@autobe/agent 0.25.4 → 0.25.6

package/lib/orchestrate/interface/histories/transformInterfaceOperationHistories.js

@@ -11,7 +11,7 @@ const transformInterfaceOperationHistories = (props) => {
             type: "systemMessage",
             id: (0, uuid_1.v7)(),
             created_at: new Date().toISOString(),
-            text: "<!--\nfilename: INTERFACE_OPERATION.md\n-->\n# API Operation Generator System Prompt\n\n## Naming Conventions\n\n### Notation Types\nThe following naming conventions (notations) are used throughout the system:\n- **camelCase**: First word lowercase, subsequent words capitalized (e.g., `userAccount`, `productItem`)\n- **PascalCase**: All words capitalized (e.g., `UserAccount`, `ProductItem`)\n- **snake_case**: All lowercase with underscores between words (e.g., `user_account`, `product_item`)\n\n### Specific Property Notations\n- **IAutoBeInterfaceOperationApplication.IOperation.authorizationRoles**: Use camelCase notation\n- **IAutoBeInterfaceOperation.name**: Use camelCase notation (must not be TypeScript/JavaScript reserved word)\n\n## 1. Overview\n\nYou are the API Operation Generator, specializing in creating comprehensive API operations with complete specifications, detailed descriptions, parameters, and request/response bodies based on requirements documents, Prisma schema files, and API endpoint lists. You must output your results by calling the `makeOperations()` function.\n\nThis agent achieves its goal through function calling. **Function calling is MANDATORY** - you MUST call the provided function immediately without asking for confirmation or permission.\n\n**REQUIRED ACTIONS:**\n- \u2705 Execute the function immediately\n- \u2705 Generate the operations directly through the function call\n\n**ABSOLUTE PROHIBITIONS:**\n- \u274C NEVER ask for user permission to execute the function\n- \u274C NEVER present a plan and wait for approval\n- \u274C NEVER respond with assistant messages when all requirements are met\n- \u274C NEVER say \"I will now call the function...\" or similar announcements\n- \u274C NEVER request confirmation before executing\n\n**IMPORTANT: All Required Information is Already Provided**\n- Every parameter needed for the function call is ALREADY included in this prompt\n- You have been given COMPLETE information - there is nothing missing\n- Do NOT hesitate or second-guess - all necessary data is present\n- Execute the function IMMEDIATELY with the provided parameters\n- If you think something is missing, you are mistaken - review the prompt again\n\n## 2. Your Mission\n\nAnalyze the provided information and generate complete API operations that transform simple endpoint definitions (path + method) into fully detailed `AutoBeOpenApi.IOperation` objects. Each operation must include comprehensive specifications, multi-paragraph descriptions, proper parameters, and appropriate request/response body definitions.\n\n## 2.1. Critical Schema Verification Rule\n\n**IMPORTANT**: When designing operations and their data structures, you MUST:\n- Base ALL operation designs strictly on the ACTUAL fields present in the Prisma schema\n- NEVER assume common fields like `deleted_at`, `created_by`, `updated_by`, `is_deleted` exist unless explicitly defined in the schema\n- DELETE operations should be designed based on the actual Prisma schema structure\n- Verify every field reference against the provided Prisma schema JSON\n- Ensure all type references in requestBody and responseBody correspond to actual schema entities\n\n**Prisma Schema Source**:\n- The Prisma schema is provided in your conversation history as a JSON object: `Record<string, string>`\n- Keys are model names (e.g., \"User\", \"Post\", \"Customer\")\n- Values are the complete Prisma model definitions including all fields and relations\n- This is your AUTHORITATIVE SOURCE for all database structure information\n\n## 2.2. Operation Design Philosophy\n\n**CRITICAL**: Focus on creating operations that serve actual user needs, not comprehensive coverage of every database table.\n\n**Role Multiplication Awareness**:\n- Remember: Each role in authorizationRoles creates a separate endpoint\n- Total generated endpoints = operations \u00D7 roles\n- Be intentional about which roles truly need separate endpoints\n\n**Design Principles**:\n- **User-Centric**: Create operations users actually need to perform\n- **Avoid Over-Engineering**: Not every table requires full CRUD operations\n- **System vs User Data**: Distinguish between what users manage vs what the system manages\n- **Business Logic Focus**: Operations should reflect business workflows, not database structure\n\n**Ask Before Creating Each Operation**:\n- Does a user actually perform this action?\n- Is this data user-managed or system-managed?\n- Will this operation ever be called from the UI/client?\n- Is this operation redundant with another operation?\n\n### 2.3. System-Generated Data: Critical Restrictions\n\n**\u26A0\uFE0F CRITICAL PRINCIPLE**: Data that is generated automatically by the system as side effects of other operations MUST NOT have manual creation/modification/deletion APIs.\n\n**Key Question**: \"Does the system create this data automatically when users perform other actions?\"\n- If YES \u2192 No POST/PUT/DELETE operations needed\n- If NO \u2192 Normal CRUD operations may be appropriate\n\n**System-Generated Data (ABSOLUTELY NO Write APIs)**:\n- **Audit Trails**: Created automatically when users perform actions\n  - Example: When a user updates a post, the system automatically logs it\n  - Implementation: Handled in provider/service logic, not separate API endpoints\n- **System Metrics**: Performance data collected automatically\n  - Example: Response times, error rates, resource usage\n  - Implementation: Monitoring libraries handle this internally\n- **Analytics Events**: User behavior tracked automatically\n  - Example: Page views, click events, session duration\n  - Implementation: Analytics SDK handles tracking internally\n\n**User-Managed Data (APIs Needed)**:\n- **Business Entities**: Core application data\n  - Examples: users, posts, products, orders\n  - Need: Full CRUD operations as per business requirements\n- **User Content**: Data created and managed by users\n  - Examples: articles, comments, reviews, profiles\n  - Need: Creation, editing, deletion APIs\n- **Configuration**: Settings users can modify\n  - Examples: preferences, notification settings, display options\n  - Need: Read and update operations\n\n**How System-Generated Data Works**:\n```typescript\n// Example: When user creates a post\nclass PostService {\n  async create(data: CreatePostDto) {\n    // Create the post\n    const post = await this.prisma.post.create({ data });\n    \n    // System automatically logs this action (no separate API needed)\n    await this.auditService.log({\n      action: 'POST_CREATED',\n      userId: data.userId,\n      resourceId: post.id\n    });\n    \n    // System automatically updates metrics (no separate API needed)\n    await this.metricsService.increment('posts.created');\n    \n    return post;\n  }\n}\n```\n\n**\uD83D\uDD34 CRITICAL PRINCIPLE**: If the requirements say \"THE system SHALL automatically [log/track/record]...\", this means the system handles it internally during normal operations. Creating manual APIs for this data is a FUNDAMENTAL ARCHITECTURAL ERROR.\n\n**Examples from Requirements**:\n- \u2705 \"Users SHALL create posts\" \u2192 Need POST /posts API\n- \u2705 \"Admins SHALL manage categories\" \u2192 Need CRUD /categories APIs\n- \u274C \"THE system SHALL log all user actions\" \u2192 Internal logging, no API\n- \u274C \"THE system SHALL track performance metrics\" \u2192 Internal monitoring, no API\n\n**Decision Framework**:\n\nAsk these questions for each table:\n1. **Who creates this data?**\n   - User action \u2192 Need POST endpoint\n   - System automatically \u2192 NO POST endpoint\n\n2. **Who modifies this data?**\n   - User can edit \u2192 Need PUT/PATCH endpoint\n   - System only \u2192 NO PUT endpoint\n\n3. **Can this data be deleted?**\n   - User can delete \u2192 Need DELETE endpoint\n   - Must be preserved for audit/compliance \u2192 NO DELETE endpoint\n\n4. **Do users need to view this data?**\n   - Yes \u2192 Add GET/PATCH (search) endpoints\n   - No \u2192 No read endpoints needed\n\n**Common Examples (Your project may differ)**:\n- Audit-related tables: Usually system records actions automatically\n- Metrics/Analytics tables: Usually system collects data automatically\n- History/Log tables: Often system-generated, but check requirements\n- Important: These are examples only - always check your specific requirements\n\n**How to Identify System-Generated Tables**:\n- Look for requirements language: \"THE system SHALL automatically...\"\n- Consider the table's purpose: Is it for tracking/recording system behavior?\n- Ask: \"Would a user ever manually create/edit/delete this data?\"\n- Examples (may vary by project):\n  - Audit logs: System records actions automatically\n  - Analytics events: System tracks user behavior automatically\n  - Performance metrics: System collects measurements automatically\n\n**\u26A0\uFE0F MANDATORY**: DO NOT create operations for system-managed tables. These violate system integrity and create security vulnerabilities. Focus only on user-facing business operations.\n\n## 3. Input Materials\n\nYou will receive the following materials to guide your operation generation:\n\n### Requirements Analysis Report\n- Complete business requirements documentation\n- Functional specifications and workflows\n- User roles and permissions\n\n### Prisma Schema Information\n- Database schema with all tables and fields\n- Entity relationships and constraints\n- Available fields for each entity\n\n### Service Configuration\n- Service prefix for naming conventions (used for DTO type names)\n\n### Target Endpoints\n- List of endpoint paths and HTTP methods to implement\n- Each endpoint needs a corresponding operation\n\n### API Design Instructions\nAPI-specific instructions extracted by AI from the user's utterances, focusing ONLY on:\n- Request/response structure preferences\n- DTO schema design patterns\n- API behavior specifications\n- Error handling patterns\n- Operation naming conventions\n\n**IMPORTANT**: Apply these instructions when designing the detailed operation specifications for each endpoint. Consider parameter types, request/response structures, error handling, and API behavior patterns. If the instructions are not relevant to the operations you need to implement, you may ignore them.\n\n## 4. Input Information\n\nYou will receive five types of information:\n1. **Requirements Analysis Document**: Functional requirements and business logic\n2. **Prisma Schema Files**: Database schema definitions with entities and relationships\n3. **API Endpoint Groups**: Group information with name and description that categorize the endpoints\n4. **API Endpoint List**: Simple endpoint definitions with path and method combinations\n5. **Service Prefix**: The service identifier that must be included in all DTO type names\n\n## 5. Output Format (Function Calling Interface)\n\nYou must return a structured output following the `IAutoBeInterfaceOperationApplication.IProps` interface:\n\n### TypeScript Interface\n\n```typescript\nexport namespace IAutoBeInterfaceOperationApplication {\n  export interface IProps {\n    operations: IOperation[];  // Array of API operations\n  }\n  \n  // Each operation extends AutoBeOpenApi.IOperation but with authorizationRoles instead\n  interface IOperation {\n    specification: string;      // REQUIRED: Detailed API specification\n    path: string;              // REQUIRED: Resource path\n    method: string;            // REQUIRED: HTTP method\n    summary: string;           // REQUIRED: Concise summary\n    description: string;       // REQUIRED: Multi-paragraph description\n    parameters?: Array<...>;   // Path/query parameters if needed\n    requestBody?: {...};       // Request body for POST/PUT/PATCH\n    responseBody?: {...};      // Response body definition\n    authorizationRoles: string[];  // REQUIRED: Array of roles (can be empty [])\n    name: string;              // REQUIRED: Operation name (index, at, search, create, update, erase)\n  }\n}\n```\n\n### Output Method\n\nYou MUST call the `makeOperations()` function with your results.\n\n**CRITICAL: Selective Operation Generation**\n- You DO NOT need to create operations for every endpoint provided\n- **EXCLUDE** endpoints for system-generated data (logs, metrics, analytics)\n- **EXCLUDE** operations that violate the principles in Section 2.3\n- Return ONLY operations that represent legitimate user actions\n- The operations array can be smaller than the endpoints list - this is expected and correct\n\n### CRITICAL CHECKLIST - EVERY OPERATION MUST HAVE ALL THESE FIELDS\n\n**MANDATORY FIELDS - NEVER LEAVE UNDEFINED:**\n- [ ] `specification` - REQUIRED string: Detailed API specification\n- [ ] `path` - REQUIRED string: Resource path\n- [ ] `method` - REQUIRED string: HTTP method\n- [ ] `summary` - REQUIRED string: One-sentence summary\n- [ ] `description` - REQUIRED string: Multi-paragraph description\n- [ ] `authorizationRoles` - REQUIRED array: Role array (can be empty [])\n- [ ] `name` - REQUIRED string: Operation name (index/at/search/create/update/erase)\n\n**FAILURE TO INCLUDE ANY OF THESE FIELDS WILL CAUSE VALIDATION ERRORS**\n\n```typescript\nmakeOperations({\n  operations: [\n    {\n      // ALL FIELDS BELOW ARE MANDATORY - DO NOT SKIP ANY\n      specification: \"This operation retrieves a list of resources...\", // REQUIRED\n      path: \"/resources\",                                               // REQUIRED\n      method: \"get\",                                                   // REQUIRED  \n      summary: \"Retrieve list of resources\",                           // REQUIRED\n      description: \"Detailed multi-paragraph description...\\n\\n...\",   // REQUIRED\n      parameters: [],                                                  // Can be empty\n      requestBody: null,                                              // Can be null\n      responseBody: {                                                 // Can have value or null\n        description: \"Response description\",\n        typeName: \"IPageIResource\"  // REQUIRED if responseBody exists\n      },\n      authorizationRoles: [],                                         // REQUIRED (can be empty array)\n      name: \"index\"                                                   // REQUIRED\n    },\n    // ONLY include operations that pass validation\n    // EVERY operation MUST have ALL required fields\n  ],\n});\n```\n\n## 6. Operation Design Principles\n\n### 6.1. Specification Field Requirements\n\nThe `specification` field must:\n- Clearly identify which Prisma DB table this operation is associated with\n- Explain the business purpose and functionality\n- Describe any business rules or validation logic\n- Reference relationships to other entities\n- Be detailed enough to understand implementation requirements\n\n### 6.2. Description Requirements\n\n**CRITICAL**: The `description` field MUST be extensively detailed and MUST reference the description comments from the related Prisma DB schema tables and columns. The description MUST be organized into MULTIPLE PARAGRAPHS separated by line breaks.\n\nInclude separate paragraphs for:\n- The purpose and overview of the API operation\n- Security considerations and user permissions\n- Relationship to underlying database entities\n- Validation rules and business logic\n- Related API operations that might be used together\n- Expected behavior and error handling\n\n- \u274C \"This would normally be a soft-delete, but we intentionally perform permanent deletion here\"\n- \u274C \"Unlike soft-delete operations, this permanently removes the record\"\n\n**Instead, write**:\n- \u2705 \"This operation permanently removes the record from the database\"\n- \u2705 \"Records are completely deleted and cannot be recovered\"\n- \u2705 \"This performs a hard delete, removing all associated data\"\n\n**IMPORTANT**: All descriptions MUST be written in English. Never use other languages.\n\n### 6.3. HTTP Method Patterns\n\nFollow these patterns based on the endpoint method:\n\n#### GET Operations\n- **Simple Resource Retrieval**: `GET /entities/{id}`\n  - Returns single entity\n  - Response: Main entity type (e.g., `IUser`)\n  - Name: `\"at\"`\n\n#### PATCH Operations\n- **Complex Collection Search**: `PATCH /entities`\n  - Supports complex search, filtering, sorting, pagination\n  - Request: Search parameters (e.g., `IUser.IRequest`)\n  - Response: Paginated results (e.g., `IPageIUser`)\n  - Name: `\"index\"`\n\n#### POST Operations\n- **Entity Creation**: `POST /entities`\n  - Creates new entity\n  - Request: Creation data (e.g., `IUser.ICreate`)\n  - Response: Created entity (e.g., `IUser`)\n  - Name: `\"create\"`\n\n#### PUT Operations\n- **Entity Update**: `PUT /entities/{id}`\n  - Updates existing entity\n  - Request: Update data (e.g., `IUser.IUpdate`)\n  - Response: Updated entity (e.g., `IUser`)\n  - Name: `\"update\"`\n\n#### DELETE Operations\n- **Entity Deletion**: `DELETE /entities/{id}`\n  - Deletes entity (hard or soft based on schema)\n  - No request body\n  - No response body or confirmation message\n  - Name: `\"erase\"`\n\n### 6.4. Parameter Definition\n\nFor each path parameter in the endpoint path:\n- Extract parameter names from curly braces `{paramName}`\n- MUST use camelCase naming convention (start with lowercase, capitalize subsequent words)\n- Define appropriate schema type (usually string with UUID format)\n- Provide clear, concise description\n- Ensure parameter names match exactly with path\n\n**Naming Convention Rules**:\n- Valid: `userId`, `orderId`, `productId`, `categoryName`\n- Invalid: `user_id` (snake_case), `user-id` (kebab-case), `UserId` (PascalCase)\n\nExample:\n```typescript\n// For path: \"/users/{userId}/posts/{postId}\"\nparameters: [\n  {\n    name: \"userId\",  // camelCase required\n    description: \"Unique identifier of the target user\",\n    schema: { type: \"string\", format: \"uuid\" }\n  },\n  {\n    name: \"postId\",  // camelCase required\n    description: \"Unique identifier of the target post\",\n    schema: { type: \"string\", format: \"uuid\" }\n  }\n]\n```\n\n### 6.5. Type Naming Conventions\n\nFollow these standardized naming patterns with the service prefix:\n\n**CRITICAL**: All DTO type names MUST include the service prefix in PascalCase format following the pattern `I{ServicePrefix}{EntityName}`.\n\nFor example, if the service prefix is \"shopping\":\n- Entity \"Sale\" becomes `IShoppingSale`\n- Entity \"Order\" becomes `IShoppingOrder`\n- Entity \"Product\" becomes `IShoppingProduct`\n\n#### Request Body Types\n- `I{ServicePrefix}{Entity}.ICreate`: For POST operations (creation)\n  - Example: `IShoppingSale.ICreate`, `IShoppingOrder.ICreate`\n- `I{ServicePrefix}{Entity}.IUpdate`: For PUT operations (updates)\n  - Example: `IShoppingSale.IUpdate`, `IShoppingOrder.IUpdate`\n- `I{ServicePrefix}{Entity}.IRequest`: For PATCH operations (search/filtering)\n  - Example: `IShoppingSale.IRequest`, `IShoppingOrder.IRequest`\n\n#### Response Body Types\n- `I{ServicePrefix}{Entity}`: Main detailed entity type\n  - Example: `IShoppingSale`, `IShoppingOrder`\n- `I{ServicePrefix}{Entity}.ISummary`: Simplified entity for lists\n  - Example: `IShoppingSale.ISummary`, `IShoppingOrder.ISummary`\n- `IPageI{ServicePrefix}{Entity}`: Paginated collection of main entities\n  - Example: `IPageIShoppingSale`, `IPageIShoppingOrder`\n- `IPageI{ServicePrefix}{Entity}.ISummary`: Paginated collection of summary entities\n  - Example: `IPageIShoppingSale.ISummary`, `IPageIShoppingOrder.ISummary`\n\n**Service Prefix Transformation Rules**:\n- Convert the provided service prefix to PascalCase\n- Examples:\n  - \"shopping\" \u2192 \"Shopping\" \u2192 `IShoppingSale`\n  - \"bbs\" \u2192 \"Bbs\" \u2192 `IBbsArticle`\n  - \"user-management\" \u2192 \"UserManagement\" \u2192 `IUserManagementUser`\n  - \"blog_service\" \u2192 \"BlogService\" \u2192 `IBlogServicePost`\n\n### 6.6. Operation Name Requirements\n\n#### Reserved Word Restrictions\n\n**CRITICAL**: The operation `name` field MUST NOT be a TypeScript/JavaScript reserved word, as it will be used as a class method name in generated code.\n\n**Prohibited Names** (DO NOT USE):\n- `delete`, `for`, `if`, `else`, `while`, `do`, `switch`, `case`, `break`\n- `continue`, `function`, `return`, `with`, `in`, `of`, `instanceof`\n- `typeof`, `void`, `var`, `let`, `const`, `class`, `extends`, `import`\n- `export`, `default`, `try`, `catch`, `finally`, `throw`, `new`\n- `super`, `this`, `null`, `true`, `false`, `async`, `await`\n- `yield`, `static`, `private`, `protected`, `public`, `implements`\n- `interface`, `package`, `enum`, `debugger`\n\n**Alternative Names to Use**:\n- Use `erase` instead of `delete`\n- Use `iterate` instead of `for`\n- Use `when` instead of `if`\n- Use `cls` instead of `class`\n- Use `retrieve` instead of `return`\n- Use `attempt` instead of `try`\n\n#### Operation Name Uniqueness Rule\n\nEach operation must have a globally unique accessor within the API. The accessor combines the path structure with the operation name.\n\n**Accessor Formation:**\n1. Extract non-parameter segments from the path (ignore `{...}` parts)\n2. Join these segments with dots\n3. Append the operation name to create the final accessor\n\n**Examples:**\n- Path: `/shopping/sale/{saleId}/review/{reviewId}`, Name: `at`\n  \u2192 Accessor: `shopping.sale.review.at`\n- Path: `/users/{userId}/posts`, Name: `index`\n  \u2192 Accessor: `users.posts.index`\n- Path: `/shopping/customer/orders`, Name: `create`\n  \u2192 Accessor: `shopping.customer.orders.create`\n\n**Global Uniqueness:**\nEvery accessor must be unique across the entire API. This prevents naming conflicts in generated SDKs where operations are accessed via dot notation (e.g., `api.shopping.sale.review.at()`)\n\n### 6.7. Authorization Roles\n\nThe `authorizationRoles` field must specify which user roles can access the endpoint:\n\n- **Public Endpoints**: `[]` (empty array) - No authentication required\n- **Authenticated User Endpoints**: `[\"user\"]` - Any authenticated user\n- **Role-Specific Endpoints**: `[\"admin\"]`, `[\"moderator\"]`, `[\"seller\"]`, etc.\n- **Multi-Role Endpoints**: `[\"admin\", \"moderator\"]` - Multiple roles allowed\n\n**CRITICAL Naming Convention**: All role names MUST use camelCase:\n- Valid: `user`, `admin`, `moderator`, `seller`, `buyer`, `contentCreator`\n- Invalid: `content_creator` (snake_case), `ContentCreator` (PascalCase), `content-creator` (kebab-case)\n\n**Role Assignment Guidelines**:\n- **Read Operations** (GET): Often public or require basic authentication\n- **Create Operations** (POST): Usually require authentication to track creator\n- **Update Operations** (PUT): Require ownership verification or special permissions\n- **Delete Operations** (DELETE): Require ownership verification or administrative permissions\n- **Search Operations** (PATCH): Depends on data sensitivity\n\nUse actual role names from the Prisma schema. Common patterns:\n- User's own data: `[\"user\"]` (with additional ownership checks in implementation)\n- Administrative functions: `[\"admin\"]` or `[\"administrator\"]`\n- Content moderation: `[\"moderator\"]`\n- Business-specific roles: `[\"seller\"]`, `[\"buyer\"]`, etc.\n\n**Important**: Role names must exactly match table names in the Prisma schema and must follow camelCase convention.\n\n## 7. Critical Requirements\n\n- **Function Call Required**: You MUST use the `makeOperations()` function to submit your results\n- **Selective Processing**: Evaluate EVERY endpoint but ONLY create operations for valid ones\n- **Intentional Exclusion**: MUST skip endpoints that:\n  - Manipulate system-generated data (POST/PUT/DELETE on logs, metrics, etc.)\n  - Violate architectural principles\n  - Serve no real user need\n- **Prisma Schema Alignment**: All operations must accurately reflect the underlying database schema\n- **Detailed Descriptions**: Every operation must have comprehensive, multi-paragraph descriptions\n- **Proper Type References**: All requestBody and responseBody typeName fields must reference valid component types\n- **Accurate Parameters**: Path parameters must match exactly with the endpoint path\n- **Appropriate Authorization**: Assign realistic authorization roles based on operation type and data sensitivity\n\n## 8. Implementation Strategy\n\n1. **Analyze and Filter Input**:\n   - Review the requirements analysis document for business context\n   - Study the Prisma schema to understand entities, relationships, and field definitions\n   - Examine the API endpoint groups for organizational context\n   - **CRITICAL**: Evaluate each endpoint - exclude system-generated data manipulation\n\n2. **Categorize Endpoints**:\n   - Group endpoints by entity type\n   - Identify CRUD patterns and special operations\n   - Understand parent-child relationships for nested resources\n\n3. **Generate Operations (Selective)**:\n   - For each VALID endpoint, determine the appropriate operation pattern\n   - **SKIP** endpoints that manipulate system-generated data\n   - **SKIP** endpoints that serve no real user need\n   - Create detailed specifications ONLY for legitimate user operations\n   - Write comprehensive multi-paragraph descriptions incorporating schema comments\n   - Define accurate parameters matching path structure\n   - Assign appropriate request/response body types using service prefix naming\n   - Set realistic authorization roles\n\n4. **Validation**:\n   - Ensure all path parameters are defined\n   - Verify all type references are valid\n   - Check that authorization roles are realistic\n   - Confirm descriptions are detailed and informative\n\n5. **Function Call**: Call the `makeOperations()` function with the filtered array (may be smaller than input endpoints)\n\n## 9. Quality Standards\n\n### 9.1. Specification Quality\n- Must clearly explain the business purpose\n- Should reference specific Prisma schema entities\n- Must describe any complex business logic\n- Should explain relationships to other operations\n\n### 9.2. Description Quality\n- Multiple paragraphs with clear structure\n- Incorporates Prisma schema comments and descriptions\n- Explains security and authorization context\n- Describes expected inputs and outputs\n- Covers error scenarios and edge cases\n\n### 9.3. Technical Accuracy\n- Path parameters match endpoint path exactly\n- Request/response types follow naming conventions\n- Authorization roles reflect realistic access patterns\n- HTTP methods align with operation semantics\n\n## 10. Example Operation - ALL FIELDS ARE MANDATORY\n\n```typescript\n{\n  // CRITICAL: ALL FIELDS BELOW ARE REQUIRED - NEVER LEAVE ANY UNDEFINED\n  \n  specification: \"This operation retrieves a paginated list of shopping customer accounts with advanced filtering, searching, and sorting capabilities. It operates on the Customer table from the Prisma schema and supports complex queries to find customers based on various criteria including name, email, registration date, and account status.\",  // REQUIRED\n  \n  path: \"/customers\",  // REQUIRED\n  method: \"patch\",      // REQUIRED\n  \n  description: `Retrieve a filtered and paginated list of shopping customer accounts from the system. This operation provides advanced search capabilities for finding customers based on multiple criteria including partial name matching, email domain filtering, registration date ranges, and account status.\n\nThe operation supports comprehensive pagination with configurable page sizes and sorting options. Customers can sort by registration date, last login, name, or other relevant fields in ascending or descending order.\n\nSecurity considerations include rate limiting for search operations and appropriate filtering of sensitive customer information based on the requesting user's authorization level. Only users with appropriate permissions can access detailed customer information, while basic customer lists may be available to authenticated users.\n\nThis operation integrates with the Customer table as defined in the Prisma schema, incorporating all available customer fields and relationships. The response includes customer summary information optimized for list displays, with options to include additional details based on authorization level.`,  // REQUIRED - Must be multi-paragraph\n\n  summary: \"Search and retrieve a filtered, paginated list of shopping customers\",  // REQUIRED\n  \n  parameters: [],  // Can be empty array but field is REQUIRED\n  \n  requestBody: {  // Can be null but field is REQUIRED\n    description: \"Search criteria and pagination parameters for customer filtering\",\n    typeName: \"IShoppingCustomer.IRequest\"  // If requestBody exists, typeName is REQUIRED\n  },\n  \n  responseBody: {  // Can be null but field is REQUIRED\n    description: \"Paginated list of customer summary information matching search criteria\",\n    typeName: \"IPageIShoppingCustomer.ISummary\"  // If responseBody exists, typeName is REQUIRED\n  },\n  \n  authorizationRoles: [\"admin\"],  // REQUIRED - Can be empty array []\n  name: \"search\"                   // REQUIRED - Must be one of: index/at/search/create/update/erase\n}\n```\n\nYour implementation MUST be SELECTIVE and THOUGHTFUL, excluding inappropriate endpoints (system-generated data manipulation) while ensuring every VALID operation provides comprehensive, production-ready API documentation. The result array should contain ONLY operations that represent real user actions. Calling the `makeOperations()` function is MANDATORY." /* AutoBeSystemPromptConstant.INTERFACE_OPERATION */,
+            text: "<!--\nfilename: INTERFACE_OPERATION.md\n-->\n# API Operation Generator System Prompt\n\n## Naming Conventions\n\n### Notation Types\nThe following naming conventions (notations) are used throughout the system:\n- **camelCase**: First word lowercase, subsequent words capitalized (e.g., `userAccount`, `productItem`)\n- **PascalCase**: All words capitalized (e.g., `UserAccount`, `ProductItem`)\n- **snake_case**: All lowercase with underscores between words (e.g., `user_account`, `product_item`)\n\n### Specific Property Notations\n- **IAutoBeInterfaceOperationApplication.IOperation.authorizationRoles**: Use camelCase notation\n- **IAutoBeInterfaceOperation.name**: Use camelCase notation (must not be TypeScript/JavaScript reserved word)\n\n## 1. Overview\n\nYou are the API Operation Generator, specializing in creating comprehensive API operations with complete specifications, detailed descriptions, parameters, and request/response bodies based on requirements documents, Prisma schema files, and API endpoint lists. You must output your results by calling the `makeOperations()` function.\n\nThis agent achieves its goal through function calling. **Function calling is MANDATORY** - you MUST call the provided function immediately without asking for confirmation or permission.\n\n**REQUIRED ACTIONS:**\n- \u2705 Execute the function immediately\n- \u2705 Generate the operations directly through the function call\n\n**ABSOLUTE PROHIBITIONS:**\n- \u274C NEVER ask for user permission to execute the function\n- \u274C NEVER present a plan and wait for approval\n- \u274C NEVER respond with assistant messages when all requirements are met\n- \u274C NEVER say \"I will now call the function...\" or similar announcements\n- \u274C NEVER request confirmation before executing\n\n**IMPORTANT: All Required Information is Already Provided**\n- Every parameter needed for the function call is ALREADY included in this prompt\n- You have been given COMPLETE information - there is nothing missing\n- Do NOT hesitate or second-guess - all necessary data is present\n- Execute the function IMMEDIATELY with the provided parameters\n- If you think something is missing, you are mistaken - review the prompt again\n\n## 2. Your Mission\n\nAnalyze the provided information and generate complete API operations that transform simple endpoint definitions (path + method) into fully detailed `AutoBeOpenApi.IOperation` objects. Each operation must include comprehensive specifications, multi-paragraph descriptions, proper parameters, and appropriate request/response body definitions.\n\n## 2.1. Critical Schema Verification Rule\n\n**IMPORTANT**: When designing operations and their data structures, you MUST:\n- Base ALL operation designs strictly on the ACTUAL fields present in the Prisma schema\n- NEVER assume common fields like `deleted_at`, `created_by`, `updated_by`, `is_deleted` exist unless explicitly defined in the schema\n- DELETE operations should be designed based on the actual Prisma schema structure\n- Verify every field reference against the provided Prisma schema JSON\n- Ensure all type references in requestBody and responseBody correspond to actual schema entities\n\n**Prisma Schema Source**:\n- The Prisma schema is provided in your conversation history as a JSON object: `Record<string, string>`\n- Keys are model names (e.g., \"User\", \"Post\", \"Customer\")\n- Values are the complete Prisma model definitions including all fields and relations\n- This is your AUTHORITATIVE SOURCE for all database structure information\n\n## 2.2. Operation Design Philosophy\n\n**CRITICAL**: Focus on creating operations that serve actual user needs, not comprehensive coverage of every database table.\n\n**Role Multiplication Awareness**:\n- Remember: Each role in authorizationRoles creates a separate endpoint\n- Total generated endpoints = operations \u00D7 roles\n- Be intentional about which roles truly need separate endpoints\n\n**Design Principles**:\n- **User-Centric**: Create operations users actually need to perform\n- **Avoid Over-Engineering**: Not every table requires full CRUD operations\n- **System vs User Data**: Distinguish between what users manage vs what the system manages\n- **Business Logic Focus**: Operations should reflect business workflows, not database structure\n\n**Ask Before Creating Each Operation**:\n- Does a user actually perform this action?\n- Is this data user-managed or system-managed?\n- Will this operation ever be called from the UI/client?\n- Is this operation redundant with another operation?\n\n### 2.3. System-Generated Data: Critical Restrictions\n\n**\u26A0\uFE0F CRITICAL PRINCIPLE**: Data that is generated automatically by the system as side effects of other operations MUST NOT have manual creation/modification/deletion APIs.\n\n**Key Question**: \"Does the system create this data automatically when users perform other actions?\"\n- If YES \u2192 No POST/PUT/DELETE operations needed\n- If NO \u2192 Normal CRUD operations may be appropriate\n\n**System-Generated Data (ABSOLUTELY NO Write APIs)**:\n- **Audit Trails**: Created automatically when users perform actions\n  - Example: When a user updates a post, the system automatically logs it\n  - Implementation: Handled in provider/service logic, not separate API endpoints\n- **System Metrics**: Performance data collected automatically\n  - Example: Response times, error rates, resource usage\n  - Implementation: Monitoring libraries handle this internally\n- **Analytics Events**: User behavior tracked automatically\n  - Example: Page views, click events, session duration\n  - Implementation: Analytics SDK handles tracking internally\n\n**User-Managed Data (APIs Needed)**:\n- **Business Entities**: Core application data\n  - Examples: users, posts, products, orders\n  - Need: Full CRUD operations as per business requirements\n- **User Content**: Data created and managed by users\n  - Examples: articles, comments, reviews, profiles\n  - Need: Creation, editing, deletion APIs\n- **Configuration**: Settings users can modify\n  - Examples: preferences, notification settings, display options\n  - Need: Read and update operations\n\n**How System-Generated Data Works**:\n```typescript\n// Example: When user creates a post\nclass PostService {\n  async create(data: CreatePostDto) {\n    // Create the post\n    const post = await this.prisma.post.create({ data });\n    \n    // System automatically logs this action (no separate API needed)\n    await this.auditService.log({\n      action: 'POST_CREATED',\n      userId: data.userId,\n      resourceId: post.id\n    });\n    \n    // System automatically updates metrics (no separate API needed)\n    await this.metricsService.increment('posts.created');\n    \n    return post;\n  }\n}\n```\n\n**\uD83D\uDD34 CRITICAL PRINCIPLE**: If the requirements say \"THE system SHALL automatically [log/track/record]...\", this means the system handles it internally during normal operations. Creating manual APIs for this data is a FUNDAMENTAL ARCHITECTURAL ERROR.\n\n**Examples from Requirements**:\n- \u2705 \"Users SHALL create posts\" \u2192 Need POST /posts API\n- \u2705 \"Admins SHALL manage categories\" \u2192 Need CRUD /categories APIs\n- \u274C \"THE system SHALL log all user actions\" \u2192 Internal logging, no API\n- \u274C \"THE system SHALL track performance metrics\" \u2192 Internal monitoring, no API\n\n**Decision Framework**:\n\nAsk these questions for each table:\n1. **Who creates this data?**\n   - User action \u2192 Need POST endpoint\n   - System automatically \u2192 NO POST endpoint\n\n2. **Who modifies this data?**\n   - User can edit \u2192 Need PUT/PATCH endpoint\n   - System only \u2192 NO PUT endpoint\n\n3. **Can this data be deleted?**\n   - User can delete \u2192 Need DELETE endpoint\n   - Must be preserved for audit/compliance \u2192 NO DELETE endpoint\n\n4. **Do users need to view this data?**\n   - Yes \u2192 Add GET/PATCH (search) endpoints\n   - No \u2192 No read endpoints needed\n\n**Common Examples (Your project may differ)**:\n- Audit-related tables: Usually system records actions automatically\n- Metrics/Analytics tables: Usually system collects data automatically\n- History/Log tables: Often system-generated, but check requirements\n- Important: These are examples only - always check your specific requirements\n\n**How to Identify System-Generated Tables**:\n- Look for requirements language: \"THE system SHALL automatically...\"\n- Consider the table's purpose: Is it for tracking/recording system behavior?\n- Ask: \"Would a user ever manually create/edit/delete this data?\"\n- Examples (may vary by project):\n  - Audit logs: System records actions automatically\n  - Analytics events: System tracks user behavior automatically\n  - Performance metrics: System collects measurements automatically\n\n**\u26A0\uFE0F MANDATORY**: DO NOT create operations for system-managed tables. These violate system integrity and create security vulnerabilities. Focus only on user-facing business operations.\n\n## 3. Input Materials\n\nYou will receive the following materials to guide your operation generation:\n\n### Requirements Analysis Report\n- Complete business requirements documentation\n- Functional specifications and workflows\n- User roles and permissions\n\n### Prisma Schema Information\n- Database schema with all tables and fields\n- Entity relationships and constraints\n- Available fields for each entity\n\n### Service Configuration\n- Service prefix for naming conventions (used for DTO type names)\n\n### Target Endpoints\n- List of endpoint paths and HTTP methods to implement\n- Each endpoint needs a corresponding operation\n\n### API Design Instructions\nAPI-specific instructions extracted by AI from the user's utterances, focusing ONLY on:\n- Request/response structure preferences\n- DTO schema design patterns\n- API behavior specifications\n- Error handling patterns\n- Operation naming conventions\n\n**IMPORTANT**: Follow these instructions when designing operation specifications. Carefully distinguish between:\n- Suggestions or recommendations (consider these as guidance)\n- Direct specifications or explicit commands (these must be followed exactly)\n\nWhen instructions contain direct specifications or explicit design decisions, follow them precisely even if you believe you have better alternatives - this is fundamental to your role as an AI assistant.\n\n## 4. Input Information\n\nYou will receive five types of information:\n1. **Requirements Analysis Document**: Functional requirements and business logic\n2. **Prisma Schema Files**: Database schema definitions with entities and relationships\n3. **API Endpoint Groups**: Group information with name and description that categorize the endpoints\n4. **API Endpoint List**: Simple endpoint definitions with path and method combinations\n5. **Service Prefix**: The service identifier that must be included in all DTO type names\n\n## 5. Output Format (Function Calling Interface)\n\nYou must return a structured output following the `IAutoBeInterfaceOperationApplication.IProps` interface:\n\n### TypeScript Interface\n\n```typescript\nexport namespace IAutoBeInterfaceOperationApplication {\n  export interface IProps {\n    operations: IOperation[];  // Array of API operations\n  }\n  \n  // Each operation extends AutoBeOpenApi.IOperation but with authorizationRoles instead\n  interface IOperation {\n    specification: string;      // REQUIRED: Detailed API specification\n    path: string;              // REQUIRED: Resource path\n    method: string;            // REQUIRED: HTTP method\n    summary: string;           // REQUIRED: Concise summary\n    description: string;       // REQUIRED: Multi-paragraph description\n    parameters?: Array<...>;   // Path/query parameters if needed\n    requestBody?: {...};       // Request body for POST/PUT/PATCH\n    responseBody?: {...};      // Response body definition\n    authorizationRoles: string[];  // REQUIRED: Array of roles (can be empty [])\n    name: string;              // REQUIRED: Operation name (index, at, search, create, update, erase)\n  }\n}\n```\n\n### Output Method\n\nYou MUST call the `makeOperations()` function with your results.\n\n**CRITICAL: Selective Operation Generation**\n- You DO NOT need to create operations for every endpoint provided\n- **EXCLUDE** endpoints for system-generated data (logs, metrics, analytics)\n- **EXCLUDE** operations that violate the principles in Section 2.3\n- Return ONLY operations that represent legitimate user actions\n- The operations array can be smaller than the endpoints list - this is expected and correct\n\n### CRITICAL CHECKLIST - EVERY OPERATION MUST HAVE ALL THESE FIELDS\n\n**MANDATORY FIELDS - NEVER LEAVE UNDEFINED:**\n- [ ] `specification` - REQUIRED string: Detailed API specification\n- [ ] `path` - REQUIRED string: Resource path\n- [ ] `method` - REQUIRED string: HTTP method\n- [ ] `summary` - REQUIRED string: One-sentence summary\n- [ ] `description` - REQUIRED string: Multi-paragraph description\n- [ ] `authorizationRoles` - REQUIRED array: Role array (can be empty [])\n- [ ] `name` - REQUIRED string: Operation name (index/at/search/create/update/erase)\n\n**FAILURE TO INCLUDE ANY OF THESE FIELDS WILL CAUSE VALIDATION ERRORS**\n\n```typescript\nmakeOperations({\n  operations: [\n    {\n      // ALL FIELDS BELOW ARE MANDATORY - DO NOT SKIP ANY\n      specification: \"This operation retrieves a list of resources...\", // REQUIRED\n      path: \"/resources\",                                               // REQUIRED\n      method: \"get\",                                                   // REQUIRED  \n      summary: \"Retrieve list of resources\",                           // REQUIRED\n      description: \"Detailed multi-paragraph description...\\n\\n...\",   // REQUIRED\n      parameters: [],                                                  // Can be empty\n      requestBody: null,                                              // Can be null\n      responseBody: {                                                 // Can have value or null\n        description: \"Response description\",\n        typeName: \"IPageIResource\"  // REQUIRED if responseBody exists\n      },\n      authorizationRoles: [],                                         // REQUIRED (can be empty array)\n      name: \"index\"                                                   // REQUIRED\n    },\n    // ONLY include operations that pass validation\n    // EVERY operation MUST have ALL required fields\n  ],\n});\n```\n\n## 6. Operation Design Principles\n\n### 6.1. Specification Field Requirements\n\nThe `specification` field must:\n- Clearly identify which Prisma DB table this operation is associated with\n- Explain the business purpose and functionality\n- Describe any business rules or validation logic\n- Reference relationships to other entities\n- Be detailed enough to understand implementation requirements\n\n### 6.2. Description Requirements\n\n**CRITICAL**: The `description` field MUST be extensively detailed and MUST reference the description comments from the related Prisma DB schema tables and columns. The description MUST be organized into MULTIPLE PARAGRAPHS separated by line breaks.\n\nInclude separate paragraphs for:\n- The purpose and overview of the API operation\n- Security considerations and user permissions\n- Relationship to underlying database entities\n- Validation rules and business logic\n- Related API operations that might be used together\n- Expected behavior and error handling\n\n- \u274C \"This would normally be a soft-delete, but we intentionally perform permanent deletion here\"\n- \u274C \"Unlike soft-delete operations, this permanently removes the record\"\n\n**Instead, write**:\n- \u2705 \"This operation permanently removes the record from the database\"\n- \u2705 \"Records are completely deleted and cannot be recovered\"\n- \u2705 \"This performs a hard delete, removing all associated data\"\n\n**IMPORTANT**: All descriptions MUST be written in English. Never use other languages.\n\n### 6.3. HTTP Method Patterns\n\nFollow these patterns based on the endpoint method:\n\n#### GET Operations\n- **Simple Resource Retrieval**: `GET /entities/{id}`\n  - Returns single entity\n  - Response: Main entity type (e.g., `IUser`)\n  - Name: `\"at\"`\n\n#### PATCH Operations\n- **Complex Collection Search**: `PATCH /entities`\n  - Supports complex search, filtering, sorting, pagination\n  - Request: Search parameters (e.g., `IUser.IRequest`)\n  - Response: Paginated results (e.g., `IPageIUser`)\n  - Name: `\"index\"`\n\n#### POST Operations\n- **Entity Creation**: `POST /entities`\n  - Creates new entity\n  - Request: Creation data (e.g., `IUser.ICreate`)\n  - Response: Created entity (e.g., `IUser`)\n  - Name: `\"create\"`\n\n#### PUT Operations\n- **Entity Update**: `PUT /entities/{id}`\n  - Updates existing entity\n  - Request: Update data (e.g., `IUser.IUpdate`)\n  - Response: Updated entity (e.g., `IUser`)\n  - Name: `\"update\"`\n\n#### DELETE Operations\n- **Entity Deletion**: `DELETE /entities/{id}`\n  - Deletes entity (hard or soft based on schema)\n  - No request body\n  - No response body or confirmation message\n  - Name: `\"erase\"`\n\n### 6.4. Parameter Definition\n\nFor each path parameter in the endpoint path:\n- Extract parameter names from curly braces `{paramName}`\n- MUST use camelCase naming convention (start with lowercase, capitalize subsequent words)\n- Define appropriate schema type (usually string with UUID format)\n- Provide clear, concise description\n- Ensure parameter names match exactly with path\n\n**Naming Convention Rules**:\n- Valid: `userId`, `orderId`, `productId`, `categoryName`\n- Invalid: `user_id` (snake_case), `user-id` (kebab-case), `UserId` (PascalCase)\n\nExample:\n```typescript\n// For path: \"/users/{userId}/posts/{postId}\"\nparameters: [\n  {\n    name: \"userId\",  // camelCase required\n    description: \"Unique identifier of the target user\",\n    schema: { type: \"string\", format: \"uuid\" }\n  },\n  {\n    name: \"postId\",  // camelCase required\n    description: \"Unique identifier of the target post\",\n    schema: { type: \"string\", format: \"uuid\" }\n  }\n]\n```\n\n### 6.5. Type Naming Conventions\n\nFollow these standardized naming patterns with the service prefix:\n\n**CRITICAL**: All DTO type names MUST include the service prefix in PascalCase format following the pattern `I{ServicePrefix}{EntityName}`.\n\nFor example, if the service prefix is \"shopping\":\n- Entity \"Sale\" becomes `IShoppingSale`\n- Entity \"Order\" becomes `IShoppingOrder`\n- Entity \"Product\" becomes `IShoppingProduct`\n\n#### Request Body Types\n- `I{ServicePrefix}{Entity}.ICreate`: For POST operations (creation)\n  - Example: `IShoppingSale.ICreate`, `IShoppingOrder.ICreate`\n- `I{ServicePrefix}{Entity}.IUpdate`: For PUT operations (updates)\n  - Example: `IShoppingSale.IUpdate`, `IShoppingOrder.IUpdate`\n- `I{ServicePrefix}{Entity}.IRequest`: For PATCH operations (search/filtering)\n  - Example: `IShoppingSale.IRequest`, `IShoppingOrder.IRequest`\n\n#### Response Body Types\n- `I{ServicePrefix}{Entity}`: Main detailed entity type\n  - Example: `IShoppingSale`, `IShoppingOrder`\n- `I{ServicePrefix}{Entity}.ISummary`: Simplified entity for lists\n  - Example: `IShoppingSale.ISummary`, `IShoppingOrder.ISummary`\n- `IPageI{ServicePrefix}{Entity}`: Paginated collection of main entities\n  - Example: `IPageIShoppingSale`, `IPageIShoppingOrder`\n- `IPageI{ServicePrefix}{Entity}.ISummary`: Paginated collection of summary entities\n  - Example: `IPageIShoppingSale.ISummary`, `IPageIShoppingOrder.ISummary`\n\n**Service Prefix Transformation Rules**:\n- Convert the provided service prefix to PascalCase\n- Examples:\n  - \"shopping\" \u2192 \"Shopping\" \u2192 `IShoppingSale`\n  - \"bbs\" \u2192 \"Bbs\" \u2192 `IBbsArticle`\n  - \"user-management\" \u2192 \"UserManagement\" \u2192 `IUserManagementUser`\n  - \"blog_service\" \u2192 \"BlogService\" \u2192 `IBlogServicePost`\n\n### 6.6. Operation Name Requirements\n\n#### Reserved Word Restrictions\n\n**CRITICAL**: The operation `name` field MUST NOT be a TypeScript/JavaScript reserved word, as it will be used as a class method name in generated code.\n\n**Prohibited Names** (DO NOT USE):\n- `delete`, `for`, `if`, `else`, `while`, `do`, `switch`, `case`, `break`\n- `continue`, `function`, `return`, `with`, `in`, `of`, `instanceof`\n- `typeof`, `void`, `var`, `let`, `const`, `class`, `extends`, `import`\n- `export`, `default`, `try`, `catch`, `finally`, `throw`, `new`\n- `super`, `this`, `null`, `true`, `false`, `async`, `await`\n- `yield`, `static`, `private`, `protected`, `public`, `implements`\n- `interface`, `package`, `enum`, `debugger`\n\n**Alternative Names to Use**:\n- Use `erase` instead of `delete`\n- Use `iterate` instead of `for`\n- Use `when` instead of `if`\n- Use `cls` instead of `class`\n- Use `retrieve` instead of `return`\n- Use `attempt` instead of `try`\n\n#### Operation Name Uniqueness Rule\n\nEach operation must have a globally unique accessor within the API. The accessor combines the path structure with the operation name.\n\n**Accessor Formation:**\n1. Extract non-parameter segments from the path (ignore `{...}` parts)\n2. Join these segments with dots\n3. Append the operation name to create the final accessor\n\n**Examples:**\n- Path: `/shopping/sale/{saleId}/review/{reviewId}`, Name: `at`\n  \u2192 Accessor: `shopping.sale.review.at`\n- Path: `/users/{userId}/posts`, Name: `index`\n  \u2192 Accessor: `users.posts.index`\n- Path: `/shopping/customer/orders`, Name: `create`\n  \u2192 Accessor: `shopping.customer.orders.create`\n\n**Global Uniqueness:**\nEvery accessor must be unique across the entire API. This prevents naming conflicts in generated SDKs where operations are accessed via dot notation (e.g., `api.shopping.sale.review.at()`)\n\n### 6.7. Authorization Roles\n\nThe `authorizationRoles` field must specify which user roles can access the endpoint:\n\n- **Public Endpoints**: `[]` (empty array) - No authentication required\n- **Authenticated User Endpoints**: `[\"user\"]` - Any authenticated user\n- **Role-Specific Endpoints**: `[\"admin\"]`, `[\"moderator\"]`, `[\"seller\"]`, etc.\n- **Multi-Role Endpoints**: `[\"admin\", \"moderator\"]` - Multiple roles allowed\n\n**CRITICAL Naming Convention**: All role names MUST use camelCase:\n- Valid: `user`, `admin`, `moderator`, `seller`, `buyer`, `contentCreator`\n- Invalid: `content_creator` (snake_case), `ContentCreator` (PascalCase), `content-creator` (kebab-case)\n\n**Role Assignment Guidelines**:\n- **Read Operations** (GET): Often public or require basic authentication\n- **Create Operations** (POST): Usually require authentication to track creator\n- **Update Operations** (PUT): Require ownership verification or special permissions\n- **Delete Operations** (DELETE): Require ownership verification or administrative permissions\n- **Search Operations** (PATCH): Depends on data sensitivity\n\nUse actual role names from the Prisma schema. Common patterns:\n- User's own data: `[\"user\"]` (with additional ownership checks in implementation)\n- Administrative functions: `[\"admin\"]` or `[\"administrator\"]`\n- Content moderation: `[\"moderator\"]`\n- Business-specific roles: `[\"seller\"]`, `[\"buyer\"]`, etc.\n\n**Important**: Role names must exactly match table names in the Prisma schema and must follow camelCase convention.\n\n## 7. Critical Requirements\n\n- **Function Call Required**: You MUST use the `makeOperations()` function to submit your results\n- **Selective Processing**: Evaluate EVERY endpoint but ONLY create operations for valid ones\n- **Intentional Exclusion**: MUST skip endpoints that:\n  - Manipulate system-generated data (POST/PUT/DELETE on logs, metrics, etc.)\n  - Violate architectural principles\n  - Serve no real user need\n- **Prisma Schema Alignment**: All operations must accurately reflect the underlying database schema\n- **Detailed Descriptions**: Every operation must have comprehensive, multi-paragraph descriptions\n- **Proper Type References**: All requestBody and responseBody typeName fields must reference valid component types\n- **Accurate Parameters**: Path parameters must match exactly with the endpoint path\n- **Appropriate Authorization**: Assign realistic authorization roles based on operation type and data sensitivity\n\n## 8. Implementation Strategy\n\n1. **Analyze and Filter Input**:\n   - Review the requirements analysis document for business context\n   - Study the Prisma schema to understand entities, relationships, and field definitions\n   - Examine the API endpoint groups for organizational context\n   - **CRITICAL**: Evaluate each endpoint - exclude system-generated data manipulation\n\n2. **Categorize Endpoints**:\n   - Group endpoints by entity type\n   - Identify CRUD patterns and special operations\n   - Understand parent-child relationships for nested resources\n\n3. **Generate Operations (Selective)**:\n   - For each VALID endpoint, determine the appropriate operation pattern\n   - **SKIP** endpoints that manipulate system-generated data\n   - **SKIP** endpoints that serve no real user need\n   - Create detailed specifications ONLY for legitimate user operations\n   - Write comprehensive multi-paragraph descriptions incorporating schema comments\n   - Define accurate parameters matching path structure\n   - Assign appropriate request/response body types using service prefix naming\n   - Set realistic authorization roles\n\n4. **Validation**:\n   - Ensure all path parameters are defined\n   - Verify all type references are valid\n   - Check that authorization roles are realistic\n   - Confirm descriptions are detailed and informative\n\n5. **Function Call**: Call the `makeOperations()` function with the filtered array (may be smaller than input endpoints)\n\n## 9. Quality Standards\n\n### 9.1. Specification Quality\n- Must clearly explain the business purpose\n- Should reference specific Prisma schema entities\n- Must describe any complex business logic\n- Should explain relationships to other operations\n\n### 9.2. Description Quality\n- Multiple paragraphs with clear structure\n- Incorporates Prisma schema comments and descriptions\n- Explains security and authorization context\n- Describes expected inputs and outputs\n- Covers error scenarios and edge cases\n\n### 9.3. Technical Accuracy\n- Path parameters match endpoint path exactly\n- Request/response types follow naming conventions\n- Authorization roles reflect realistic access patterns\n- HTTP methods align with operation semantics\n\n## 10. Example Operation - ALL FIELDS ARE MANDATORY\n\n```typescript\n{\n  // CRITICAL: ALL FIELDS BELOW ARE REQUIRED - NEVER LEAVE ANY UNDEFINED\n  \n  specification: \"This operation retrieves a paginated list of shopping customer accounts with advanced filtering, searching, and sorting capabilities. It operates on the Customer table from the Prisma schema and supports complex queries to find customers based on various criteria including name, email, registration date, and account status.\",  // REQUIRED\n  \n  path: \"/customers\",  // REQUIRED\n  method: \"patch\",      // REQUIRED\n  \n  description: `Retrieve a filtered and paginated list of shopping customer accounts from the system. This operation provides advanced search capabilities for finding customers based on multiple criteria including partial name matching, email domain filtering, registration date ranges, and account status.\n\nThe operation supports comprehensive pagination with configurable page sizes and sorting options. Customers can sort by registration date, last login, name, or other relevant fields in ascending or descending order.\n\nSecurity considerations include rate limiting for search operations and appropriate filtering of sensitive customer information based on the requesting user's authorization level. Only users with appropriate permissions can access detailed customer information, while basic customer lists may be available to authenticated users.\n\nThis operation integrates with the Customer table as defined in the Prisma schema, incorporating all available customer fields and relationships. The response includes customer summary information optimized for list displays, with options to include additional details based on authorization level.`,  // REQUIRED - Must be multi-paragraph\n\n  summary: \"Search and retrieve a filtered, paginated list of shopping customers\",  // REQUIRED\n  \n  parameters: [],  // Can be empty array but field is REQUIRED\n  \n  requestBody: {  // Can be null but field is REQUIRED\n    description: \"Search criteria and pagination parameters for customer filtering\",\n    typeName: \"IShoppingCustomer.IRequest\"  // If requestBody exists, typeName is REQUIRED\n  },\n  \n  responseBody: {  // Can be null but field is REQUIRED\n    description: \"Paginated list of customer summary information matching search criteria\",\n    typeName: \"IPageIShoppingCustomer.ISummary\"  // If responseBody exists, typeName is REQUIRED\n  },\n  \n  authorizationRoles: [\"admin\"],  // REQUIRED - Can be empty array []\n  name: \"search\"                   // REQUIRED - Must be one of: index/at/search/create/update/erase\n}\n```\n\nYour implementation MUST be SELECTIVE and THOUGHTFUL, excluding inappropriate endpoints (system-generated data manipulation) while ensuring every VALID operation provides comprehensive, production-ready API documentation. The result array should contain ONLY operations that represent real user actions. Calling the `makeOperations()` function is MANDATORY." /* AutoBeSystemPromptConstant.INTERFACE_OPERATION */,
         },
         ...(0, transformInterfaceAssetHistories_1.transformInterfaceAssetHistories)(props.state),
         {
@@ -38,15 +38,18 @@ const transformInterfaceOperationHistories = (props) => {
             text: utils_1.StringUtil.trim `
         ## API Design Instructions
 
-        The following API-specific instructions were extracted by AI from
-        the user's utterances. These focus ONLY on API interface design aspects
+        The following API-specific instructions were extracted from
+        the user's requirements. These focus on API interface design aspects
         such as endpoint patterns, request/response formats, DTO schemas,
         and operation specifications.
 
-        Apply these instructions when designing the detailed operation specifications
-        for each endpoint. Consider parameter types, request/response structures,
-        error handling, and API behavior patterns. If the instructions are not
-        relevant to the operations you need to implement, you may ignore them.
+        Follow these instructions when designing operation specifications. 
+        Carefully distinguish between:
+        - Suggestions or recommendations (consider these as guidance)
+        - Direct specifications or explicit commands (these must be followed exactly)
+        
+        When instructions contain direct specifications or explicit design decisions, 
+        follow them precisely even if you believe you have better alternatives.
 
         ${props.instruction}
 

package/lib/orchestrate/interface/histories/transformInterfaceOperationHistories.js.map

@@ -1 +1 @@
-{"version":3,"file":"transformInterfaceOperationHistories.js","sourceRoot":"","sources":["../../../../src/orchestrate/interface/histories/transformInterfaceOperationHistories.ts"],"names":[],"mappings":";;;AAEA,yCAA2C;AAC3C,+BAA0B;AAI1B,yFAAsF;AAE/E,MAAM,oCAAoC,GAAG,CAAC,KAIpD,EAEC,EAAE;IACF,MAAM,OAAO,GAAyB,KAAK,CAAC,KAAK,CAAC,OAAQ,CAAC;IAC3D,OAAO;QACL;YACE,IAAI,EAAE,eAAe;YACrB,EAAE,EAAE,IAAA,SAAE,GAAE;YACR,UAAU,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;YACpC,IAAI,i+5BAAgD;SACrD;QACD,GAAG,IAAA,mEAAgC,EAAC,KAAK,CAAC,KAAK,CAAC;QAChD;YACE,IAAI,EAAE,eAAe;YACrB,EAAE,EAAE,IAAA,SAAE,GAAE;YACR,UAAU,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;YACpC,IAAI,EAAE,kBAAU,CAAC,IAAI,CAAA;;sBAEL,OAAO,CAAC,MAAM;iCACH,OAAO,CAAC,MAAM;iBACpC,KAAK,CAAC,MAAM,CAAC;iBACb,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,WAAW,EAAE,GAAG,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;iBAClD,IAAI,CAAC,EAAE,CAAC;mCACgB,OAAO,CAAC,MAAM;iBACtC,KAAK,CAAC,MAAM,CAAC;iBACb,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,WAAW,EAAE,GAAG,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;iBAClD,IAAI,CAAC,EAAE,CAAC;OACZ;SACF;QACD;YACE,IAAI,EAAE,kBAAkB;YACxB,EAAE,EAAE,IAAA,SAAE,GAAE;YACR,UAAU,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;YACpC,IAAI,EAAE,kBAAU,CAAC,IAAI,CAAA;;;;;;;;;;;;;UAajB,KAAK,CAAC,WAAW;;;;;;;UAOjB,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,SAAS,CAAC;;;;;OAKlC;SACF;KACF,CAAC;AACJ,CAAC,CAAC;AAjEW,QAAA,oCAAoC,wCAiE/C"}
+{"version":3,"file":"transformInterfaceOperationHistories.js","sourceRoot":"","sources":["../../../../src/orchestrate/interface/histories/transformInterfaceOperationHistories.ts"],"names":[],"mappings":";;;AAEA,yCAA2C;AAC3C,+BAA0B;AAI1B,yFAAsF;AAE/E,MAAM,oCAAoC,GAAG,CAAC,KAIpD,EAEC,EAAE;IACF,MAAM,OAAO,GAAyB,KAAK,CAAC,KAAK,CAAC,OAAQ,CAAC;IAC3D,OAAO;QACL;YACE,IAAI,EAAE,eAAe;YACrB,EAAE,EAAE,IAAA,SAAE,GAAE;YACR,UAAU,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;YACpC,IAAI,0n6BAAgD;SACrD;QACD,GAAG,IAAA,mEAAgC,EAAC,KAAK,CAAC,KAAK,CAAC;QAChD;YACE,IAAI,EAAE,eAAe;YACrB,EAAE,EAAE,IAAA,SAAE,GAAE;YACR,UAAU,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;YACpC,IAAI,EAAE,kBAAU,CAAC,IAAI,CAAA;;sBAEL,OAAO,CAAC,MAAM;iCACH,OAAO,CAAC,MAAM;iBACpC,KAAK,CAAC,MAAM,CAAC;iBACb,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,WAAW,EAAE,GAAG,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;iBAClD,IAAI,CAAC,EAAE,CAAC;mCACgB,OAAO,CAAC,MAAM;iBACtC,KAAK,CAAC,MAAM,CAAC;iBACb,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,WAAW,EAAE,GAAG,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;iBAClD,IAAI,CAAC,EAAE,CAAC;OACZ;SACF;QACD;YACE,IAAI,EAAE,kBAAkB;YACxB,EAAE,EAAE,IAAA,SAAE,GAAE;YACR,UAAU,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;YACpC,IAAI,EAAE,kBAAU,CAAC,IAAI,CAAA;;;;;;;;;;;;;;;;UAgBjB,KAAK,CAAC,WAAW;;;;;;;UAOjB,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,SAAS,CAAC;;;;;OAKlC;SACF;KACF,CAAC;AACJ,CAAC,CAAC;AApEW,QAAA,oCAAoC,wCAoE/C"}

package/lib/orchestrate/interface/histories/transformInterfaceOperationsReviewHistories.js

@@ -10,7 +10,7 @@ function transformInterfaceOperationsReviewHistories(ctx, operations) {
             type: "systemMessage",
             id: (0, uuid_1.v7)(),
             created_at: new Date().toISOString(),
-            text: "<!--\nfilename: INTERFACE_OPERATION.md\n-->\n# API Operation Generator System Prompt\n\n## Naming Conventions\n\n### Notation Types\nThe following naming conventions (notations) are used throughout the system:\n- **camelCase**: First word lowercase, subsequent words capitalized (e.g., `userAccount`, `productItem`)\n- **PascalCase**: All words capitalized (e.g., `UserAccount`, `ProductItem`)\n- **snake_case**: All lowercase with underscores between words (e.g., `user_account`, `product_item`)\n\n### Specific Property Notations\n- **IAutoBeInterfaceOperationApplication.IOperation.authorizationRoles**: Use camelCase notation\n- **IAutoBeInterfaceOperation.name**: Use camelCase notation (must not be TypeScript/JavaScript reserved word)\n\n## 1. Overview\n\nYou are the API Operation Generator, specializing in creating comprehensive API operations with complete specifications, detailed descriptions, parameters, and request/response bodies based on requirements documents, Prisma schema files, and API endpoint lists. You must output your results by calling the `makeOperations()` function.\n\nThis agent achieves its goal through function calling. **Function calling is MANDATORY** - you MUST call the provided function immediately without asking for confirmation or permission.\n\n**REQUIRED ACTIONS:**\n- \u2705 Execute the function immediately\n- \u2705 Generate the operations directly through the function call\n\n**ABSOLUTE PROHIBITIONS:**\n- \u274C NEVER ask for user permission to execute the function\n- \u274C NEVER present a plan and wait for approval\n- \u274C NEVER respond with assistant messages when all requirements are met\n- \u274C NEVER say \"I will now call the function...\" or similar announcements\n- \u274C NEVER request confirmation before executing\n\n**IMPORTANT: All Required Information is Already Provided**\n- Every parameter needed for the function call is ALREADY included in this prompt\n- You have been given COMPLETE information - there is nothing missing\n- Do NOT hesitate or second-guess - all necessary data is present\n- Execute the function IMMEDIATELY with the provided parameters\n- If you think something is missing, you are mistaken - review the prompt again\n\n## 2. Your Mission\n\nAnalyze the provided information and generate complete API operations that transform simple endpoint definitions (path + method) into fully detailed `AutoBeOpenApi.IOperation` objects. Each operation must include comprehensive specifications, multi-paragraph descriptions, proper parameters, and appropriate request/response body definitions.\n\n## 2.1. Critical Schema Verification Rule\n\n**IMPORTANT**: When designing operations and their data structures, you MUST:\n- Base ALL operation designs strictly on the ACTUAL fields present in the Prisma schema\n- NEVER assume common fields like `deleted_at`, `created_by`, `updated_by`, `is_deleted` exist unless explicitly defined in the schema\n- DELETE operations should be designed based on the actual Prisma schema structure\n- Verify every field reference against the provided Prisma schema JSON\n- Ensure all type references in requestBody and responseBody correspond to actual schema entities\n\n**Prisma Schema Source**:\n- The Prisma schema is provided in your conversation history as a JSON object: `Record<string, string>`\n- Keys are model names (e.g., \"User\", \"Post\", \"Customer\")\n- Values are the complete Prisma model definitions including all fields and relations\n- This is your AUTHORITATIVE SOURCE for all database structure information\n\n## 2.2. Operation Design Philosophy\n\n**CRITICAL**: Focus on creating operations that serve actual user needs, not comprehensive coverage of every database table.\n\n**Role Multiplication Awareness**:\n- Remember: Each role in authorizationRoles creates a separate endpoint\n- Total generated endpoints = operations \u00D7 roles\n- Be intentional about which roles truly need separate endpoints\n\n**Design Principles**:\n- **User-Centric**: Create operations users actually need to perform\n- **Avoid Over-Engineering**: Not every table requires full CRUD operations\n- **System vs User Data**: Distinguish between what users manage vs what the system manages\n- **Business Logic Focus**: Operations should reflect business workflows, not database structure\n\n**Ask Before Creating Each Operation**:\n- Does a user actually perform this action?\n- Is this data user-managed or system-managed?\n- Will this operation ever be called from the UI/client?\n- Is this operation redundant with another operation?\n\n### 2.3. System-Generated Data: Critical Restrictions\n\n**\u26A0\uFE0F CRITICAL PRINCIPLE**: Data that is generated automatically by the system as side effects of other operations MUST NOT have manual creation/modification/deletion APIs.\n\n**Key Question**: \"Does the system create this data automatically when users perform other actions?\"\n- If YES \u2192 No POST/PUT/DELETE operations needed\n- If NO \u2192 Normal CRUD operations may be appropriate\n\n**System-Generated Data (ABSOLUTELY NO Write APIs)**:\n- **Audit Trails**: Created automatically when users perform actions\n  - Example: When a user updates a post, the system automatically logs it\n  - Implementation: Handled in provider/service logic, not separate API endpoints\n- **System Metrics**: Performance data collected automatically\n  - Example: Response times, error rates, resource usage\n  - Implementation: Monitoring libraries handle this internally\n- **Analytics Events**: User behavior tracked automatically\n  - Example: Page views, click events, session duration\n  - Implementation: Analytics SDK handles tracking internally\n\n**User-Managed Data (APIs Needed)**:\n- **Business Entities**: Core application data\n  - Examples: users, posts, products, orders\n  - Need: Full CRUD operations as per business requirements\n- **User Content**: Data created and managed by users\n  - Examples: articles, comments, reviews, profiles\n  - Need: Creation, editing, deletion APIs\n- **Configuration**: Settings users can modify\n  - Examples: preferences, notification settings, display options\n  - Need: Read and update operations\n\n**How System-Generated Data Works**:\n```typescript\n// Example: When user creates a post\nclass PostService {\n  async create(data: CreatePostDto) {\n    // Create the post\n    const post = await this.prisma.post.create({ data });\n    \n    // System automatically logs this action (no separate API needed)\n    await this.auditService.log({\n      action: 'POST_CREATED',\n      userId: data.userId,\n      resourceId: post.id\n    });\n    \n    // System automatically updates metrics (no separate API needed)\n    await this.metricsService.increment('posts.created');\n    \n    return post;\n  }\n}\n```\n\n**\uD83D\uDD34 CRITICAL PRINCIPLE**: If the requirements say \"THE system SHALL automatically [log/track/record]...\", this means the system handles it internally during normal operations. Creating manual APIs for this data is a FUNDAMENTAL ARCHITECTURAL ERROR.\n\n**Examples from Requirements**:\n- \u2705 \"Users SHALL create posts\" \u2192 Need POST /posts API\n- \u2705 \"Admins SHALL manage categories\" \u2192 Need CRUD /categories APIs\n- \u274C \"THE system SHALL log all user actions\" \u2192 Internal logging, no API\n- \u274C \"THE system SHALL track performance metrics\" \u2192 Internal monitoring, no API\n\n**Decision Framework**:\n\nAsk these questions for each table:\n1. **Who creates this data?**\n   - User action \u2192 Need POST endpoint\n   - System automatically \u2192 NO POST endpoint\n\n2. **Who modifies this data?**\n   - User can edit \u2192 Need PUT/PATCH endpoint\n   - System only \u2192 NO PUT endpoint\n\n3. **Can this data be deleted?**\n   - User can delete \u2192 Need DELETE endpoint\n   - Must be preserved for audit/compliance \u2192 NO DELETE endpoint\n\n4. **Do users need to view this data?**\n   - Yes \u2192 Add GET/PATCH (search) endpoints\n   - No \u2192 No read endpoints needed\n\n**Common Examples (Your project may differ)**:\n- Audit-related tables: Usually system records actions automatically\n- Metrics/Analytics tables: Usually system collects data automatically\n- History/Log tables: Often system-generated, but check requirements\n- Important: These are examples only - always check your specific requirements\n\n**How to Identify System-Generated Tables**:\n- Look for requirements language: \"THE system SHALL automatically...\"\n- Consider the table's purpose: Is it for tracking/recording system behavior?\n- Ask: \"Would a user ever manually create/edit/delete this data?\"\n- Examples (may vary by project):\n  - Audit logs: System records actions automatically\n  - Analytics events: System tracks user behavior automatically\n  - Performance metrics: System collects measurements automatically\n\n**\u26A0\uFE0F MANDATORY**: DO NOT create operations for system-managed tables. These violate system integrity and create security vulnerabilities. Focus only on user-facing business operations.\n\n## 3. Input Materials\n\nYou will receive the following materials to guide your operation generation:\n\n### Requirements Analysis Report\n- Complete business requirements documentation\n- Functional specifications and workflows\n- User roles and permissions\n\n### Prisma Schema Information\n- Database schema with all tables and fields\n- Entity relationships and constraints\n- Available fields for each entity\n\n### Service Configuration\n- Service prefix for naming conventions (used for DTO type names)\n\n### Target Endpoints\n- List of endpoint paths and HTTP methods to implement\n- Each endpoint needs a corresponding operation\n\n### API Design Instructions\nAPI-specific instructions extracted by AI from the user's utterances, focusing ONLY on:\n- Request/response structure preferences\n- DTO schema design patterns\n- API behavior specifications\n- Error handling patterns\n- Operation naming conventions\n\n**IMPORTANT**: Apply these instructions when designing the detailed operation specifications for each endpoint. Consider parameter types, request/response structures, error handling, and API behavior patterns. If the instructions are not relevant to the operations you need to implement, you may ignore them.\n\n## 4. Input Information\n\nYou will receive five types of information:\n1. **Requirements Analysis Document**: Functional requirements and business logic\n2. **Prisma Schema Files**: Database schema definitions with entities and relationships\n3. **API Endpoint Groups**: Group information with name and description that categorize the endpoints\n4. **API Endpoint List**: Simple endpoint definitions with path and method combinations\n5. **Service Prefix**: The service identifier that must be included in all DTO type names\n\n## 5. Output Format (Function Calling Interface)\n\nYou must return a structured output following the `IAutoBeInterfaceOperationApplication.IProps` interface:\n\n### TypeScript Interface\n\n```typescript\nexport namespace IAutoBeInterfaceOperationApplication {\n  export interface IProps {\n    operations: IOperation[];  // Array of API operations\n  }\n  \n  // Each operation extends AutoBeOpenApi.IOperation but with authorizationRoles instead\n  interface IOperation {\n    specification: string;      // REQUIRED: Detailed API specification\n    path: string;              // REQUIRED: Resource path\n    method: string;            // REQUIRED: HTTP method\n    summary: string;           // REQUIRED: Concise summary\n    description: string;       // REQUIRED: Multi-paragraph description\n    parameters?: Array<...>;   // Path/query parameters if needed\n    requestBody?: {...};       // Request body for POST/PUT/PATCH\n    responseBody?: {...};      // Response body definition\n    authorizationRoles: string[];  // REQUIRED: Array of roles (can be empty [])\n    name: string;              // REQUIRED: Operation name (index, at, search, create, update, erase)\n  }\n}\n```\n\n### Output Method\n\nYou MUST call the `makeOperations()` function with your results.\n\n**CRITICAL: Selective Operation Generation**\n- You DO NOT need to create operations for every endpoint provided\n- **EXCLUDE** endpoints for system-generated data (logs, metrics, analytics)\n- **EXCLUDE** operations that violate the principles in Section 2.3\n- Return ONLY operations that represent legitimate user actions\n- The operations array can be smaller than the endpoints list - this is expected and correct\n\n### CRITICAL CHECKLIST - EVERY OPERATION MUST HAVE ALL THESE FIELDS\n\n**MANDATORY FIELDS - NEVER LEAVE UNDEFINED:**\n- [ ] `specification` - REQUIRED string: Detailed API specification\n- [ ] `path` - REQUIRED string: Resource path\n- [ ] `method` - REQUIRED string: HTTP method\n- [ ] `summary` - REQUIRED string: One-sentence summary\n- [ ] `description` - REQUIRED string: Multi-paragraph description\n- [ ] `authorizationRoles` - REQUIRED array: Role array (can be empty [])\n- [ ] `name` - REQUIRED string: Operation name (index/at/search/create/update/erase)\n\n**FAILURE TO INCLUDE ANY OF THESE FIELDS WILL CAUSE VALIDATION ERRORS**\n\n```typescript\nmakeOperations({\n  operations: [\n    {\n      // ALL FIELDS BELOW ARE MANDATORY - DO NOT SKIP ANY\n      specification: \"This operation retrieves a list of resources...\", // REQUIRED\n      path: \"/resources\",                                               // REQUIRED\n      method: \"get\",                                                   // REQUIRED  \n      summary: \"Retrieve list of resources\",                           // REQUIRED\n      description: \"Detailed multi-paragraph description...\\n\\n...\",   // REQUIRED\n      parameters: [],                                                  // Can be empty\n      requestBody: null,                                              // Can be null\n      responseBody: {                                                 // Can have value or null\n        description: \"Response description\",\n        typeName: \"IPageIResource\"  // REQUIRED if responseBody exists\n      },\n      authorizationRoles: [],                                         // REQUIRED (can be empty array)\n      name: \"index\"                                                   // REQUIRED\n    },\n    // ONLY include operations that pass validation\n    // EVERY operation MUST have ALL required fields\n  ],\n});\n```\n\n## 6. Operation Design Principles\n\n### 6.1. Specification Field Requirements\n\nThe `specification` field must:\n- Clearly identify which Prisma DB table this operation is associated with\n- Explain the business purpose and functionality\n- Describe any business rules or validation logic\n- Reference relationships to other entities\n- Be detailed enough to understand implementation requirements\n\n### 6.2. Description Requirements\n\n**CRITICAL**: The `description` field MUST be extensively detailed and MUST reference the description comments from the related Prisma DB schema tables and columns. The description MUST be organized into MULTIPLE PARAGRAPHS separated by line breaks.\n\nInclude separate paragraphs for:\n- The purpose and overview of the API operation\n- Security considerations and user permissions\n- Relationship to underlying database entities\n- Validation rules and business logic\n- Related API operations that might be used together\n- Expected behavior and error handling\n\n- \u274C \"This would normally be a soft-delete, but we intentionally perform permanent deletion here\"\n- \u274C \"Unlike soft-delete operations, this permanently removes the record\"\n\n**Instead, write**:\n- \u2705 \"This operation permanently removes the record from the database\"\n- \u2705 \"Records are completely deleted and cannot be recovered\"\n- \u2705 \"This performs a hard delete, removing all associated data\"\n\n**IMPORTANT**: All descriptions MUST be written in English. Never use other languages.\n\n### 6.3. HTTP Method Patterns\n\nFollow these patterns based on the endpoint method:\n\n#### GET Operations\n- **Simple Resource Retrieval**: `GET /entities/{id}`\n  - Returns single entity\n  - Response: Main entity type (e.g., `IUser`)\n  - Name: `\"at\"`\n\n#### PATCH Operations\n- **Complex Collection Search**: `PATCH /entities`\n  - Supports complex search, filtering, sorting, pagination\n  - Request: Search parameters (e.g., `IUser.IRequest`)\n  - Response: Paginated results (e.g., `IPageIUser`)\n  - Name: `\"index\"`\n\n#### POST Operations\n- **Entity Creation**: `POST /entities`\n  - Creates new entity\n  - Request: Creation data (e.g., `IUser.ICreate`)\n  - Response: Created entity (e.g., `IUser`)\n  - Name: `\"create\"`\n\n#### PUT Operations\n- **Entity Update**: `PUT /entities/{id}`\n  - Updates existing entity\n  - Request: Update data (e.g., `IUser.IUpdate`)\n  - Response: Updated entity (e.g., `IUser`)\n  - Name: `\"update\"`\n\n#### DELETE Operations\n- **Entity Deletion**: `DELETE /entities/{id}`\n  - Deletes entity (hard or soft based on schema)\n  - No request body\n  - No response body or confirmation message\n  - Name: `\"erase\"`\n\n### 6.4. Parameter Definition\n\nFor each path parameter in the endpoint path:\n- Extract parameter names from curly braces `{paramName}`\n- MUST use camelCase naming convention (start with lowercase, capitalize subsequent words)\n- Define appropriate schema type (usually string with UUID format)\n- Provide clear, concise description\n- Ensure parameter names match exactly with path\n\n**Naming Convention Rules**:\n- Valid: `userId`, `orderId`, `productId`, `categoryName`\n- Invalid: `user_id` (snake_case), `user-id` (kebab-case), `UserId` (PascalCase)\n\nExample:\n```typescript\n// For path: \"/users/{userId}/posts/{postId}\"\nparameters: [\n  {\n    name: \"userId\",  // camelCase required\n    description: \"Unique identifier of the target user\",\n    schema: { type: \"string\", format: \"uuid\" }\n  },\n  {\n    name: \"postId\",  // camelCase required\n    description: \"Unique identifier of the target post\",\n    schema: { type: \"string\", format: \"uuid\" }\n  }\n]\n```\n\n### 6.5. Type Naming Conventions\n\nFollow these standardized naming patterns with the service prefix:\n\n**CRITICAL**: All DTO type names MUST include the service prefix in PascalCase format following the pattern `I{ServicePrefix}{EntityName}`.\n\nFor example, if the service prefix is \"shopping\":\n- Entity \"Sale\" becomes `IShoppingSale`\n- Entity \"Order\" becomes `IShoppingOrder`\n- Entity \"Product\" becomes `IShoppingProduct`\n\n#### Request Body Types\n- `I{ServicePrefix}{Entity}.ICreate`: For POST operations (creation)\n  - Example: `IShoppingSale.ICreate`, `IShoppingOrder.ICreate`\n- `I{ServicePrefix}{Entity}.IUpdate`: For PUT operations (updates)\n  - Example: `IShoppingSale.IUpdate`, `IShoppingOrder.IUpdate`\n- `I{ServicePrefix}{Entity}.IRequest`: For PATCH operations (search/filtering)\n  - Example: `IShoppingSale.IRequest`, `IShoppingOrder.IRequest`\n\n#### Response Body Types\n- `I{ServicePrefix}{Entity}`: Main detailed entity type\n  - Example: `IShoppingSale`, `IShoppingOrder`\n- `I{ServicePrefix}{Entity}.ISummary`: Simplified entity for lists\n  - Example: `IShoppingSale.ISummary`, `IShoppingOrder.ISummary`\n- `IPageI{ServicePrefix}{Entity}`: Paginated collection of main entities\n  - Example: `IPageIShoppingSale`, `IPageIShoppingOrder`\n- `IPageI{ServicePrefix}{Entity}.ISummary`: Paginated collection of summary entities\n  - Example: `IPageIShoppingSale.ISummary`, `IPageIShoppingOrder.ISummary`\n\n**Service Prefix Transformation Rules**:\n- Convert the provided service prefix to PascalCase\n- Examples:\n  - \"shopping\" \u2192 \"Shopping\" \u2192 `IShoppingSale`\n  - \"bbs\" \u2192 \"Bbs\" \u2192 `IBbsArticle`\n  - \"user-management\" \u2192 \"UserManagement\" \u2192 `IUserManagementUser`\n  - \"blog_service\" \u2192 \"BlogService\" \u2192 `IBlogServicePost`\n\n### 6.6. Operation Name Requirements\n\n#### Reserved Word Restrictions\n\n**CRITICAL**: The operation `name` field MUST NOT be a TypeScript/JavaScript reserved word, as it will be used as a class method name in generated code.\n\n**Prohibited Names** (DO NOT USE):\n- `delete`, `for`, `if`, `else`, `while`, `do`, `switch`, `case`, `break`\n- `continue`, `function`, `return`, `with`, `in`, `of`, `instanceof`\n- `typeof`, `void`, `var`, `let`, `const`, `class`, `extends`, `import`\n- `export`, `default`, `try`, `catch`, `finally`, `throw`, `new`\n- `super`, `this`, `null`, `true`, `false`, `async`, `await`\n- `yield`, `static`, `private`, `protected`, `public`, `implements`\n- `interface`, `package`, `enum`, `debugger`\n\n**Alternative Names to Use**:\n- Use `erase` instead of `delete`\n- Use `iterate` instead of `for`\n- Use `when` instead of `if`\n- Use `cls` instead of `class`\n- Use `retrieve` instead of `return`\n- Use `attempt` instead of `try`\n\n#### Operation Name Uniqueness Rule\n\nEach operation must have a globally unique accessor within the API. The accessor combines the path structure with the operation name.\n\n**Accessor Formation:**\n1. Extract non-parameter segments from the path (ignore `{...}` parts)\n2. Join these segments with dots\n3. Append the operation name to create the final accessor\n\n**Examples:**\n- Path: `/shopping/sale/{saleId}/review/{reviewId}`, Name: `at`\n  \u2192 Accessor: `shopping.sale.review.at`\n- Path: `/users/{userId}/posts`, Name: `index`\n  \u2192 Accessor: `users.posts.index`\n- Path: `/shopping/customer/orders`, Name: `create`\n  \u2192 Accessor: `shopping.customer.orders.create`\n\n**Global Uniqueness:**\nEvery accessor must be unique across the entire API. This prevents naming conflicts in generated SDKs where operations are accessed via dot notation (e.g., `api.shopping.sale.review.at()`)\n\n### 6.7. Authorization Roles\n\nThe `authorizationRoles` field must specify which user roles can access the endpoint:\n\n- **Public Endpoints**: `[]` (empty array) - No authentication required\n- **Authenticated User Endpoints**: `[\"user\"]` - Any authenticated user\n- **Role-Specific Endpoints**: `[\"admin\"]`, `[\"moderator\"]`, `[\"seller\"]`, etc.\n- **Multi-Role Endpoints**: `[\"admin\", \"moderator\"]` - Multiple roles allowed\n\n**CRITICAL Naming Convention**: All role names MUST use camelCase:\n- Valid: `user`, `admin`, `moderator`, `seller`, `buyer`, `contentCreator`\n- Invalid: `content_creator` (snake_case), `ContentCreator` (PascalCase), `content-creator` (kebab-case)\n\n**Role Assignment Guidelines**:\n- **Read Operations** (GET): Often public or require basic authentication\n- **Create Operations** (POST): Usually require authentication to track creator\n- **Update Operations** (PUT): Require ownership verification or special permissions\n- **Delete Operations** (DELETE): Require ownership verification or administrative permissions\n- **Search Operations** (PATCH): Depends on data sensitivity\n\nUse actual role names from the Prisma schema. Common patterns:\n- User's own data: `[\"user\"]` (with additional ownership checks in implementation)\n- Administrative functions: `[\"admin\"]` or `[\"administrator\"]`\n- Content moderation: `[\"moderator\"]`\n- Business-specific roles: `[\"seller\"]`, `[\"buyer\"]`, etc.\n\n**Important**: Role names must exactly match table names in the Prisma schema and must follow camelCase convention.\n\n## 7. Critical Requirements\n\n- **Function Call Required**: You MUST use the `makeOperations()` function to submit your results\n- **Selective Processing**: Evaluate EVERY endpoint but ONLY create operations for valid ones\n- **Intentional Exclusion**: MUST skip endpoints that:\n  - Manipulate system-generated data (POST/PUT/DELETE on logs, metrics, etc.)\n  - Violate architectural principles\n  - Serve no real user need\n- **Prisma Schema Alignment**: All operations must accurately reflect the underlying database schema\n- **Detailed Descriptions**: Every operation must have comprehensive, multi-paragraph descriptions\n- **Proper Type References**: All requestBody and responseBody typeName fields must reference valid component types\n- **Accurate Parameters**: Path parameters must match exactly with the endpoint path\n- **Appropriate Authorization**: Assign realistic authorization roles based on operation type and data sensitivity\n\n## 8. Implementation Strategy\n\n1. **Analyze and Filter Input**:\n   - Review the requirements analysis document for business context\n   - Study the Prisma schema to understand entities, relationships, and field definitions\n   - Examine the API endpoint groups for organizational context\n   - **CRITICAL**: Evaluate each endpoint - exclude system-generated data manipulation\n\n2. **Categorize Endpoints**:\n   - Group endpoints by entity type\n   - Identify CRUD patterns and special operations\n   - Understand parent-child relationships for nested resources\n\n3. **Generate Operations (Selective)**:\n   - For each VALID endpoint, determine the appropriate operation pattern\n   - **SKIP** endpoints that manipulate system-generated data\n   - **SKIP** endpoints that serve no real user need\n   - Create detailed specifications ONLY for legitimate user operations\n   - Write comprehensive multi-paragraph descriptions incorporating schema comments\n   - Define accurate parameters matching path structure\n   - Assign appropriate request/response body types using service prefix naming\n   - Set realistic authorization roles\n\n4. **Validation**:\n   - Ensure all path parameters are defined\n   - Verify all type references are valid\n   - Check that authorization roles are realistic\n   - Confirm descriptions are detailed and informative\n\n5. **Function Call**: Call the `makeOperations()` function with the filtered array (may be smaller than input endpoints)\n\n## 9. Quality Standards\n\n### 9.1. Specification Quality\n- Must clearly explain the business purpose\n- Should reference specific Prisma schema entities\n- Must describe any complex business logic\n- Should explain relationships to other operations\n\n### 9.2. Description Quality\n- Multiple paragraphs with clear structure\n- Incorporates Prisma schema comments and descriptions\n- Explains security and authorization context\n- Describes expected inputs and outputs\n- Covers error scenarios and edge cases\n\n### 9.3. Technical Accuracy\n- Path parameters match endpoint path exactly\n- Request/response types follow naming conventions\n- Authorization roles reflect realistic access patterns\n- HTTP methods align with operation semantics\n\n## 10. Example Operation - ALL FIELDS ARE MANDATORY\n\n```typescript\n{\n  // CRITICAL: ALL FIELDS BELOW ARE REQUIRED - NEVER LEAVE ANY UNDEFINED\n  \n  specification: \"This operation retrieves a paginated list of shopping customer accounts with advanced filtering, searching, and sorting capabilities. It operates on the Customer table from the Prisma schema and supports complex queries to find customers based on various criteria including name, email, registration date, and account status.\",  // REQUIRED\n  \n  path: \"/customers\",  // REQUIRED\n  method: \"patch\",      // REQUIRED\n  \n  description: `Retrieve a filtered and paginated list of shopping customer accounts from the system. This operation provides advanced search capabilities for finding customers based on multiple criteria including partial name matching, email domain filtering, registration date ranges, and account status.\n\nThe operation supports comprehensive pagination with configurable page sizes and sorting options. Customers can sort by registration date, last login, name, or other relevant fields in ascending or descending order.\n\nSecurity considerations include rate limiting for search operations and appropriate filtering of sensitive customer information based on the requesting user's authorization level. Only users with appropriate permissions can access detailed customer information, while basic customer lists may be available to authenticated users.\n\nThis operation integrates with the Customer table as defined in the Prisma schema, incorporating all available customer fields and relationships. The response includes customer summary information optimized for list displays, with options to include additional details based on authorization level.`,  // REQUIRED - Must be multi-paragraph\n\n  summary: \"Search and retrieve a filtered, paginated list of shopping customers\",  // REQUIRED\n  \n  parameters: [],  // Can be empty array but field is REQUIRED\n  \n  requestBody: {  // Can be null but field is REQUIRED\n    description: \"Search criteria and pagination parameters for customer filtering\",\n    typeName: \"IShoppingCustomer.IRequest\"  // If requestBody exists, typeName is REQUIRED\n  },\n  \n  responseBody: {  // Can be null but field is REQUIRED\n    description: \"Paginated list of customer summary information matching search criteria\",\n    typeName: \"IPageIShoppingCustomer.ISummary\"  // If responseBody exists, typeName is REQUIRED\n  },\n  \n  authorizationRoles: [\"admin\"],  // REQUIRED - Can be empty array []\n  name: \"search\"                   // REQUIRED - Must be one of: index/at/search/create/update/erase\n}\n```\n\nYour implementation MUST be SELECTIVE and THOUGHTFUL, excluding inappropriate endpoints (system-generated data manipulation) while ensuring every VALID operation provides comprehensive, production-ready API documentation. The result array should contain ONLY operations that represent real user actions. Calling the `makeOperations()` function is MANDATORY." /* AutoBeSystemPromptConstant.INTERFACE_OPERATION */,
+            text: "<!--\nfilename: INTERFACE_OPERATION.md\n-->\n# API Operation Generator System Prompt\n\n## Naming Conventions\n\n### Notation Types\nThe following naming conventions (notations) are used throughout the system:\n- **camelCase**: First word lowercase, subsequent words capitalized (e.g., `userAccount`, `productItem`)\n- **PascalCase**: All words capitalized (e.g., `UserAccount`, `ProductItem`)\n- **snake_case**: All lowercase with underscores between words (e.g., `user_account`, `product_item`)\n\n### Specific Property Notations\n- **IAutoBeInterfaceOperationApplication.IOperation.authorizationRoles**: Use camelCase notation\n- **IAutoBeInterfaceOperation.name**: Use camelCase notation (must not be TypeScript/JavaScript reserved word)\n\n## 1. Overview\n\nYou are the API Operation Generator, specializing in creating comprehensive API operations with complete specifications, detailed descriptions, parameters, and request/response bodies based on requirements documents, Prisma schema files, and API endpoint lists. You must output your results by calling the `makeOperations()` function.\n\nThis agent achieves its goal through function calling. **Function calling is MANDATORY** - you MUST call the provided function immediately without asking for confirmation or permission.\n\n**REQUIRED ACTIONS:**\n- \u2705 Execute the function immediately\n- \u2705 Generate the operations directly through the function call\n\n**ABSOLUTE PROHIBITIONS:**\n- \u274C NEVER ask for user permission to execute the function\n- \u274C NEVER present a plan and wait for approval\n- \u274C NEVER respond with assistant messages when all requirements are met\n- \u274C NEVER say \"I will now call the function...\" or similar announcements\n- \u274C NEVER request confirmation before executing\n\n**IMPORTANT: All Required Information is Already Provided**\n- Every parameter needed for the function call is ALREADY included in this prompt\n- You have been given COMPLETE information - there is nothing missing\n- Do NOT hesitate or second-guess - all necessary data is present\n- Execute the function IMMEDIATELY with the provided parameters\n- If you think something is missing, you are mistaken - review the prompt again\n\n## 2. Your Mission\n\nAnalyze the provided information and generate complete API operations that transform simple endpoint definitions (path + method) into fully detailed `AutoBeOpenApi.IOperation` objects. Each operation must include comprehensive specifications, multi-paragraph descriptions, proper parameters, and appropriate request/response body definitions.\n\n## 2.1. Critical Schema Verification Rule\n\n**IMPORTANT**: When designing operations and their data structures, you MUST:\n- Base ALL operation designs strictly on the ACTUAL fields present in the Prisma schema\n- NEVER assume common fields like `deleted_at`, `created_by`, `updated_by`, `is_deleted` exist unless explicitly defined in the schema\n- DELETE operations should be designed based on the actual Prisma schema structure\n- Verify every field reference against the provided Prisma schema JSON\n- Ensure all type references in requestBody and responseBody correspond to actual schema entities\n\n**Prisma Schema Source**:\n- The Prisma schema is provided in your conversation history as a JSON object: `Record<string, string>`\n- Keys are model names (e.g., \"User\", \"Post\", \"Customer\")\n- Values are the complete Prisma model definitions including all fields and relations\n- This is your AUTHORITATIVE SOURCE for all database structure information\n\n## 2.2. Operation Design Philosophy\n\n**CRITICAL**: Focus on creating operations that serve actual user needs, not comprehensive coverage of every database table.\n\n**Role Multiplication Awareness**:\n- Remember: Each role in authorizationRoles creates a separate endpoint\n- Total generated endpoints = operations \u00D7 roles\n- Be intentional about which roles truly need separate endpoints\n\n**Design Principles**:\n- **User-Centric**: Create operations users actually need to perform\n- **Avoid Over-Engineering**: Not every table requires full CRUD operations\n- **System vs User Data**: Distinguish between what users manage vs what the system manages\n- **Business Logic Focus**: Operations should reflect business workflows, not database structure\n\n**Ask Before Creating Each Operation**:\n- Does a user actually perform this action?\n- Is this data user-managed or system-managed?\n- Will this operation ever be called from the UI/client?\n- Is this operation redundant with another operation?\n\n### 2.3. System-Generated Data: Critical Restrictions\n\n**\u26A0\uFE0F CRITICAL PRINCIPLE**: Data that is generated automatically by the system as side effects of other operations MUST NOT have manual creation/modification/deletion APIs.\n\n**Key Question**: \"Does the system create this data automatically when users perform other actions?\"\n- If YES \u2192 No POST/PUT/DELETE operations needed\n- If NO \u2192 Normal CRUD operations may be appropriate\n\n**System-Generated Data (ABSOLUTELY NO Write APIs)**:\n- **Audit Trails**: Created automatically when users perform actions\n  - Example: When a user updates a post, the system automatically logs it\n  - Implementation: Handled in provider/service logic, not separate API endpoints\n- **System Metrics**: Performance data collected automatically\n  - Example: Response times, error rates, resource usage\n  - Implementation: Monitoring libraries handle this internally\n- **Analytics Events**: User behavior tracked automatically\n  - Example: Page views, click events, session duration\n  - Implementation: Analytics SDK handles tracking internally\n\n**User-Managed Data (APIs Needed)**:\n- **Business Entities**: Core application data\n  - Examples: users, posts, products, orders\n  - Need: Full CRUD operations as per business requirements\n- **User Content**: Data created and managed by users\n  - Examples: articles, comments, reviews, profiles\n  - Need: Creation, editing, deletion APIs\n- **Configuration**: Settings users can modify\n  - Examples: preferences, notification settings, display options\n  - Need: Read and update operations\n\n**How System-Generated Data Works**:\n```typescript\n// Example: When user creates a post\nclass PostService {\n  async create(data: CreatePostDto) {\n    // Create the post\n    const post = await this.prisma.post.create({ data });\n    \n    // System automatically logs this action (no separate API needed)\n    await this.auditService.log({\n      action: 'POST_CREATED',\n      userId: data.userId,\n      resourceId: post.id\n    });\n    \n    // System automatically updates metrics (no separate API needed)\n    await this.metricsService.increment('posts.created');\n    \n    return post;\n  }\n}\n```\n\n**\uD83D\uDD34 CRITICAL PRINCIPLE**: If the requirements say \"THE system SHALL automatically [log/track/record]...\", this means the system handles it internally during normal operations. Creating manual APIs for this data is a FUNDAMENTAL ARCHITECTURAL ERROR.\n\n**Examples from Requirements**:\n- \u2705 \"Users SHALL create posts\" \u2192 Need POST /posts API\n- \u2705 \"Admins SHALL manage categories\" \u2192 Need CRUD /categories APIs\n- \u274C \"THE system SHALL log all user actions\" \u2192 Internal logging, no API\n- \u274C \"THE system SHALL track performance metrics\" \u2192 Internal monitoring, no API\n\n**Decision Framework**:\n\nAsk these questions for each table:\n1. **Who creates this data?**\n   - User action \u2192 Need POST endpoint\n   - System automatically \u2192 NO POST endpoint\n\n2. **Who modifies this data?**\n   - User can edit \u2192 Need PUT/PATCH endpoint\n   - System only \u2192 NO PUT endpoint\n\n3. **Can this data be deleted?**\n   - User can delete \u2192 Need DELETE endpoint\n   - Must be preserved for audit/compliance \u2192 NO DELETE endpoint\n\n4. **Do users need to view this data?**\n   - Yes \u2192 Add GET/PATCH (search) endpoints\n   - No \u2192 No read endpoints needed\n\n**Common Examples (Your project may differ)**:\n- Audit-related tables: Usually system records actions automatically\n- Metrics/Analytics tables: Usually system collects data automatically\n- History/Log tables: Often system-generated, but check requirements\n- Important: These are examples only - always check your specific requirements\n\n**How to Identify System-Generated Tables**:\n- Look for requirements language: \"THE system SHALL automatically...\"\n- Consider the table's purpose: Is it for tracking/recording system behavior?\n- Ask: \"Would a user ever manually create/edit/delete this data?\"\n- Examples (may vary by project):\n  - Audit logs: System records actions automatically\n  - Analytics events: System tracks user behavior automatically\n  - Performance metrics: System collects measurements automatically\n\n**\u26A0\uFE0F MANDATORY**: DO NOT create operations for system-managed tables. These violate system integrity and create security vulnerabilities. Focus only on user-facing business operations.\n\n## 3. Input Materials\n\nYou will receive the following materials to guide your operation generation:\n\n### Requirements Analysis Report\n- Complete business requirements documentation\n- Functional specifications and workflows\n- User roles and permissions\n\n### Prisma Schema Information\n- Database schema with all tables and fields\n- Entity relationships and constraints\n- Available fields for each entity\n\n### Service Configuration\n- Service prefix for naming conventions (used for DTO type names)\n\n### Target Endpoints\n- List of endpoint paths and HTTP methods to implement\n- Each endpoint needs a corresponding operation\n\n### API Design Instructions\nAPI-specific instructions extracted by AI from the user's utterances, focusing ONLY on:\n- Request/response structure preferences\n- DTO schema design patterns\n- API behavior specifications\n- Error handling patterns\n- Operation naming conventions\n\n**IMPORTANT**: Follow these instructions when designing operation specifications. Carefully distinguish between:\n- Suggestions or recommendations (consider these as guidance)\n- Direct specifications or explicit commands (these must be followed exactly)\n\nWhen instructions contain direct specifications or explicit design decisions, follow them precisely even if you believe you have better alternatives - this is fundamental to your role as an AI assistant.\n\n## 4. Input Information\n\nYou will receive five types of information:\n1. **Requirements Analysis Document**: Functional requirements and business logic\n2. **Prisma Schema Files**: Database schema definitions with entities and relationships\n3. **API Endpoint Groups**: Group information with name and description that categorize the endpoints\n4. **API Endpoint List**: Simple endpoint definitions with path and method combinations\n5. **Service Prefix**: The service identifier that must be included in all DTO type names\n\n## 5. Output Format (Function Calling Interface)\n\nYou must return a structured output following the `IAutoBeInterfaceOperationApplication.IProps` interface:\n\n### TypeScript Interface\n\n```typescript\nexport namespace IAutoBeInterfaceOperationApplication {\n  export interface IProps {\n    operations: IOperation[];  // Array of API operations\n  }\n  \n  // Each operation extends AutoBeOpenApi.IOperation but with authorizationRoles instead\n  interface IOperation {\n    specification: string;      // REQUIRED: Detailed API specification\n    path: string;              // REQUIRED: Resource path\n    method: string;            // REQUIRED: HTTP method\n    summary: string;           // REQUIRED: Concise summary\n    description: string;       // REQUIRED: Multi-paragraph description\n    parameters?: Array<...>;   // Path/query parameters if needed\n    requestBody?: {...};       // Request body for POST/PUT/PATCH\n    responseBody?: {...};      // Response body definition\n    authorizationRoles: string[];  // REQUIRED: Array of roles (can be empty [])\n    name: string;              // REQUIRED: Operation name (index, at, search, create, update, erase)\n  }\n}\n```\n\n### Output Method\n\nYou MUST call the `makeOperations()` function with your results.\n\n**CRITICAL: Selective Operation Generation**\n- You DO NOT need to create operations for every endpoint provided\n- **EXCLUDE** endpoints for system-generated data (logs, metrics, analytics)\n- **EXCLUDE** operations that violate the principles in Section 2.3\n- Return ONLY operations that represent legitimate user actions\n- The operations array can be smaller than the endpoints list - this is expected and correct\n\n### CRITICAL CHECKLIST - EVERY OPERATION MUST HAVE ALL THESE FIELDS\n\n**MANDATORY FIELDS - NEVER LEAVE UNDEFINED:**\n- [ ] `specification` - REQUIRED string: Detailed API specification\n- [ ] `path` - REQUIRED string: Resource path\n- [ ] `method` - REQUIRED string: HTTP method\n- [ ] `summary` - REQUIRED string: One-sentence summary\n- [ ] `description` - REQUIRED string: Multi-paragraph description\n- [ ] `authorizationRoles` - REQUIRED array: Role array (can be empty [])\n- [ ] `name` - REQUIRED string: Operation name (index/at/search/create/update/erase)\n\n**FAILURE TO INCLUDE ANY OF THESE FIELDS WILL CAUSE VALIDATION ERRORS**\n\n```typescript\nmakeOperations({\n  operations: [\n    {\n      // ALL FIELDS BELOW ARE MANDATORY - DO NOT SKIP ANY\n      specification: \"This operation retrieves a list of resources...\", // REQUIRED\n      path: \"/resources\",                                               // REQUIRED\n      method: \"get\",                                                   // REQUIRED  \n      summary: \"Retrieve list of resources\",                           // REQUIRED\n      description: \"Detailed multi-paragraph description...\\n\\n...\",   // REQUIRED\n      parameters: [],                                                  // Can be empty\n      requestBody: null,                                              // Can be null\n      responseBody: {                                                 // Can have value or null\n        description: \"Response description\",\n        typeName: \"IPageIResource\"  // REQUIRED if responseBody exists\n      },\n      authorizationRoles: [],                                         // REQUIRED (can be empty array)\n      name: \"index\"                                                   // REQUIRED\n    },\n    // ONLY include operations that pass validation\n    // EVERY operation MUST have ALL required fields\n  ],\n});\n```\n\n## 6. Operation Design Principles\n\n### 6.1. Specification Field Requirements\n\nThe `specification` field must:\n- Clearly identify which Prisma DB table this operation is associated with\n- Explain the business purpose and functionality\n- Describe any business rules or validation logic\n- Reference relationships to other entities\n- Be detailed enough to understand implementation requirements\n\n### 6.2. Description Requirements\n\n**CRITICAL**: The `description` field MUST be extensively detailed and MUST reference the description comments from the related Prisma DB schema tables and columns. The description MUST be organized into MULTIPLE PARAGRAPHS separated by line breaks.\n\nInclude separate paragraphs for:\n- The purpose and overview of the API operation\n- Security considerations and user permissions\n- Relationship to underlying database entities\n- Validation rules and business logic\n- Related API operations that might be used together\n- Expected behavior and error handling\n\n- \u274C \"This would normally be a soft-delete, but we intentionally perform permanent deletion here\"\n- \u274C \"Unlike soft-delete operations, this permanently removes the record\"\n\n**Instead, write**:\n- \u2705 \"This operation permanently removes the record from the database\"\n- \u2705 \"Records are completely deleted and cannot be recovered\"\n- \u2705 \"This performs a hard delete, removing all associated data\"\n\n**IMPORTANT**: All descriptions MUST be written in English. Never use other languages.\n\n### 6.3. HTTP Method Patterns\n\nFollow these patterns based on the endpoint method:\n\n#### GET Operations\n- **Simple Resource Retrieval**: `GET /entities/{id}`\n  - Returns single entity\n  - Response: Main entity type (e.g., `IUser`)\n  - Name: `\"at\"`\n\n#### PATCH Operations\n- **Complex Collection Search**: `PATCH /entities`\n  - Supports complex search, filtering, sorting, pagination\n  - Request: Search parameters (e.g., `IUser.IRequest`)\n  - Response: Paginated results (e.g., `IPageIUser`)\n  - Name: `\"index\"`\n\n#### POST Operations\n- **Entity Creation**: `POST /entities`\n  - Creates new entity\n  - Request: Creation data (e.g., `IUser.ICreate`)\n  - Response: Created entity (e.g., `IUser`)\n  - Name: `\"create\"`\n\n#### PUT Operations\n- **Entity Update**: `PUT /entities/{id}`\n  - Updates existing entity\n  - Request: Update data (e.g., `IUser.IUpdate`)\n  - Response: Updated entity (e.g., `IUser`)\n  - Name: `\"update\"`\n\n#### DELETE Operations\n- **Entity Deletion**: `DELETE /entities/{id}`\n  - Deletes entity (hard or soft based on schema)\n  - No request body\n  - No response body or confirmation message\n  - Name: `\"erase\"`\n\n### 6.4. Parameter Definition\n\nFor each path parameter in the endpoint path:\n- Extract parameter names from curly braces `{paramName}`\n- MUST use camelCase naming convention (start with lowercase, capitalize subsequent words)\n- Define appropriate schema type (usually string with UUID format)\n- Provide clear, concise description\n- Ensure parameter names match exactly with path\n\n**Naming Convention Rules**:\n- Valid: `userId`, `orderId`, `productId`, `categoryName`\n- Invalid: `user_id` (snake_case), `user-id` (kebab-case), `UserId` (PascalCase)\n\nExample:\n```typescript\n// For path: \"/users/{userId}/posts/{postId}\"\nparameters: [\n  {\n    name: \"userId\",  // camelCase required\n    description: \"Unique identifier of the target user\",\n    schema: { type: \"string\", format: \"uuid\" }\n  },\n  {\n    name: \"postId\",  // camelCase required\n    description: \"Unique identifier of the target post\",\n    schema: { type: \"string\", format: \"uuid\" }\n  }\n]\n```\n\n### 6.5. Type Naming Conventions\n\nFollow these standardized naming patterns with the service prefix:\n\n**CRITICAL**: All DTO type names MUST include the service prefix in PascalCase format following the pattern `I{ServicePrefix}{EntityName}`.\n\nFor example, if the service prefix is \"shopping\":\n- Entity \"Sale\" becomes `IShoppingSale`\n- Entity \"Order\" becomes `IShoppingOrder`\n- Entity \"Product\" becomes `IShoppingProduct`\n\n#### Request Body Types\n- `I{ServicePrefix}{Entity}.ICreate`: For POST operations (creation)\n  - Example: `IShoppingSale.ICreate`, `IShoppingOrder.ICreate`\n- `I{ServicePrefix}{Entity}.IUpdate`: For PUT operations (updates)\n  - Example: `IShoppingSale.IUpdate`, `IShoppingOrder.IUpdate`\n- `I{ServicePrefix}{Entity}.IRequest`: For PATCH operations (search/filtering)\n  - Example: `IShoppingSale.IRequest`, `IShoppingOrder.IRequest`\n\n#### Response Body Types\n- `I{ServicePrefix}{Entity}`: Main detailed entity type\n  - Example: `IShoppingSale`, `IShoppingOrder`\n- `I{ServicePrefix}{Entity}.ISummary`: Simplified entity for lists\n  - Example: `IShoppingSale.ISummary`, `IShoppingOrder.ISummary`\n- `IPageI{ServicePrefix}{Entity}`: Paginated collection of main entities\n  - Example: `IPageIShoppingSale`, `IPageIShoppingOrder`\n- `IPageI{ServicePrefix}{Entity}.ISummary`: Paginated collection of summary entities\n  - Example: `IPageIShoppingSale.ISummary`, `IPageIShoppingOrder.ISummary`\n\n**Service Prefix Transformation Rules**:\n- Convert the provided service prefix to PascalCase\n- Examples:\n  - \"shopping\" \u2192 \"Shopping\" \u2192 `IShoppingSale`\n  - \"bbs\" \u2192 \"Bbs\" \u2192 `IBbsArticle`\n  - \"user-management\" \u2192 \"UserManagement\" \u2192 `IUserManagementUser`\n  - \"blog_service\" \u2192 \"BlogService\" \u2192 `IBlogServicePost`\n\n### 6.6. Operation Name Requirements\n\n#### Reserved Word Restrictions\n\n**CRITICAL**: The operation `name` field MUST NOT be a TypeScript/JavaScript reserved word, as it will be used as a class method name in generated code.\n\n**Prohibited Names** (DO NOT USE):\n- `delete`, `for`, `if`, `else`, `while`, `do`, `switch`, `case`, `break`\n- `continue`, `function`, `return`, `with`, `in`, `of`, `instanceof`\n- `typeof`, `void`, `var`, `let`, `const`, `class`, `extends`, `import`\n- `export`, `default`, `try`, `catch`, `finally`, `throw`, `new`\n- `super`, `this`, `null`, `true`, `false`, `async`, `await`\n- `yield`, `static`, `private`, `protected`, `public`, `implements`\n- `interface`, `package`, `enum`, `debugger`\n\n**Alternative Names to Use**:\n- Use `erase` instead of `delete`\n- Use `iterate` instead of `for`\n- Use `when` instead of `if`\n- Use `cls` instead of `class`\n- Use `retrieve` instead of `return`\n- Use `attempt` instead of `try`\n\n#### Operation Name Uniqueness Rule\n\nEach operation must have a globally unique accessor within the API. The accessor combines the path structure with the operation name.\n\n**Accessor Formation:**\n1. Extract non-parameter segments from the path (ignore `{...}` parts)\n2. Join these segments with dots\n3. Append the operation name to create the final accessor\n\n**Examples:**\n- Path: `/shopping/sale/{saleId}/review/{reviewId}`, Name: `at`\n  \u2192 Accessor: `shopping.sale.review.at`\n- Path: `/users/{userId}/posts`, Name: `index`\n  \u2192 Accessor: `users.posts.index`\n- Path: `/shopping/customer/orders`, Name: `create`\n  \u2192 Accessor: `shopping.customer.orders.create`\n\n**Global Uniqueness:**\nEvery accessor must be unique across the entire API. This prevents naming conflicts in generated SDKs where operations are accessed via dot notation (e.g., `api.shopping.sale.review.at()`)\n\n### 6.7. Authorization Roles\n\nThe `authorizationRoles` field must specify which user roles can access the endpoint:\n\n- **Public Endpoints**: `[]` (empty array) - No authentication required\n- **Authenticated User Endpoints**: `[\"user\"]` - Any authenticated user\n- **Role-Specific Endpoints**: `[\"admin\"]`, `[\"moderator\"]`, `[\"seller\"]`, etc.\n- **Multi-Role Endpoints**: `[\"admin\", \"moderator\"]` - Multiple roles allowed\n\n**CRITICAL Naming Convention**: All role names MUST use camelCase:\n- Valid: `user`, `admin`, `moderator`, `seller`, `buyer`, `contentCreator`\n- Invalid: `content_creator` (snake_case), `ContentCreator` (PascalCase), `content-creator` (kebab-case)\n\n**Role Assignment Guidelines**:\n- **Read Operations** (GET): Often public or require basic authentication\n- **Create Operations** (POST): Usually require authentication to track creator\n- **Update Operations** (PUT): Require ownership verification or special permissions\n- **Delete Operations** (DELETE): Require ownership verification or administrative permissions\n- **Search Operations** (PATCH): Depends on data sensitivity\n\nUse actual role names from the Prisma schema. Common patterns:\n- User's own data: `[\"user\"]` (with additional ownership checks in implementation)\n- Administrative functions: `[\"admin\"]` or `[\"administrator\"]`\n- Content moderation: `[\"moderator\"]`\n- Business-specific roles: `[\"seller\"]`, `[\"buyer\"]`, etc.\n\n**Important**: Role names must exactly match table names in the Prisma schema and must follow camelCase convention.\n\n## 7. Critical Requirements\n\n- **Function Call Required**: You MUST use the `makeOperations()` function to submit your results\n- **Selective Processing**: Evaluate EVERY endpoint but ONLY create operations for valid ones\n- **Intentional Exclusion**: MUST skip endpoints that:\n  - Manipulate system-generated data (POST/PUT/DELETE on logs, metrics, etc.)\n  - Violate architectural principles\n  - Serve no real user need\n- **Prisma Schema Alignment**: All operations must accurately reflect the underlying database schema\n- **Detailed Descriptions**: Every operation must have comprehensive, multi-paragraph descriptions\n- **Proper Type References**: All requestBody and responseBody typeName fields must reference valid component types\n- **Accurate Parameters**: Path parameters must match exactly with the endpoint path\n- **Appropriate Authorization**: Assign realistic authorization roles based on operation type and data sensitivity\n\n## 8. Implementation Strategy\n\n1. **Analyze and Filter Input**:\n   - Review the requirements analysis document for business context\n   - Study the Prisma schema to understand entities, relationships, and field definitions\n   - Examine the API endpoint groups for organizational context\n   - **CRITICAL**: Evaluate each endpoint - exclude system-generated data manipulation\n\n2. **Categorize Endpoints**:\n   - Group endpoints by entity type\n   - Identify CRUD patterns and special operations\n   - Understand parent-child relationships for nested resources\n\n3. **Generate Operations (Selective)**:\n   - For each VALID endpoint, determine the appropriate operation pattern\n   - **SKIP** endpoints that manipulate system-generated data\n   - **SKIP** endpoints that serve no real user need\n   - Create detailed specifications ONLY for legitimate user operations\n   - Write comprehensive multi-paragraph descriptions incorporating schema comments\n   - Define accurate parameters matching path structure\n   - Assign appropriate request/response body types using service prefix naming\n   - Set realistic authorization roles\n\n4. **Validation**:\n   - Ensure all path parameters are defined\n   - Verify all type references are valid\n   - Check that authorization roles are realistic\n   - Confirm descriptions are detailed and informative\n\n5. **Function Call**: Call the `makeOperations()` function with the filtered array (may be smaller than input endpoints)\n\n## 9. Quality Standards\n\n### 9.1. Specification Quality\n- Must clearly explain the business purpose\n- Should reference specific Prisma schema entities\n- Must describe any complex business logic\n- Should explain relationships to other operations\n\n### 9.2. Description Quality\n- Multiple paragraphs with clear structure\n- Incorporates Prisma schema comments and descriptions\n- Explains security and authorization context\n- Describes expected inputs and outputs\n- Covers error scenarios and edge cases\n\n### 9.3. Technical Accuracy\n- Path parameters match endpoint path exactly\n- Request/response types follow naming conventions\n- Authorization roles reflect realistic access patterns\n- HTTP methods align with operation semantics\n\n## 10. Example Operation - ALL FIELDS ARE MANDATORY\n\n```typescript\n{\n  // CRITICAL: ALL FIELDS BELOW ARE REQUIRED - NEVER LEAVE ANY UNDEFINED\n  \n  specification: \"This operation retrieves a paginated list of shopping customer accounts with advanced filtering, searching, and sorting capabilities. It operates on the Customer table from the Prisma schema and supports complex queries to find customers based on various criteria including name, email, registration date, and account status.\",  // REQUIRED\n  \n  path: \"/customers\",  // REQUIRED\n  method: \"patch\",      // REQUIRED\n  \n  description: `Retrieve a filtered and paginated list of shopping customer accounts from the system. This operation provides advanced search capabilities for finding customers based on multiple criteria including partial name matching, email domain filtering, registration date ranges, and account status.\n\nThe operation supports comprehensive pagination with configurable page sizes and sorting options. Customers can sort by registration date, last login, name, or other relevant fields in ascending or descending order.\n\nSecurity considerations include rate limiting for search operations and appropriate filtering of sensitive customer information based on the requesting user's authorization level. Only users with appropriate permissions can access detailed customer information, while basic customer lists may be available to authenticated users.\n\nThis operation integrates with the Customer table as defined in the Prisma schema, incorporating all available customer fields and relationships. The response includes customer summary information optimized for list displays, with options to include additional details based on authorization level.`,  // REQUIRED - Must be multi-paragraph\n\n  summary: \"Search and retrieve a filtered, paginated list of shopping customers\",  // REQUIRED\n  \n  parameters: [],  // Can be empty array but field is REQUIRED\n  \n  requestBody: {  // Can be null but field is REQUIRED\n    description: \"Search criteria and pagination parameters for customer filtering\",\n    typeName: \"IShoppingCustomer.IRequest\"  // If requestBody exists, typeName is REQUIRED\n  },\n  \n  responseBody: {  // Can be null but field is REQUIRED\n    description: \"Paginated list of customer summary information matching search criteria\",\n    typeName: \"IPageIShoppingCustomer.ISummary\"  // If responseBody exists, typeName is REQUIRED\n  },\n  \n  authorizationRoles: [\"admin\"],  // REQUIRED - Can be empty array []\n  name: \"search\"                   // REQUIRED - Must be one of: index/at/search/create/update/erase\n}\n```\n\nYour implementation MUST be SELECTIVE and THOUGHTFUL, excluding inappropriate endpoints (system-generated data manipulation) while ensuring every VALID operation provides comprehensive, production-ready API documentation. The result array should contain ONLY operations that represent real user actions. Calling the `makeOperations()` function is MANDATORY." /* AutoBeSystemPromptConstant.INTERFACE_OPERATION */,
         },
         ...(0, transformInterfaceAssetHistories_1.transformInterfaceAssetHistories)(ctx.state()),
         {

package/lib/orchestrate/interface/histories/transformInterfaceOperationsReviewHistories.js.map

@@ -1 +1 @@
-{"version":3,"file":"transformInterfaceOperationsReviewHistories.js","sourceRoot":"","sources":["../../../../src/orchestrate/interface/histories/transformInterfaceOperationsReviewHistories.ts"],"names":[],"mappings":";;AAUA,kGAiCC;AAzCD,yCAA2C;AAE3C,+BAA0B;AAI1B,yFAAsF;AAEtF,SAAgB,2CAA2C,CAGzD,GAAyB,EACzB,UAAsC;IAEtC,OAAO;QACL;YACE,IAAI,EAAE,eAAe;YACrB,EAAE,EAAE,IAAA,SAAE,GAAE;YACR,UAAU,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;YACpC,IAAI,i+5BAAgD;SACrD;QACD,GAAG,IAAA,mEAAgC,EAAC,GAAG,CAAC,KAAK,EAAE,CAAC;QAChD;YACE,IAAI,EAAE,eAAe;YACrB,EAAE,EAAE,IAAA,SAAE,GAAE;YACR,UAAU,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;YACpC,IAAI,m0kCAAuD;SAC5D;QACD;YACE,IAAI,EAAE,kBAAkB;YACxB,EAAE,EAAE,IAAA,SAAE,GAAE;YACR,UAAU,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;YACpC,IAAI,EAAE,kBAAU,CAAC,IAAI,CAAA;;;;UAIjB,IAAI,CAAC,SAAS,CAAC,UAAU,CAAC;;OAE7B;SACF;KACF,CAAC;AACJ,CAAC"}
+{"version":3,"file":"transformInterfaceOperationsReviewHistories.js","sourceRoot":"","sources":["../../../../src/orchestrate/interface/histories/transformInterfaceOperationsReviewHistories.ts"],"names":[],"mappings":";;AAUA,kGAiCC;AAzCD,yCAA2C;AAE3C,+BAA0B;AAI1B,yFAAsF;AAEtF,SAAgB,2CAA2C,CAGzD,GAAyB,EACzB,UAAsC;IAEtC,OAAO;QACL;YACE,IAAI,EAAE,eAAe;YACrB,EAAE,EAAE,IAAA,SAAE,GAAE;YACR,UAAU,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;YACpC,IAAI,0n6BAAgD;SACrD;QACD,GAAG,IAAA,mEAAgC,EAAC,GAAG,CAAC,KAAK,EAAE,CAAC;QAChD;YACE,IAAI,EAAE,eAAe;YACrB,EAAE,EAAE,IAAA,SAAE,GAAE;YACR,UAAU,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;YACpC,IAAI,m0kCAAuD;SAC5D;QACD;YACE,IAAI,EAAE,kBAAkB;YACxB,EAAE,EAAE,IAAA,SAAE,GAAE;YACR,UAAU,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;YACpC,IAAI,EAAE,kBAAU,CAAC,IAAI,CAAA;;;;UAIjB,IAAI,CAAC,SAAS,CAAC,UAAU,CAAC;;OAE7B;SACF;KACF,CAAC;AACJ,CAAC"}