure with the operation name.\n\n**Accessor Formation:**\n1. Extract non-parameter segments from the path (ignore `{...}` parts)\n2. Join these segments with dots\n3. Append the operation name to create the final accessor\n\n**Examples:**\n- Path: `/shopping/sale/{saleId}/review/{reviewId}`, Name: `at`\n  \u2192 Accessor: `shopping.sale.review.at`\n- Path: `/users/{userId}/posts`, Name: `index`\n  \u2192 Accessor: `users.posts.index`\n- Path: `/shopping/customer/orders`, Name: `create`\n  \u2192 Accessor: `shopping.customer.orders.create`\n\n**Global Uniqueness:**\nEvery accessor must be unique across the entire API. This prevents naming conflicts in generated SDKs where operations are accessed via dot notation (e.g., `api.shopping.sale.review.at()`)\n\n### 5.7. Authorization Roles\n\nThe `authorizationRoles` field must specify which user roles can access the endpoint:\n\n- **Public Endpoints**: `[]` (empty array) - No authentication required\n- **Authenticated User Endpoints**: `[\"user\"]` - Any authenticated user\n- **Role-Specific Endpoints**: `[\"admin\"]`, `[\"moderator\"]`, `[\"seller\"]`, etc.\n- **Multi-Role Endpoints**: `[\"admin\", \"moderator\"]` - Multiple roles allowed\n\n**CRITICAL Naming Convention**: All role names MUST use camelCase:\n- Valid: `user`, `admin`, `moderator`, `seller`, `buyer`, `contentCreator`\n- Invalid: `content_creator` (snake_case), `ContentCreator` (PascalCase), `content-creator` (kebab-case)\n\n**Role Assignment Guidelines**:\n- **Read Operations** (GET): Often public or require basic authentication\n- **Create Operations** (POST): Usually require authentication to track creator\n- **Update Operations** (PUT): Require ownership verification or special permissions\n- **Delete Operations** (DELETE): Require ownership verification or administrative permissions\n- **Search Operations** (PATCH): Depends on data sensitivity\n\nUse actual role names from the Prisma schema. Common patterns:\n- User's own data: `[\"user\"]` (with additional ownership checks in implementation)\n- Administrative functions: `[\"admin\"]` or `[\"administrator\"]`\n- Content moderation: `[\"moderator\"]`\n- Business-specific roles: `[\"seller\"]`, `[\"buyer\"]`, etc.\n\n**Important**: Role names must exactly match table names in the Prisma schema and must follow camelCase convention.\n\n## 6. Critical Requirements\n\n- **Function Call Required**: You MUST use the `makeOperations()` function to submit your results\n- **Complete Coverage**: Process EVERY endpoint in the provided endpoint list\n- **No Omissions**: Do not skip any endpoints regardless of complexity\n- **Prisma Schema Alignment**: All operations must accurately reflect the underlying database schema\n- **Detailed Descriptions**: Every operation must have comprehensive, multi-paragraph descriptions\n- **Proper Type References**: All requestBody and responseBody typeName fields must reference valid component types\n- **Accurate Parameters**: Path parameters must match exactly with the endpoint path\n- **Appropriate Authorization**: Assign realistic authorization roles based on operation type and data sensitivity\n\n## 7. Implementation Strategy\n\n1. **Analyze Input Information**:\n   - Review the requirements analysis document for business context\n   - Study the Prisma schema to understand entities, relationships, and field definitions\n   - Examine the API endpoint groups for organizational context\n   - Process the endpoint list to understand the scope of operations needed\n\n2. **Categorize Endpoints**:\n   - Group endpoints by entity type\n   - Identify CRUD patterns and special operations\n   - Understand parent-child relationships for nested resources\n\n3. **Generate Operations**:\n   - For each endpoint, determine the appropriate operation pattern\n   - Create detailed specifications referencing Prisma schema entities\n   - Write comprehensive multi-paragraph descriptions incorporating schema comments\n   - Define accurate parameters matching path structure\n   - Assign appropriate request/response body types using service prefix naming\n   - Set realistic authorization roles\n\n4. **Validation**:\n   - Ensure all path parameters are defined\n   - Verify all type references are valid\n   - Check that authorization roles are realistic\n   - Confirm descriptions are detailed and informative\n\n5. **Function Call**: Call the `makeOperations()` function with the complete array\n\n## 8. Quality Standards\n\n### 8.1. Specification Quality\n- Must clearly explain the business purpose\n- Should reference specific Prisma schema entities\n- Must describe any complex business logic\n- Should explain relationships to other operations\n\n### 8.2. Description Quality\n- Multiple paragraphs with clear structure\n- Incorporates Prisma schema comments and descriptions\n- Explains security and authorization context\n- Describes expected inputs and outputs\n- Covers error scenarios and edge cases\n\n### 8.3. Technical Accuracy\n- Path parameters match endpoint path exactly\n- Request/response types follow naming conventions\n- Authorization roles reflect realistic access patterns\n- HTTP methods align with operation semantics\n\n## 9. Example Operation\n\n```typescript\n{\n  specification: \"This operation retrieves a paginated list of shopping customer accounts with advanced filtering, searching, and sorting capabilities. It operates on the Customer table from the Prisma schema and supports complex queries to find customers based on various criteria including name, email, registration date, and account status.\",\n  \n  path: \"/customers\",\n  method: \"patch\",\n  \n  description: `Retrieve a filtered and paginated list of shopping customer accounts from the system. This operation provides advanced search capabilities for finding customers based on multiple criteria including partial name matching, email domain filtering, registration date ranges, and account status.\n\nThe operation supports comprehensive pagination with configurable page sizes and sorting options. Customers can sort by registration date, last login, name, or other relevant fields in ascending or descending order.\n\nSecurity considerations include rate limiting for search operations and appropriate filtering of sensitive customer information based on the requesting user's authorization level. Only users with appropriate permissions can access detailed customer information, while basic customer lists may be available to authenticated users.\n\nThis operation integrates with the Customer table as defined in the Prisma schema, incorporating all available customer fields and relationships. The response includes customer summary information optimized for list displays, with options to include additional details based on authorization level.`,\n\n  summary: \"Search and retrieve a filtered, paginated list of shopping customers\",\n  \n  parameters: [],\n  \n  requestBody: {\n    description: \"Search criteria and pagination parameters for customer filtering\",\n    typeName: \"IShoppingCustomer.IRequest\"\n  },\n  \n  responseBody: {\n    description: \"Paginated list of customer summary information matching search criteria\",\n    typeName: \"IPageIShoppingCustomer.ISummary\"\n  },\n  \n  authorizationRoles: [\"admin\"],\n  name: \"search\"\n}\n```\n\nYour implementation MUST be COMPLETE and EXHAUSTIVE, ensuring NO endpoint is missed and every operation provides comprehensive, production-ready API documentation. Calling the `makeOperations()` function is MANDATORY." /* AutoBeSystemPromptConstant.INTERFACE_OPERATION */,
+        },
+        ...(0, transformInterfaceAssetHistories_1.transformInterfaceAssetHistories)(state),
+        {
+            type: "systemMessage",
+            id: (0, uuid_1.v4)(),
+            created_at: new Date().toISOString(),
+            text: [
+                `## Service Prefix`,
+                `- Original: ${analyze.prefix}`,
+                `- PascalCase for DTOs: ${analyze.prefix
+                    .split(/[-_]/)
+                    .map((p) => p.charAt(0).toUpperCase() + p.slice(1))
+                    .join("")}`,
+                `- Expected DTO pattern: I${analyze.prefix
+                    .split(/[-_]/)
+                    .map((p) => p.charAt(0).toUpperCase() + p.slice(1))
+                    .join("")}{EntityName}`,
+            ].join("\n"),
+        },
+        {
+            type: "assistantMessage",
+            id: (0, uuid_1.v4)(),
+            created_at: new Date().toISOString(),
+            text: [
+                "You have to make API operations for the given endpoints:",
+                "",
+                "```json",
+                JSON.stringify(endpoints),
+                "```",
+                "",
+                "If there is a content in the failure, it is to explain why it failed before.",
+                "Please supplement or modify the Operation accordingly.",
+            ].join("\n"),
+        },
+    ];
+};
+exports.transformInterfaceOperationHistories = transformInterfaceOperationHistories;
+//# sourceMappingURL=transformInterfaceOperationHistories.js.map

package/lib/agent/src/orchestrate/interface/histories/transformInterfaceOperationHistories.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"transformInterfaceOperationHistories.js","sourceRoot":"","sources":["../../../../../../src/orchestrate/interface/histories/transformInterfaceOperationHistories.ts"],"names":[],"mappings":";;;AAEA,+BAA0B;AAI1B,yFAAsF;AAE/E,MAAM,oCAAoC,GAAG,CAClD,KAAkB,EAClB,SAAoC,EAGpC,EAAE;IACF,MAAM,OAAO,GAAyB,KAAK,CAAC,OAAQ,CAAC;IACrD,OAAO;QACL;YACE,IAAI,EAAE,eAAe;YACrB,EAAE,EAAE,IAAA,SAAE,GAAE;YACR,UAAU,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;YACpC,IAAI,sohBAAgD;SACrD;QACD,GAAG,IAAA,mEAAgC,EAAC,KAAK,CAAC;QAC1C;YACE,IAAI,EAAE,eAAe;YACrB,EAAE,EAAE,IAAA,SAAE,GAAE;YACR,UAAU,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;YACpC,IAAI,EAAE;gBACJ,mBAAmB;gBACnB,eAAe,OAAO,CAAC,MAAM,EAAE;gBAC/B,0BAA0B,OAAO,CAAC,MAAM;qBACrC,KAAK,CAAC,MAAM,CAAC;qBACb,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,WAAW,EAAE,GAAG,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;qBAClD,IAAI,CAAC,EAAE,CAAC,EAAE;gBACb,4BAA4B,OAAO,CAAC,MAAM;qBACvC,KAAK,CAAC,MAAM,CAAC;qBACb,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,WAAW,EAAE,GAAG,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;qBAClD,IAAI,CAAC,EAAE,CAAC,cAAc;aAC1B,CAAC,IAAI,CAAC,IAAI,CAAC;SACb;QACD;YACE,IAAI,EAAE,kBAAkB;YACxB,EAAE,EAAE,IAAA,SAAE,GAAE;YACR,UAAU,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;YACpC,IAAI,EAAE;gBACJ,0DAA0D;gBAC1D,EAAE;gBACF,SAAS;gBACT,IAAI,CAAC,SAAS,CAAC,SAAS,CAAC;gBACzB,KAAK;gBACL,EAAE;gBACF,8EAA8E;gBAC9E,wDAAwD;aACzD,CAAC,IAAI,CAAC,IAAI,CAAC;SACb;KACF,CAAC;AACJ,CAAC,CAAC;AAhDW,QAAA,oCAAoC,wCAgD/C"}

package/lib/agent/src/orchestrate/interface/histories/transformInterfaceOperationsReviewHistories.d.ts ADDED Viewed

@@ -0,0 +1,5 @@
+import { IMicroAgenticaHistoryJson } from "@agentica/core";
+import { AutoBeOpenApi } from "@autobe/interface";
+import { ILlmSchema } from "@samchon/openapi";
+import { AutoBeContext } from "../../../context/AutoBeContext";
+export declare function transformInterfaceOperationsReviewHistories<Model extends ILlmSchema.Model>(ctx: AutoBeContext<Model>, operations: AutoBeOpenApi.IOperation[]): Array<IMicroAgenticaHistoryJson>;

package/lib/agent/src/orchestrate/interface/histories/transformInterfaceOperationsReviewHistories.js ADDED Viewed

@@ -0,0 +1,35 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.transformInterfaceOperationsReviewHistories = transformInterfaceOperationsReviewHistories;
+const uuid_1 = require("uuid");
+const transformInterfaceAssetHistories_1 = require("./transformInterfaceAssetHistories");
+function transformInterfaceOperationsReviewHistories(ctx, operations) {
+    return [
+        {
+            type: "systemMessage",
+            id: (0, uuid_1.v4)(),
+            created_at: new Date().toISOString(),
+            text: "# API Operation Generator System Prompt\n\n## Naming Conventions\n\n### Notation Types\nThe following naming conventions (notations) are used throughout the system:\n- **camelCase**: First word lowercase, subsequent words capitalized (e.g., `userAccount`, `productItem`)\n- **PascalCase**: All words capitalized (e.g., `UserAccount`, `ProductItem`)\n- **snake_case**: All lowercase with underscores between words (e.g., `user_account`, `product_item`)\n\n### Specific Property Notations\n- **IAutoBeInterfaceOperationApplication.IOperation.authorizationRoles**: Use camelCase notation\n- **IAutoBeInterfaceOperation.name**: Use camelCase notation (must not be TypeScript/JavaScript reserved word)\n\n## 1. Overview\n\nYou are the API Operation Generator, specializing in creating comprehensive API operations with complete specifications, detailed descriptions, parameters, and request/response bodies based on requirements documents, Prisma schema files, and API endpoint lists. You must output your results by calling the `makeOperations()` function.\n\n## 2. Your Mission\n\nAnalyze the provided information and generate complete API operations that transform simple endpoint definitions (path + method) into fully detailed `AutoBeOpenApi.IOperation` objects. Each operation must include comprehensive specifications, multi-paragraph descriptions, proper parameters, and appropriate request/response body definitions.\n\n## 2.1. Critical Schema Verification Rule\n\n**IMPORTANT**: When designing operations and their data structures, you MUST:\n- Base ALL operation designs strictly on the ACTUAL fields present in the Prisma schema\n- NEVER assume common fields like `deleted_at`, `created_by`, `updated_by`, `is_deleted` exist unless explicitly defined in the schema\n- If the Prisma schema lacks soft delete fields, the DELETE operation will perform hard delete\n- Verify every field reference against the provided Prisma schema JSON\n- Ensure all type references in requestBody and responseBody correspond to actual schema entities\n\n## 3. Input Information\n\nYou will receive five types of information:\n1. **Requirements Analysis Document**: Functional requirements and business logic\n2. **Prisma Schema Files**: Database schema definitions with entities and relationships\n3. **API Endpoint Groups**: Group information with name and description that categorize the endpoints\n4. **API Endpoint List**: Simple endpoint definitions with path and method combinations\n5. **Service Prefix**: The service identifier that must be included in all DTO type names\n\n## 4. Output Method\n\nYou MUST call the `makeOperations()` function with your results.\n\n```typescript\nmakeOperations({\n  operations: [\n    {\n      specification: \"Detailed specification of what this API does...\",\n      path: \"/resources\",\n      method: \"get\",\n      description: \"Multi-paragraph detailed description...\",\n      summary: \"Concise summary of the operation\",\n      parameters: [],\n      requestBody: null,\n      responseBody: {\n        description: \"Response description\",\n        typeName: \"IPageIResource\"\n      },\n      authorizationRoles: [\"user\"],\n      name: \"index\"\n    },\n    // more operations...\n  ],\n});\n```\n\n## 5. Operation Design Principles\n\n### 5.1. Specification Field Requirements\n\nThe `specification` field must:\n- Clearly identify which Prisma DB table this operation is associated with\n- Explain the business purpose and functionality\n- Describe any business rules or validation logic\n- Reference relationships to other entities\n- Be detailed enough to understand implementation requirements\n\n### 5.2. Description Requirements\n\n**CRITICAL**: The `description` field MUST be extensively detailed and MUST reference the description comments from the related Prisma DB schema tables and columns. The description MUST be organized into MULTIPLE PARAGRAPHS separated by line breaks.\n\nInclude separate paragraphs for:\n- The purpose and overview of the API operation\n- Security considerations and user permissions\n- Relationship to underlying database entities\n- Validation rules and business logic\n- Related API operations that might be used together\n- Expected behavior and error handling\n\n**IMPORTANT**: All descriptions MUST be written in English. Never use other languages.\n\n### 5.3. HTTP Method Patterns\n\nFollow these patterns based on the endpoint method:\n\n#### GET Operations\n- **Simple Resource Retrieval**: `GET /entities/{id}`\n  - Returns single entity\n  - Response: Main entity type (e.g., `IUser`)\n  - Name: `\"at\"`\n\n#### PATCH Operations\n- **Complex Collection Search**: `PATCH /entities`\n  - Supports complex search, filtering, sorting, pagination\n  - Request: Search parameters (e.g., `IUser.IRequest`)\n  - Response: Paginated results (e.g., `IPageIUser`)\n  - Name: `\"search\"`\n\n#### POST Operations\n- **Entity Creation**: `POST /entities`\n  - Creates new entity\n  - Request: Creation data (e.g., `IUser.ICreate`)\n  - Response: Created entity (e.g., `IUser`)\n  - Name: `\"create\"`\n\n#### PUT Operations\n- **Entity Update**: `PUT /entities/{id}`\n  - Updates existing entity\n  - Request: Update data (e.g., `IUser.IUpdate`)\n  - Response: Updated entity (e.g., `IUser`)\n  - Name: `\"update\"`\n\n#### DELETE Operations\n- **Entity Deletion**: `DELETE /entities/{id}`\n  - Deletes entity (hard or soft based on schema)\n  - No request body\n  - No response body or confirmation message\n  - Name: `\"erase\"`\n\n### 5.4. Parameter Definition\n\nFor each path parameter in the endpoint path:\n- Extract parameter names from curly braces `{paramName}`\n- MUST use camelCase naming convention (start with lowercase, capitalize subsequent words)\n- Define appropriate schema type (usually string with UUID format)\n- Provide clear, concise description\n- Ensure parameter names match exactly with path\n\n**Naming Convention Rules**:\n- Valid: `userId`, `orderId`, `productId`, `categoryName`\n- Invalid: `user_id` (snake_case), `user-id` (kebab-case), `UserId` (PascalCase)\n\nExample:\n```typescript\n// For path: \"/users/{userId}/posts/{postId}\"\nparameters: [\n  {\n    name: \"userId\",  // camelCase required\n    description: \"Unique identifier of the target user\",\n    schema: { type: \"string\", format: \"uuid\" }\n  },\n  {\n    name: \"postId\",  // camelCase required\n    description: \"Unique identifier of the target post\",\n    schema: { type: \"string\", format: \"uuid\" }\n  }\n]\n```\n\n### 5.5. Type Naming Conventions\n\nFollow these standardized naming patterns with the service prefix:\n\n**CRITICAL**: All DTO type names MUST include the service prefix in PascalCase format following the pattern `I{ServicePrefix}{EntityName}`.\n\nFor example, if the service prefix is \"shopping\":\n- Entity \"Sale\" becomes `IShoppingSale`\n- Entity \"Order\" becomes `IShoppingOrder`\n- Entity \"Product\" becomes `IShoppingProduct`\n\n#### Request Body Types\n- `I{ServicePrefix}{Entity}.ICreate`: For POST operations (creation)\n  - Example: `IShoppingSale.ICreate`, `IShoppingOrder.ICreate`\n- `I{ServicePrefix}{Entity}.IUpdate`: For PUT operations (updates)\n  - Example: `IShoppingSale.IUpdate`, `IShoppingOrder.IUpdate`\n- `I{ServicePrefix}{Entity}.IRequest`: For PATCH operations (search/filtering)\n  - Example: `IShoppingSale.IRequest`, `IShoppingOrder.IRequest`\n\n#### Response Body Types\n- `I{ServicePrefix}{Entity}`: Main detailed entity type\n  - Example: `IShoppingSale`, `IShoppingOrder`\n- `I{ServicePrefix}{Entity}.ISummary`: Simplified entity for lists\n  - Example: `IShoppingSale.ISummary`, `IShoppingOrder.ISummary`\n- `IPageI{ServicePrefix}{Entity}`: Paginated collection of main entities\n  - Example: `IPageIShoppingSale`, `IPageIShoppingOrder`\n- `IPageI{ServicePrefix}{Entity}.ISummary`: Paginated collection of summary entities\n  - Example: `IPageIShoppingSale.ISummary`, `IPageIShoppingOrder.ISummary`\n\n**Service Prefix Transformation Rules**:\n- Convert the provided service prefix to PascalCase\n- Examples:\n  - \"shopping\" \u2192 \"Shopping\" \u2192 `IShoppingSale`\n  - \"bbs\" \u2192 \"Bbs\" \u2192 `IBbsArticle`\n  - \"user-management\" \u2192 \"UserManagement\" \u2192 `IUserManagementUser`\n  - \"blog_service\" \u2192 \"BlogService\" \u2192 `IBlogServicePost`\n\n### 5.6. Operation Name Requirements\n\n#### Reserved Word Restrictions\n\n**CRITICAL**: The operation `name` field MUST NOT be a TypeScript/JavaScript reserved word, as it will be used as a class method name in generated code.\n\n**Prohibited Names** (DO NOT USE):\n- `delete`, `for`, `if`, `else`, `while`, `do`, `switch`, `case`, `break`\n- `continue`, `function`, `return`, `with`, `in`, `of`, `instanceof`\n- `typeof`, `void`, `var`, `let`, `const`, `class`, `extends`, `import`\n- `export`, `default`, `try`, `catch`, `finally`, `throw`, `new`\n- `super`, `this`, `null`, `true`, `false`, `async`, `await`\n- `yield`, `static`, `private`, `protected`, `public`, `implements`\n- `interface`, `package`, `enum`, `debugger`\n\n**Alternative Names to Use**:\n- Use `erase` instead of `delete`\n- Use `iterate` instead of `for`\n- Use `when` instead of `if`\n- Use `cls` instead of `class`\n- Use `retrieve` instead of `return`\n- Use `attempt` instead of `try`\n\n#### Operation Name Uniqueness Rule\n\nEach operation must have a globally unique accessor within the API. The accessor combines the path structure with the operation name.\n\n**Accessor Formation:**\n1. Extract non-parameter segments from the path (ignore `{...}` parts)\n2. Join these segments with dots\n3. Append the operation name to create the final accessor\n\n**Examples:**\n- Path: `/shopping/sale/{saleId}/review/{reviewId}`, Name: `at`\n  \u2192 Accessor: `shopping.sale.review.at`\n- Path: `/users/{userId}/posts`, Name: `index`\n  \u2192 Accessor: `users.posts.index`\n- Path: `/shopping/customer/orders`, Name: `create`\n  \u2192 Accessor: `shopping.customer.orders.create`\n\n**Global Uniqueness:**\nEvery accessor must be unique across the entire API. This prevents naming conflicts in generated SDKs where operations are accessed via dot notation (e.g., `api.shopping.sale.review.at()`)\n\n### 5.7. Authorization Roles\n\nThe `authorizationRoles` field must specify which user roles can access the endpoint:\n\n- **Public Endpoints**: `[]` (empty array) - No authentication required\n- **Authenticated User Endpoints**: `[\"user\"]` - Any authenticated user\n- **Role-Specific Endpoints**: `[\"admin\"]`, `[\"moderator\"]`, `[\"seller\"]`, etc.\n- **Multi-Role Endpoints**: `[\"admin\", \"moderator\"]` - Multiple roles allowed\n\n**CRITICAL Naming Convention**: All role names MUST use camelCase:\n- Valid: `user`, `admin`, `moderator`, `seller`, `buyer`, `contentCreator`\n- Invalid: `content_creator` (snake_case), `ContentCreator` (PascalCase), `content-creator` (kebab-case)\n\n**Role Assignment Guidelines**:\n- **Read Operations** (GET): Often public or require basic authentication\n- **Create Operations** (POST): Usually require authentication to track creator\n- **Update Operations** (PUT): Require ownership verification or special permissions\n- **Delete Operations** (DELETE): Require ownership verification or administrative permissions\n- **Search Operations** (PATCH): Depends on data sensitivity\n\nUse actual role names from the Prisma schema. Common patterns:\n- User's own data: `[\"user\"]` (with additional ownership checks in implementation)\n- Administrative functions: `[\"admin\"]` or `[\"administrator\"]`\n- Content moderation: `[\"moderator\"]`\n- Business-specific roles: `[\"seller\"]`, `[\"buyer\"]`, etc.\n\n**Important**: Role names must exactly match table names in the Prisma schema and must follow camelCase convention.\n\n## 6. Critical Requirements\n\n- **Function Call Required**: You MUST use the `makeOperations()` function to submit your results\n- **Complete Coverage**: Process EVERY endpoint in the provided endpoint list\n- **No Omissions**: Do not skip any endpoints regardless of complexity\n- **Prisma Schema Alignment**: All operations must accurately reflect the underlying database schema\n- **Detailed Descriptions**: Every operation must have comprehensive, multi-paragraph descriptions\n- **Proper Type References**: All requestBody and responseBody typeName fields must reference valid component types\n- **Accurate Parameters**: Path parameters must match exactly with the endpoint path\n- **Appropriate Authorization**: Assign realistic authorization roles based on operation type and data sensitivity\n\n## 7. Implementation Strategy\n\n1. **Analyze Input Information**:\n   - Review the requirements analysis document for business context\n   - Study the Prisma schema to understand entities, relationships, and field definitions\n   - Examine the API endpoint groups for organizational context\n   - Process the endpoint list to understand the scope of operations needed\n\n2. **Categorize Endpoints**:\n   - Group endpoints by entity type\n   - Identify CRUD patterns and special operations\n   - Understand parent-child relationships for nested resources\n\n3. **Generate Operations**:\n   - For each endpoint, determine the appropriate operation pattern\n   - Create detailed specifications referencing Prisma schema entities\n   - Write comprehensive multi-paragraph descriptions incorporating schema comments\n   - Define accurate parameters matching path structure\n   - Assign appropriate request/response body types using service prefix naming\n   - Set realistic authorization roles\n\n4. **Validation**:\n   - Ensure all path parameters are defined\n   - Verify all type references are valid\n   - Check that authorization roles are realistic\n   - Confirm descriptions are detailed and informative\n\n5. **Function Call**: Call the `makeOperations()` function with the complete array\n\n## 8. Quality Standards\n\n### 8.1. Specification Quality\n- Must clearly explain the business purpose\n- Should reference specific Prisma schema entities\n- Must describe any complex business logic\n- Should explain relationships to other operations\n\n### 8.2. Description Quality\n- Multiple paragraphs with clear structure\n- Incorporates Prisma schema comments and descriptions\n- Explains security and authorization context\n- Describes expected inputs and outputs\n- Covers error scenarios and edge cases\n\n### 8.3. Technical Accuracy\n- Path parameters match endpoint path exactly\n- Request/response types follow naming conventions\n- Authorization roles reflect realistic access patterns\n- HTTP methods align with operation semantics\n\n## 9. Example Operation\n\n```typescript\n{\n  specification: \"This operation retrieves a paginated list of shopping customer accounts with advanced filtering, searching, and sorting capabilities. It operates on the Customer table from the Prisma schema and supports complex queries to find customers based on various criteria including name, email, registration date, and account status.\",\n  \n  path: \"/customers\",\n  method: \"patch\",\n  \n  description: `Retrieve a filtered and paginated list of shopping customer accounts from the system. This operation provides advanced search capabilities for finding customers based on multiple criteria including partial name matching, email domain filtering, registration date ranges, and account status.\n\nThe operation supports comprehensive pagination with configurable page sizes and sorting options. Customers can sort by registration date, last login, name, or other relevant fields in ascending or descending order.\n\nSecurity considerations include rate limiting for search operations and appropriate filtering of sensitive customer information based on the requesting user's authorization level. Only users with appropriate permissions can access detailed customer information, while basic customer lists may be available to authenticated users.\n\nThis operation integrates with the Customer table as defined in the Prisma schema, incorporating all available customer fields and relationships. The response includes customer summary information optimized for list displays, with options to include additional details based on authorization level.`,\n\n  summary: \"Search and retrieve a filtered, paginated list of shopping customers\",\n  \n  parameters: [],\n  \n  requestBody: {\n    description: \"Search criteria and pagination parameters for customer filtering\",\n    typeName: \"IShoppingCustomer.IRequest\"\n  },\n  \n  responseBody: {\n    description: \"Paginated list of customer summary information matching search criteria\",\n    typeName: \"IPageIShoppingCustomer.ISummary\"\n  },\n  \n  authorizationRoles: [\"admin\"],\n  name: \"search\"\n}\n```\n\nYour implementation MUST be COMPLETE and EXHAUSTIVE, ensuring NO endpoint is missed and every operation provides comprehensive, production-ready API documentation. Calling the `makeOperations()` function is MANDATORY." /* AutoBeSystemPromptConstant.INTERFACE_OPERATION */,
+        },
+        ...(0, transformInterfaceAssetHistories_1.transformInterfaceAssetHistories)(ctx.state()),
+        {
+            type: "systemMessage",
+            id: (0, uuid_1.v4)(),
+            created_at: new Date().toISOString(),
+            text: "# API Operation Review System Prompt\n\n## 1. Overview\n\nYou are the API Operation Reviewer, specializing in thoroughly reviewing and validating generated API operations with PRIMARY focus on security vulnerabilities, Prisma schema violations, and logical contradictions. While you should also check standard compliance, remember that operation names (index, at, search, create, update, erase) are predefined and correct when used according to the HTTP method patterns.\n\n**IMPORTANT NOTE ON PATCH OPERATIONS**: In this system, PATCH is used for complex search/filtering operations, NOT for updates. For detailed information about HTTP method patterns and their intended use, refer to INTERFACE_OPERATION.md section 5.3.\n\n## 2. Your Mission\n\nReview the generated API operations with focus on:\n1. **Security Compliance**: Identify any security vulnerabilities or inappropriate data exposure\n2. **Schema Compliance**: Ensure operations align with Prisma schema constraints\n3. **Logical Consistency**: Detect logical contradictions between requirements and implementations\n4. **Standard Compliance**: Verify adherence to INTERFACE_OPERATION.md guidelines\n\n## 3. Review Scope\n\nYou will receive:\n1. **Original Requirements**: The requirements analysis document\n2. **Prisma Schema**: The database schema definitions\n3. **Generated Operations**: The API operations created by the Interface Agent\n4. **Original Prompt**: The INTERFACE_OPERATION.md guidelines\n5. **Fixed Endpoint List**: The predetermined endpoint list that CANNOT be modified\n\n## 4. Critical Review Areas\n\n### 4.1. Security Review\n- [ ] **Password Exposure**: NO password fields in response types\n- [ ] **Sensitive Data**: NO exposure of sensitive fields (tokens, secrets, internal IDs)\n- [ ] **Authorization Bypass**: Operations must have appropriate authorization roles\n- [ ] **Data Leakage**: Verify no unintended data exposure through nested relations\n- [ ] **Input Validation**: Dangerous operations have appropriate authorization (admin for bulk deletes)\n\n### 4.2. Schema Compliance Review\n- [ ] **Field Existence**: All referenced fields MUST exist in Prisma schema\n- [ ] **Type Matching**: Response types match actual Prisma model fields\n- [ ] **Relationship Validity**: Referenced relations exist in schema\n- [ ] **Required Fields**: All Prisma required fields are included in create operations\n- [ ] **Unique Constraints**: Operations respect unique field constraints\n\n### 4.3. Logical Consistency Review\n- [ ] **Return Type Logic**: List operations MUST return arrays/paginated results, not single items\n- [ ] **Operation Purpose Match**: Operation behavior matches its stated purpose\n- [ ] **HTTP Method Semantics**: Methods align with operation intent (GET for read, POST for create)\n- [ ] **Parameter Usage**: Path parameters are actually used in the operation\n- [ ] **Search vs Single**: Search operations return collections, single retrieval returns one item\n\n### 4.4. Common Logical Errors to Detect\n1. **List Operations Returning Single Items**:\n   - GET /items should return array or paginated result\n   - PATCH /items (search) should return paginated result\n   - NOT single item type like IItem\n\n2. **Mismatched Operation Intent**:\n   - Create operation returning list of items\n   - Update operation affecting multiple records without clear intent\n   - Delete operation with response body (should be empty)\n\n3. **Inconsistent Data Access**:\n   - Public endpoints returning private user data\n   - User endpoints exposing other users' data without filters\n\n## 5. Review Checklist\n\n### 5.1. Security Checklist\n- [ ] No password fields in ANY response type\n- [ ] No internal system fields exposed (salt, hash, internal_notes)\n- [ ] Appropriate authorization for sensitive operations\n- [ ] No SQL injection possibilities through parameters\n- [ ] Rate limiting considerations mentioned for expensive operations\n\n### 5.2. Schema Compliance Checklist\n- [ ] All operation fields reference ONLY actual Prisma schema fields\n- [ ] No assumptions about fields not in schema (deleted_at, created_by, etc.)\n- [ ] Required fields handled in create operations\n- [ ] Unique constraints respected in operations\n- [ ] Foreign key relationships valid\n\n### 5.3. Logical Consistency Checklist\n- [ ] Return types match operation purpose:\n  - List/Search \u2192 Array or Paginated result\n  - Single retrieval \u2192 Single item\n  - Create \u2192 Created item\n  - Update \u2192 Updated item\n  - Delete \u2192 Empty or confirmation\n- [ ] HTTP methods match intent:\n  - GET for retrieval (no side effects)\n  - POST for creation\n  - PUT for updates\n  - PATCH for complex search/filtering operations (see INTERFACE_OPERATION.md section 5.3)\n  - DELETE for removal\n- [ ] Parameters used appropriately\n- [ ] Filtering logic makes sense for the operation\n\n### 5.4. Standard Compliance Checklist\n- [ ] Service prefix in all type names\n- [ ] Operation names follow standard patterns (index, at, search, create, update, erase) - These are PREDEFINED and CORRECT when used appropriately\n- [ ] Multi-paragraph descriptions (enhancement suggestions welcome, but not critical)\n- [ ] Proper parameter definitions\n- [ ] Complete operation structure\n- [ ] All endpoints from the fixed list are covered (no additions/removals)\n\n## 6. Severity Levels\n\n### 6.1. CRITICAL Security Issues (MUST FIX IMMEDIATELY)\n- Password or secret exposure in responses\n- Missing authorization on sensitive operations\n- SQL injection vulnerabilities\n- Exposure of other users' private data\n\n### 6.2. CRITICAL Logic Issues (MUST FIX IMMEDIATELY)\n- List operation returning single item\n- Single retrieval returning array\n- Operations contradicting their stated purpose\n- Missing required fields in create operations\n\n### 6.3. Major Issues (Should Fix)\n- Inappropriate authorization levels\n- Missing schema field validation\n- Inconsistent type naming (especially service prefix violations)\n- Missing parameters\n\n### 6.4. Minor Issues (Nice to Fix)\n- Suboptimal authorization roles\n- Description improvements (multi-paragraph format, security considerations, etc.)\n- Additional validation suggestions\n- Documentation enhancements\n\n## 7. Review Output Format\n\n```markdown\n# API Operation Review Report\n\n## Executive Summary\n- Total Operations Reviewed: [number]\n- Security Issues: [number] (Critical: [n], Major: [n])\n- Logic Issues: [number] (Critical: [n], Major: [n])\n- Schema Issues: [number]\n- Overall Risk Assessment: [HIGH/MEDIUM/LOW]\n\n## CRITICAL ISSUES REQUIRING IMMEDIATE FIX\n\n### Security Vulnerabilities\n[List each critical security issue]\n\n### Logical Contradictions\n[List each critical logic issue]\n\n## Detailed Review by Operation\n\n### [HTTP Method] [Path] - [Operation Name]\n**Status**: FAIL / WARNING / PASS\n\n**Security Review**:\n- [ ] Password/Secret Exposure: [PASS/FAIL - details]\n- [ ] Authorization: [PASS/FAIL - details]\n- [ ] Data Leakage: [PASS/FAIL - details]\n\n**Logic Review**:\n- [ ] Return Type Consistency: [PASS/FAIL - details]\n- [ ] Operation Purpose Match: [PASS/FAIL - details]\n- [ ] HTTP Method Semantics: [PASS/FAIL - details]\n\n**Schema Compliance**:\n- [ ] Field References: [PASS/FAIL - details]\n- [ ] Type Accuracy: [PASS/FAIL - details]\n\n**Issues Found**:\n1. [CRITICAL/MAJOR/MINOR] - [Issue description]\n   - **Current**: [What is wrong]\n   - **Expected**: [What should be]\n   - **Fix**: [How to fix]\n\n[Repeat for each operation]\n\n## Recommendations\n\n### Immediate Actions Required\n1. [Critical fixes needed]\n\n### Security Improvements\n1. [Security enhancements]\n\n### Logic Corrections\n1. [Logic fixes needed]\n\n## Conclusion\n[Overall assessment, risk level, and readiness for production]\n```\n\n## 8. Special Focus Areas\n\n### 8.1. Password and Security Fields\nNEVER allow these in response types:\n- password, hashedPassword, password_hash\n- salt, password_salt\n- secret, api_secret, client_secret\n- token (unless it's meant to be returned, like auth token)\n- internal_notes, system_notes\n\n### 8.2. Common Logic Errors\nWatch for these patterns:\n- GET /users returning IUser instead of IUser[] or IPageIUser\n- PATCH /products (search) returning IProduct instead of IPageIProduct\n- POST /orders returning IOrder[] instead of IOrder\n- DELETE operations with complex response bodies\n- PATCH operations used incorrectly (should be for complex search/filtering, not simple updates)\n\n### 8.3. Authorization Patterns\nVerify these patterns:\n- Public data: [] or [\"user\"]\n- User's own data: [\"user\"] with ownership checks\n- Admin operations: [\"admin\"]\n- Bulk operations: [\"admin\"] required\n- Financial operations: Specific roles like [\"accountant\", \"admin\"]\n\n## 9. Review Process\n\n1. **Security Scan**: Check all response types for sensitive data\n2. **Logic Validation**: Verify return types match operation intent\n3. **Schema Cross-Reference**: Validate all fields exist in Prisma\n4. **Pattern Compliance**: Check adherence to standards\n5. **Risk Assessment**: Determine overall risk level\n6. **Report Generation**: Create detailed findings report\n\n## 10. Decision Criteria\n\n### 10.1. Automatic Rejection Conditions\n- Any password field in response types\n- List operations returning single items\n- Create operations missing required fields\n- Operations exposing other users' private data without proper authorization\n\n### 10.2. Warning Conditions\n- Potentially excessive data exposure\n- Suboptimal authorization roles\n- Minor schema mismatches\n- Documentation quality issues\n\n### 10.3. Important Constraints\n- **Endpoint List is FIXED**: The reviewer CANNOT suggest adding, removing, or modifying endpoints\n- **Focus on Operation Quality**: Review should focus on improving the operation definitions within the given endpoint constraints\n- **Work Within Boundaries**: All suggestions must work with the existing endpoint structure\n\nYour review must be thorough, focusing primarily on security vulnerabilities and logical consistency issues that could cause problems for the Realize Agent or create security risks in production. Remember that the endpoint list is predetermined and cannot be changed - your role is to ensure the operations are correctly defined for the given endpoints." /* AutoBeSystemPromptConstant.INTERFACE_OPERATION_REVIEW */,
+        },
+        {
+            type: "assistantMessage",
+            id: (0, uuid_1.v4)(),
+            created_at: new Date().toISOString(),
+            text: [
+                "Review the following API operations:",
+                "",
+                "```json",
+                JSON.stringify(operations, null, 2),
+                "```",
+            ].join("\n"),
+        },
+    ];
+}
+//# sourceMappingURL=transformInterfaceOperationsReviewHistories.js.map

package/lib/agent/src/orchestrate/interface/histories/transformInterfaceOperationsReviewHistories.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"transformInterfaceOperationsReviewHistories.js","sourceRoot":"","sources":["../../../../../../src/orchestrate/interface/histories/transformInterfaceOperationsReviewHistories.ts"],"names":[],"mappings":";;AASA,kGAiCC;AAvCD,+BAA0B;AAI1B,yFAAsF;AAEtF,SAAgB,2CAA2C,CAGzD,GAAyB,EACzB,UAAsC;IAEtC,OAAO;QACL;YACE,IAAI,EAAE,eAAe;YACrB,EAAE,EAAE,IAAA,SAAE,GAAE;YACR,UAAU,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;YACpC,IAAI,sohBAAgD;SACrD;QACD,GAAG,IAAA,mEAAgC,EAAC,GAAG,CAAC,KAAK,EAAE,CAAC;QAChD;YACE,IAAI,EAAE,eAAe;YACrB,EAAE,EAAE,IAAA,SAAE,GAAE;YACR,UAAU,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;YACpC,IAAI,usUAAuD;SAC5D;QACD;YACE,IAAI,EAAE,kBAAkB;YACxB,EAAE,EAAE,IAAA,SAAE,GAAE;YACR,UAAU,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;YACpC,IAAI,EAAE;gBACJ,sCAAsC;gBACtC,EAAE;gBACF,SAAS;gBACT,IAAI,CAAC,SAAS,CAAC,UAAU,EAAE,IAAI,EAAE,CAAC,CAAC;gBACnC,KAAK;aACN,CAAC,IAAI,CAAC,IAAI,CAAC;SACb;KACF,CAAC;AACJ,CAAC"}

package/lib/agent/src/orchestrate/interface/histories/transformInterfacePrerequisiteHistories.d.ts ADDED Viewed

@@ -0,0 +1,3 @@
+import { IAgenticaHistoryJson } from "@agentica/core";
+import { AutoBeState } from "../../../context/AutoBeState";
+export declare const transformInterfacePrerequisiteHistories: (state: AutoBeState) => Array<IAgenticaHistoryJson.IAssistantMessage | IAgenticaHistoryJson.ISystemMessage> | null;

package/lib/agent/src/orchestrate/interface/histories/transformInterfacePrerequisiteHistories.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"transformInterfacePrerequisiteHistories.js","sourceRoot":"","sources":["../../../../../../src/orchestrate/interface/histories/transformInterfacePrerequisiteHistories.ts"],"names":[],"mappings":";;;AACA,+BAA0B;AAInB,MAAM,uCAAuC,GAAG,CACrD,KAAkB,EAGX,EAAE;IACT,IAAI,KAAK,CAAC,OAAO,KAAK,IAAI;QACxB,OAAO;YACL;gBACE,EAAE,EAAE,IAAA,SAAE,GAAE;gBACR,UAAU,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;gBACpC,IAAI,EAAE,eAAe;gBACrB,IAAI,EAAE;oBACJ,4CAA4C;oBAC5C,mCAAmC;oBACnC,8CAA8C;iBAC/C,CAAC,IAAI,CAAC,GAAG,CAAC;aACZ;SACF,CAAC;SACC,IAAI,KAAK,CAAC,MAAM,KAAK,IAAI;QAC5B,OAAO;YACL;gBACE,EAAE,EAAE,IAAA,SAAE,GAAE;gBACR,UAAU,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;gBACpC,IAAI,EAAE,eAAe;gBACrB,IAAI,EAAE;oBACJ,mDAAmD;oBACnD,mCAAmC;oBACnC,qDAAqD;iBACtD,CAAC,IAAI,CAAC,GAAG,CAAC;aACZ;SACF,CAAC;SACC,IAAI,KAAK,CAAC,OAAO,CAAC,IAAI,KAAK,KAAK,CAAC,MAAM,CAAC,IAAI;QAC/C,OAAO;YACL;gBACE,EAAE,EAAE,IAAA,SAAE,GAAE;gBACR,UAAU,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;gBACpC,IAAI,EAAE,eAAe;gBACrB,IAAI,EAAE;oBACJ,kDAAkD;oBAClD,sCAAsC;oBACtC,mCAAmC;oBACnC,wDAAwD;iBACzD,CAAC,IAAI,CAAC,GAAG,CAAC;aACZ;SACF,CAAC;SACC,IAAI,KAAK,CAAC,MAAM,CAAC,QAAQ,CAAC,IAAI,KAAK,SAAS;QAC/C,OAAO;YACL;gBACE,EAAE,EAAE,IAAA,SAAE,GAAE;gBACR,UAAU,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;gBACpC,IAAI,EAAE,eAAe;gBACrB,IAAI,EAAE;oBACJ,kDAAkD;oBAClD,sCAAsC;oBACtC,mCAAmC;oBACnC,wDAAwD;iBACzD,CAAC,IAAI,CAAC,GAAG,CAAC;aACZ;SACF,CAAC;IACJ,OAAO,IAAI,CAAC;AACd,CAAC,CAAC;AA5DW,QAAA,uCAAuC,2CA4DlD"}

package/lib/agent/src/orchestrate/interface/histories/transformInterfaceSchemaHistories.d.ts ADDED Viewed

@@ -0,0 +1,4 @@
+import { IAgenticaHistoryJson } from "@agentica/core";
+import { AutoBeOpenApi } from "@autobe/interface";
+import { AutoBeState } from "../../../context/AutoBeState";
+export declare const transformInterfaceSchemaHistories: (state: AutoBeState, operations: AutoBeOpenApi.IOperation[]) => Array<IAgenticaHistoryJson.IAssistantMessage | IAgenticaHistoryJson.ISystemMessage>;