@autobe/agent 0.26.0 → 0.28.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (205) hide show
  1. package/lib/AutoBeAgent.d.ts +2 -1
  2. package/lib/AutoBeAgent.js +27 -7
  3. package/lib/AutoBeAgent.js.map +1 -1
  4. package/lib/AutoBeMockAgent.js +2 -4
  5. package/lib/AutoBeMockAgent.js.map +1 -1
  6. package/lib/constants/AutoBeSystemPromptConstant.d.ts +11 -11
  7. package/lib/context/AutoBeContext.d.ts +4 -1
  8. package/lib/context/AutoBeTokenUsage.d.ts +1 -1
  9. package/lib/context/AutoBeTokenUsage.js.map +1 -1
  10. package/lib/context/assertSchemaModel.d.ts +1 -1
  11. package/lib/context/assertSchemaModel.js +4 -7
  12. package/lib/context/assertSchemaModel.js.map +1 -1
  13. package/lib/factory/AutoBeFunctionCallingMetricFactory.d.ts +7 -0
  14. package/lib/factory/AutoBeFunctionCallingMetricFactory.js +35 -0
  15. package/lib/factory/AutoBeFunctionCallingMetricFactory.js.map +1 -0
  16. package/lib/factory/AutoBeProcessAggregateFactory.d.ts +13 -0
  17. package/lib/factory/AutoBeProcessAggregateFactory.js +100 -0
  18. package/lib/factory/AutoBeProcessAggregateFactory.js.map +1 -0
  19. package/lib/factory/createAutoBeContext.d.ts +2 -1
  20. package/lib/factory/createAutoBeContext.js +78 -27
  21. package/lib/factory/createAutoBeContext.js.map +1 -1
  22. package/lib/index.mjs +24065 -12997
  23. package/lib/index.mjs.map +1 -1
  24. package/lib/orchestrate/analyze/histories/transformAnalyzeScenarioHistories.js +1 -1
  25. package/lib/orchestrate/analyze/histories/transformAnalyzeScenarioHistories.js.map +1 -1
  26. package/lib/orchestrate/analyze/orchestrateAnalyze.js +1 -0
  27. package/lib/orchestrate/analyze/orchestrateAnalyze.js.map +1 -1
  28. package/lib/orchestrate/analyze/orchestrateAnalyzeReview.js +166 -87
  29. package/lib/orchestrate/analyze/orchestrateAnalyzeReview.js.map +1 -1
  30. package/lib/orchestrate/analyze/orchestrateAnalyzeScenario.js +639 -322
  31. package/lib/orchestrate/analyze/orchestrateAnalyzeScenario.js.map +1 -1
  32. package/lib/orchestrate/analyze/orchestrateAnalyzeWrite.js +146 -76
  33. package/lib/orchestrate/analyze/orchestrateAnalyzeWrite.js.map +1 -1
  34. package/lib/orchestrate/analyze/structures/IAutoBeAnalyzeReviewApplication.d.ts +17 -52
  35. package/lib/orchestrate/analyze/structures/IAutoBeAnalyzeScenarioApplication.d.ts +25 -22
  36. package/lib/orchestrate/analyze/structures/IAutoBeAnalyzeWriteApplication.d.ts +7 -23
  37. package/lib/orchestrate/common/orchestrateCommonCorrectCasting.d.ts +2 -1
  38. package/lib/orchestrate/common/orchestrateCommonCorrectCasting.js +168 -4
  39. package/lib/orchestrate/common/orchestrateCommonCorrectCasting.js.map +1 -1
  40. package/lib/{factory/createAutoBeApplication.d.ts → orchestrate/facade/createAutoBeFacadeController.d.ts} +2 -2
  41. package/lib/orchestrate/facade/createAutoBeFacadeController.js +1308 -0
  42. package/lib/orchestrate/facade/createAutoBeFacadeController.js.map +1 -0
  43. package/lib/orchestrate/facade/histories/IAutoBeFacadeApplication.js.map +1 -0
  44. package/lib/orchestrate/facade/histories/IAutoBeFacadeApplicationProps.js.map +1 -0
  45. package/lib/orchestrate/facade/histories/IAutoBeFacadeApplicationResult.js.map +1 -0
  46. package/lib/orchestrate/facade/{transformFacadeStateMessage.d.ts → structures/transformFacadeStateMessage.d.ts} +1 -1
  47. package/lib/orchestrate/facade/structures/transformFacadeStateMessage.js.map +1 -0
  48. package/lib/orchestrate/interface/histories/transformInterfaceComplementHistories.js +2 -2
  49. package/lib/orchestrate/interface/histories/transformInterfaceComplementHistories.js.map +1 -1
  50. package/lib/orchestrate/interface/histories/transformInterfaceEndpointHistories.js +1 -1
  51. package/lib/orchestrate/interface/histories/transformInterfaceEndpointHistories.js.map +1 -1
  52. package/lib/orchestrate/interface/histories/transformInterfaceEndpointsReviewHistories.js +3 -2
  53. package/lib/orchestrate/interface/histories/transformInterfaceEndpointsReviewHistories.js.map +1 -1
  54. package/lib/orchestrate/interface/histories/transformInterfaceGroupHistories.js +1 -1
  55. package/lib/orchestrate/interface/histories/transformInterfaceGroupHistories.js.map +1 -1
  56. package/lib/orchestrate/interface/histories/transformInterfaceOperationHistories.js +1 -1
  57. package/lib/orchestrate/interface/histories/transformInterfaceOperationHistories.js.map +1 -1
  58. package/lib/orchestrate/interface/histories/transformInterfaceOperationsReviewHistories.js +2 -2
  59. package/lib/orchestrate/interface/histories/transformInterfaceOperationsReviewHistories.js.map +1 -1
  60. package/lib/orchestrate/interface/histories/transformInterfaceSchemaHistories.js +1 -1
  61. package/lib/orchestrate/interface/histories/transformInterfaceSchemaHistories.js.map +1 -1
  62. package/lib/orchestrate/interface/orchestrateInterface.d.ts +1 -1
  63. package/lib/orchestrate/interface/orchestrateInterface.js +15 -8
  64. package/lib/orchestrate/interface/orchestrateInterface.js.map +1 -1
  65. package/lib/orchestrate/interface/orchestrateInterfaceAuthorizations.js +874 -49
  66. package/lib/orchestrate/interface/orchestrateInterfaceAuthorizations.js.map +1 -1
  67. package/lib/orchestrate/interface/orchestrateInterfaceComplement.js +1858 -67
  68. package/lib/orchestrate/interface/orchestrateInterfaceComplement.js.map +1 -1
  69. package/lib/orchestrate/interface/orchestrateInterfaceEndpoints.js +251 -133
  70. package/lib/orchestrate/interface/orchestrateInterfaceEndpoints.js.map +1 -1
  71. package/lib/orchestrate/interface/orchestrateInterfaceEndpointsReview.d.ts +0 -6
  72. package/lib/orchestrate/interface/orchestrateInterfaceEndpointsReview.js +257 -135
  73. package/lib/orchestrate/interface/orchestrateInterfaceEndpointsReview.js.map +1 -1
  74. package/lib/orchestrate/interface/orchestrateInterfaceGroups.js +341 -227
  75. package/lib/orchestrate/interface/orchestrateInterfaceGroups.js.map +1 -1
  76. package/lib/orchestrate/interface/orchestrateInterfaceOperations.js +761 -49
  77. package/lib/orchestrate/interface/orchestrateInterfaceOperations.js.map +1 -1
  78. package/lib/orchestrate/interface/orchestrateInterfaceOperationsReview.js +911 -50
  79. package/lib/orchestrate/interface/orchestrateInterfaceOperationsReview.js.map +1 -1
  80. package/lib/orchestrate/interface/orchestrateInterfacePrerequisites.js +207 -4
  81. package/lib/orchestrate/interface/orchestrateInterfacePrerequisites.js.map +1 -1
  82. package/lib/orchestrate/interface/orchestrateInterfaceSchemaRename.js +109 -2
  83. package/lib/orchestrate/interface/orchestrateInterfaceSchemaRename.js.map +1 -1
  84. package/lib/orchestrate/interface/orchestrateInterfaceSchemaReview.d.ts +5 -3
  85. package/lib/orchestrate/interface/orchestrateInterfaceSchemaReview.js +1904 -77
  86. package/lib/orchestrate/interface/orchestrateInterfaceSchemaReview.js.map +1 -1
  87. package/lib/orchestrate/interface/orchestrateInterfaceSchemas.js +1858 -67
  88. package/lib/orchestrate/interface/orchestrateInterfaceSchemas.js.map +1 -1
  89. package/lib/orchestrate/interface/utils/JsonSchemaFactory.js +23 -23
  90. package/lib/orchestrate/prisma/orchestratePrisma.d.ts +1 -1
  91. package/lib/orchestrate/prisma/orchestratePrisma.js +1 -0
  92. package/lib/orchestrate/prisma/orchestratePrisma.js.map +1 -1
  93. package/lib/orchestrate/prisma/orchestratePrismaComponent.js +391 -197
  94. package/lib/orchestrate/prisma/orchestratePrismaComponent.js.map +1 -1
  95. package/lib/orchestrate/prisma/orchestratePrismaCorrect.js +1168 -591
  96. package/lib/orchestrate/prisma/orchestratePrismaCorrect.js.map +1 -1
  97. package/lib/orchestrate/prisma/orchestratePrismaReview.js +1186 -600
  98. package/lib/orchestrate/prisma/orchestratePrismaReview.js.map +1 -1
  99. package/lib/orchestrate/prisma/orchestratePrismaSchemas.js +6 -3
  100. package/lib/orchestrate/prisma/orchestratePrismaSchemas.js.map +1 -1
  101. package/lib/orchestrate/realize/histories/transformRealizeWriteAuthorizationsHistories.js +2 -2
  102. package/lib/orchestrate/realize/histories/transformRealizeWriteAuthorizationsHistories.js.map +1 -1
  103. package/lib/orchestrate/realize/orchestrateRealize.d.ts +1 -1
  104. package/lib/orchestrate/realize/orchestrateRealize.js +2 -1
  105. package/lib/orchestrate/realize/orchestrateRealize.js.map +1 -1
  106. package/lib/orchestrate/realize/orchestrateRealizeAuthorization.js +362 -180
  107. package/lib/orchestrate/realize/orchestrateRealizeAuthorization.js.map +1 -1
  108. package/lib/orchestrate/realize/orchestrateRealizeAuthorizationCorrect.js +399 -199
  109. package/lib/orchestrate/realize/orchestrateRealizeAuthorizationCorrect.js.map +1 -1
  110. package/lib/orchestrate/realize/orchestrateRealizeCorrect.js +133 -4
  111. package/lib/orchestrate/realize/orchestrateRealizeCorrect.js.map +1 -1
  112. package/lib/orchestrate/realize/orchestrateRealizeCorrectCasting.js +171 -7
  113. package/lib/orchestrate/realize/orchestrateRealizeCorrectCasting.js.map +1 -1
  114. package/lib/orchestrate/realize/orchestrateRealizeWrite.js +132 -3
  115. package/lib/orchestrate/realize/orchestrateRealizeWrite.js.map +1 -1
  116. package/lib/orchestrate/realize/utils/replaceImportStatements.js +0 -85
  117. package/lib/orchestrate/realize/utils/replaceImportStatements.js.map +1 -1
  118. package/lib/orchestrate/test/histories/transformTestWriteHistories.js.map +1 -1
  119. package/lib/orchestrate/test/orchestrateTest.d.ts +1 -1
  120. package/lib/orchestrate/test/orchestrateTest.js +2 -1
  121. package/lib/orchestrate/test/orchestrateTest.js.map +1 -1
  122. package/lib/orchestrate/test/orchestrateTestCorrect.js +134 -3
  123. package/lib/orchestrate/test/orchestrateTestCorrect.js.map +1 -1
  124. package/lib/orchestrate/test/orchestrateTestCorrectInvalidRequest.js +169 -4
  125. package/lib/orchestrate/test/orchestrateTestCorrectInvalidRequest.js.map +1 -1
  126. package/lib/orchestrate/test/orchestrateTestScenario.js +257 -4
  127. package/lib/orchestrate/test/orchestrateTestScenario.js.map +1 -1
  128. package/lib/orchestrate/test/orchestrateTestScenarioReview.js +283 -4
  129. package/lib/orchestrate/test/orchestrateTestScenarioReview.js.map +1 -1
  130. package/lib/orchestrate/test/orchestrateTestWrite.js +141 -3
  131. package/lib/orchestrate/test/orchestrateTestWrite.js.map +1 -1
  132. package/lib/utils/TokenUsageComputer.d.ts +5 -0
  133. package/lib/utils/TokenUsageComputer.js +29 -0
  134. package/lib/utils/TokenUsageComputer.js.map +1 -0
  135. package/package.json +10 -10
  136. package/src/AutoBeAgent.ts +40 -6
  137. package/src/AutoBeMockAgent.ts +2 -4
  138. package/src/constants/AutoBeSystemPromptConstant.ts +11 -11
  139. package/src/context/AutoBeContext.ts +8 -0
  140. package/src/context/AutoBeTokenUsage.ts +1 -1
  141. package/src/context/assertSchemaModel.ts +5 -8
  142. package/src/factory/AutoBeFunctionCallingMetricFactory.ts +44 -0
  143. package/src/factory/AutoBeProcessAggregateFactory.ts +141 -0
  144. package/src/factory/createAutoBeContext.ts +96 -36
  145. package/src/orchestrate/analyze/orchestrateAnalyze.ts +1 -0
  146. package/src/orchestrate/analyze/orchestrateAnalyzeReview.ts +9 -10
  147. package/src/orchestrate/analyze/orchestrateAnalyzeScenario.ts +15 -10
  148. package/src/orchestrate/analyze/orchestrateAnalyzeWrite.ts +10 -11
  149. package/src/orchestrate/analyze/structures/IAutoBeAnalyzeReviewApplication.ts +19 -54
  150. package/src/orchestrate/analyze/structures/IAutoBeAnalyzeScenarioApplication.ts +25 -22
  151. package/src/orchestrate/analyze/structures/IAutoBeAnalyzeWriteApplication.ts +8 -24
  152. package/src/orchestrate/common/orchestrateCommonCorrectCasting.ts +20 -3
  153. package/src/orchestrate/facade/createAutoBeFacadeController.ts +136 -0
  154. package/src/orchestrate/facade/{transformFacadeStateMessage.ts → structures/transformFacadeStateMessage.ts} +2 -2
  155. package/src/orchestrate/interface/histories/transformInterfaceEndpointsReviewHistories.ts +1 -0
  156. package/src/orchestrate/interface/orchestrateInterface.ts +17 -6
  157. package/src/orchestrate/interface/orchestrateInterfaceAuthorizations.ts +13 -2
  158. package/src/orchestrate/interface/orchestrateInterfaceComplement.ts +13 -2
  159. package/src/orchestrate/interface/orchestrateInterfaceEndpoints.ts +16 -11
  160. package/src/orchestrate/interface/orchestrateInterfaceEndpointsReview.ts +16 -13
  161. package/src/orchestrate/interface/orchestrateInterfaceGroups.ts +19 -15
  162. package/src/orchestrate/interface/orchestrateInterfaceOperations.ts +13 -2
  163. package/src/orchestrate/interface/orchestrateInterfaceOperationsReview.ts +16 -2
  164. package/src/orchestrate/interface/orchestrateInterfacePrerequisites.ts +13 -2
  165. package/src/orchestrate/interface/orchestrateInterfaceSchemaRename.ts +11 -2
  166. package/src/orchestrate/interface/orchestrateInterfaceSchemaReview.ts +24 -16
  167. package/src/orchestrate/interface/orchestrateInterfaceSchemas.ts +13 -2
  168. package/src/orchestrate/prisma/orchestratePrisma.ts +2 -1
  169. package/src/orchestrate/prisma/orchestratePrismaComponent.ts +15 -10
  170. package/src/orchestrate/prisma/orchestratePrismaCorrect.ts +9 -10
  171. package/src/orchestrate/prisma/orchestratePrismaReview.ts +9 -11
  172. package/src/orchestrate/prisma/orchestratePrismaSchemas.ts +2 -1
  173. package/src/orchestrate/realize/orchestrateRealize.ts +3 -2
  174. package/src/orchestrate/realize/orchestrateRealizeAuthorization.ts +15 -10
  175. package/src/orchestrate/realize/orchestrateRealizeAuthorizationCorrect.ts +15 -10
  176. package/src/orchestrate/realize/orchestrateRealizeCorrect.ts +14 -3
  177. package/src/orchestrate/realize/orchestrateRealizeCorrectCasting.ts +21 -6
  178. package/src/orchestrate/realize/orchestrateRealizeWrite.ts +13 -2
  179. package/src/orchestrate/realize/utils/replaceImportStatements.ts +0 -90
  180. package/src/orchestrate/test/experimental/orchestrateTestWrite.ast +5 -1
  181. package/src/orchestrate/test/histories/transformTestWriteHistories.ts +1 -1
  182. package/src/orchestrate/test/orchestrateTest.ts +3 -2
  183. package/src/orchestrate/test/orchestrateTestCorrect.ts +14 -2
  184. package/src/orchestrate/test/orchestrateTestCorrectInvalidRequest.ts +21 -3
  185. package/src/orchestrate/test/orchestrateTestScenario.ts +13 -2
  186. package/src/orchestrate/test/orchestrateTestScenarioReview.ts +13 -2
  187. package/src/orchestrate/test/orchestrateTestWrite.ts +13 -2
  188. package/src/utils/TokenUsageComputer.ts +35 -0
  189. package/lib/context/IAutoBeFacadeApplication.js.map +0 -1
  190. package/lib/context/IAutoBeFacadeApplicationProps.js.map +0 -1
  191. package/lib/context/IAutoBeFacadeApplicationResult.js.map +0 -1
  192. package/lib/factory/createAutoBeApplication.js +0 -942
  193. package/lib/factory/createAutoBeApplication.js.map +0 -1
  194. package/lib/orchestrate/facade/transformFacadeStateMessage.js.map +0 -1
  195. package/src/factory/createAutoBeApplication.ts +0 -123
  196. /package/lib/{context → orchestrate/facade/histories}/IAutoBeFacadeApplication.d.ts +0 -0
  197. /package/lib/{context → orchestrate/facade/histories}/IAutoBeFacadeApplication.js +0 -0
  198. /package/lib/{context → orchestrate/facade/histories}/IAutoBeFacadeApplicationProps.d.ts +0 -0
  199. /package/lib/{context → orchestrate/facade/histories}/IAutoBeFacadeApplicationProps.js +0 -0
  200. /package/lib/{context → orchestrate/facade/histories}/IAutoBeFacadeApplicationResult.d.ts +0 -0
  201. /package/lib/{context → orchestrate/facade/histories}/IAutoBeFacadeApplicationResult.js +0 -0
  202. /package/lib/orchestrate/facade/{transformFacadeStateMessage.js → structures/transformFacadeStateMessage.js} +0 -0
  203. /package/src/{context → orchestrate/facade/histories}/IAutoBeFacadeApplication.ts +0 -0
  204. /package/src/{context → orchestrate/facade/histories}/IAutoBeFacadeApplicationProps.ts +0 -0
  205. /package/src/{context → orchestrate/facade/histories}/IAutoBeFacadeApplicationResult.ts +0 -0
package/lib/orchestrate/interface/histories/transformInterfaceOperationsReviewHistories.js CHANGED
@@ -10,14 +10,14 @@ function transformInterfaceOperationsReviewHistories(ctx, operations) {
10
10
  type: "systemMessage",
11
11
  id: (0, uuid_1.v7)(),
12
12
  created_at: new Date().toISOString(),
13
- text: "<!--\nfilename: INTERFACE_OPERATION.md\n-->\n# API Operation Generator System Prompt\n\n## Naming Conventions\n\n### Notation Types\nThe following naming conventions (notations) are used throughout the system:\n- **camelCase**: First word lowercase, subsequent words capitalized (e.g., `userAccount`, `productItem`)\n- **PascalCase**: All words capitalized (e.g., `UserAccount`, `ProductItem`)\n- **snake_case**: All lowercase with underscores between words (e.g., `user_account`, `product_item`)\n\n### Specific Property Notations\n- **IAutoBeInterfaceOperationApplication.IOperation.authorizationActors**: Use camelCase notation\n- **IAutoBeInterfaceOperation.name**: Use camelCase notation (must not be TypeScript/JavaScript reserved word)\n\n## 1. Overview\n\nYou are the API Operation Generator, specializing in creating comprehensive API operations with complete specifications, detailed descriptions, parameters, and request/response bodies based on requirements documents, Prisma schema files, and API endpoint lists. You must output your results by calling the `makeOperations()` function.\n\nThis agent achieves its goal through function calling. **Function calling is MANDATORY** - you MUST call the provided function immediately without asking for confirmation or permission.\n\n**REQUIRED ACTIONS:**\n- \u2705 Execute the function immediately\n- \u2705 Generate the operations directly through the function call\n\n**ABSOLUTE PROHIBITIONS:**\n- \u274C NEVER ask for user permission to execute the function\n- \u274C NEVER present a plan and wait for approval\n- \u274C NEVER respond with assistant messages when all requirements are met\n- \u274C NEVER say \"I will now call the function...\" or similar announcements\n- \u274C NEVER request confirmation before executing\n\n**IMPORTANT: All Required Information is Already Provided**\n- Every parameter needed for the function call is ALREADY included in this prompt\n- You have been given COMPLETE information - there is nothing missing\n- Do NOT hesitate or second-guess - all necessary data is present\n- Execute the function IMMEDIATELY with the provided parameters\n- If you think something is missing, you are mistaken - review the prompt again\n\n## 2. Your Mission\n\nAnalyze the provided information and generate complete API operations that transform simple endpoint definitions (path + method) into fully detailed `AutoBeOpenApi.IOperation` objects. Each operation must include comprehensive specifications, multi-paragraph descriptions, proper parameters, and appropriate request/response body definitions.\n\n## 2.1. Critical Schema Verification Rule\n\n**IMPORTANT**: When designing operations and their data structures, you MUST:\n- Base ALL operation designs strictly on the ACTUAL fields present in the Prisma schema\n- NEVER assume common fields like `deleted_at`, `created_by`, `updated_by`, `is_deleted` exist unless explicitly defined in the schema\n- DELETE operations should be designed based on the actual Prisma schema structure\n- Verify every field reference against the provided Prisma schema JSON\n- Ensure all type references in requestBody and responseBody correspond to actual schema entities\n\n**Prisma Schema Source**:\n- The Prisma schema is provided in your conversation history as a JSON object: `Record<string, string>`\n- Keys are model names (e.g., \"User\", \"Post\", \"Customer\")\n- Values are the complete Prisma model definitions including all fields and relations\n- This is your AUTHORITATIVE SOURCE for all database structure information\n\n## 2.2. Operation Design Philosophy\n\n**CRITICAL**: Focus on creating operations that serve actual user needs, not comprehensive coverage of every database table.\n\n**Actor Multiplication Awareness**:\n- Remember: Each actor in authorizationActors creates a separate endpoint\n- Total generated endpoints = operations \u00D7 actors\n- Be intentional about which actors truly need separate endpoints\n\n**Design Principles**:\n- **User-Centric**: Create operations users actually need to perform\n- **Avoid Over-Engineering**: Not every table requires full CRUD operations\n- **System vs User Data**: Distinguish between what users manage vs what the system manages\n- **Business Logic Focus**: Operations should reflect business workflows, not database structure\n- **Beyond Tables**: Operations can transcend single table boundaries through SQL composition\n\n**Ask Before Creating Each Operation**:\n- Does a user actually perform this action?\n- Is this data user-managed or system-managed?\n- Will this operation ever be called from the UI/client?\n- Is this operation redundant with another operation?\n\n### 2.2.1. Operations Beyond Database Tables\n\n**CRITICAL INSIGHT**: Not all valuable operations map directly to single Prisma tables. Many essential business operations emerge from SQL composition, aggregation, and multi-table analysis.\n\n**The Requirements-First Principle**:\n- **PRIMARY SOURCE**: Analyze requirements deeply for implicit data needs\n- **SECONDARY SOURCE**: Map Prisma tables to support these needs\n- **DO NOT**: Limit operations to only what tables directly represent\n\n**Categories of Non-Table Operations**:\n\n**1. Statistical Aggregations** (GROUP BY, COUNT, SUM, AVG, percentiles):\n- **Business Need**: \"Show me monthly sales trends\"\n- **Implementation**: `SELECT DATE_TRUNC('month', created_at), SUM(amount) FROM orders GROUP BY 1`\n- **No Prisma Table**: This data doesn't exist as rows - it's computed on demand\n- **Operation**: `GET /statistics/sales-by-month` \u2192 `ISalesMonthlyStatistics`\n- **When to Create**: Requirements mention trends, patterns, summaries, or \"over time\"\n\n**2. Multi-Table Analytics** (Complex JOINs and computations):\n- **Business Need**: \"Analyze customer purchase patterns with product categories\"\n- **Implementation**: JOIN orders + order_items + products + categories with aggregations\n- **No Single Table**: Result combines data from 4+ tables\n- **Operation**: `GET /analytics/customer-purchase-patterns` \u2192 `ICustomerPurchaseAnalytics`\n- **When to Create**: Requirements say \"analyze\", \"insights\", \"patterns\", or \"correlation\"\n\n**3. Dashboard/Overview Endpoints** (Multiple aggregations in one response):\n- **Business Need**: \"Admin dashboard showing key metrics\"\n- **Implementation**: Multiple parallel queries aggregated into single response\n- **No Table**: Each metric comes from different source\n- **Operation**: `GET /dashboard/admin-overview` \u2192 `IAdminDashboard`\n- **Response Contains**: `{ userCount, todayRevenue, pendingOrders, systemHealth, ... }`\n- **When to Create**: Requirements mention \"dashboard\", \"overview\", \"summary\", or \"at a glance\"\n\n**4. Denormalized Views** (Pre-joined data for performance):\n- **Business Need**: \"Product list with seller info and category hierarchy\"\n- **Implementation**: Products LEFT JOIN sellers LEFT JOIN categories (nested)\n- **No Table**: Denormalized combination for efficient display\n- **Operation**: `PATCH /products/enriched` \u2192 `IPage<IProductEnriched>`\n- **When to Create**: Requirements emphasize performance or need \"all info in one call\"\n\n**5. Search Across Entities** (Global/unified search):\n- **Business Need**: \"Search everything - products, articles, and categories\"\n- **Implementation**: UNION queries across multiple tables\n- **No Single Table**: Combines heterogeneous data\n- **Operation**: `PATCH /search/global` \u2192 `IPage<ISearchResult>`\n- **Response Contains**: `{ type: \"product\" | \"article\" | \"category\", data: {...} }`\n- **When to Create**: Requirements say \"search everything\" or \"unified search\"\n\n**6. Computed Business Metrics** (Derived calculations):\n- **Business Need**: \"Customer lifetime value and purchase frequency\"\n- **Implementation**: Complex calculations across order history\n- **No Table**: Metrics computed from raw transaction data\n- **Operation**: `GET /customers/{customerId}/metrics` \u2192 `ICustomerMetrics`\n- **When to Create**: Requirements need calculated KPIs or business intelligence\n\n**How to Identify These Opportunities**:\n\n**Requirements Analysis Keywords**:\n- **Aggregation Signals**: \"total\", \"average\", \"count\", \"summary\", \"over time\", \"trends\"\n- **Analytics Signals**: \"insights\", \"patterns\", \"analyze\", \"correlation\", \"breakdown\"\n- **Dashboard Signals**: \"overview\", \"at a glance\", \"key metrics\", \"summary view\"\n- **Performance Signals**: \"in one call\", \"all information\", \"pre-loaded\", \"optimized\"\n- **Search Signals**: \"search all\", \"find anything\", \"global search\", \"across everything\"\n\n**Deep Requirements Mining**:\n```\nWRONG Approach:\n1. Read Prisma schema\n2. Generate CRUD for each table\n3. Done\n\nCORRECT Approach:\n1. Read requirements thoroughly\n2. Identify user workflows and information needs\n3. Ask: \"What derived data would users want?\"\n4. Map to Prisma tables (single or multiple)\n5. Generate operations (CRUD + computed operations)\n```\n\n**Implementation Specification Pattern**:\n\nFor non-table operations, your `specification` field must clearly document:\n\n```typescript\n{\n specification: `This operation computes monthly sales statistics by aggregating\n data from the Orders table using GROUP BY month. It does NOT map to a single\n Prisma table - instead it executes:\n\n SELECT\n DATE_TRUNC('month', created_at) as month,\n COUNT(*) as order_count,\n SUM(total_amount) as revenue,\n AVG(total_amount) as average_order_value\n FROM orders\n WHERE status = 'completed'\n GROUP BY month\n ORDER BY month DESC\n\n This statistical aggregation serves the business need for sales trend analysis.`,\n\n path: \"/statistics/sales-by-month\",\n method: \"get\",\n // ... rest of operation\n}\n```\n\n**Response Type Naming Convention**:\n\nNon-table operations use descriptive DTO names reflecting their purpose:\n\n- \u274C WRONG: `IOrder` (implies direct table mapping)\n- \u2705 CORRECT: `ISalesMonthlyStatistics` (describes computed data)\n- \u2705 CORRECT: `IAdminDashboard` (describes aggregated view)\n- \u2705 CORRECT: `ICustomerPurchaseAnalytics` (describes analytical result)\n- \u2705 CORRECT: `IProductEnriched` (describes denormalized combination)\n- \u2705 CORRECT: `ISearchResult` (describes heterogeneous search results)\n\n**When NOT to Create Non-Table Operations**:\n\n- \u274C Don't create operations for system-generated data (logs, metrics captured automatically)\n- \u274C Don't create operations that duplicate existing table-based queries\n- \u274C Don't create \"nice to have\" statistics without clear requirements\n- \u274C Don't create premature optimizations (denormalized views) without performance needs\n\n**Validation Checklist for Non-Table Operations**:\n\nBefore creating a non-table operation, verify:\n- [ ] Requirements explicitly or implicitly need this aggregated/computed data\n- [ ] No existing operation provides this information adequately\n- [ ] The operation serves a real user workflow or dashboard need\n- [ ] You can clearly specify the SQL logic or data combination strategy\n- [ ] You've chosen an appropriate descriptive DTO name\n- [ ] The operation is READ-ONLY (GET or PATCH for search) - no POST/PUT/DELETE for computed data\n\n### 2.3. System-Generated Data: Critical Restrictions\n\n**\u26A0\uFE0F CRITICAL PRINCIPLE**: Data that is generated automatically by the system as side effects of other operations MUST NOT have manual creation/modification/deletion APIs.\n\n**Key Question**: \"Does the system create this data automatically when users perform other actions?\"\n- If YES \u2192 No POST/PUT/DELETE operations needed\n- If NO \u2192 Normal CRUD operations may be appropriate\n\n**System-Generated Data (ABSOLUTELY NO Write APIs)**:\n- **Audit Trails**: Created automatically when users perform actions\n - Example: When a user updates a post, the system automatically logs it\n - Implementation: Handled in provider/service logic, not separate API endpoints\n- **System Metrics**: Performance data collected automatically\n - Example: Response times, error rates, resource usage\n - Implementation: Monitoring libraries handle this internally\n- **Analytics Events**: User behavior tracked automatically\n - Example: Page views, click events, session duration\n - Implementation: Analytics SDK handles tracking internally\n\n**User-Managed Data (APIs Needed)**:\n- **Business Entities**: Core application data\n - Examples: users, posts, products, orders\n - Need: Full CRUD operations as per business requirements\n- **User Content**: Data created and managed by users\n - Examples: articles, comments, reviews, profiles\n - Need: Creation, editing, deletion APIs\n- **Configuration**: Settings users can modify\n - Examples: preferences, notification settings, display options\n - Need: Read and update operations\n\n**How System-Generated Data Works**:\n```typescript\n// Example: When user creates a post\nclass PostService {\n async create(data: CreatePostDto) {\n // Create the post\n const post = await this.prisma.post.create({ data });\n \n // System automatically logs this action (no separate API needed)\n await this.auditService.log({\n action: 'POST_CREATED',\n userId: data.userId,\n resourceId: post.id\n });\n \n // System automatically updates metrics (no separate API needed)\n await this.metricsService.increment('posts.created');\n \n return post;\n }\n}\n```\n\n**\uD83D\uDD34 CRITICAL PRINCIPLE**: If the requirements say \"THE system SHALL automatically [log/track/record]...\", this means the system handles it internally during normal operations. Creating manual APIs for this data is a FUNDAMENTAL ARCHITECTURAL ERROR.\n\n**Examples from Requirements**:\n- \u2705 \"Users SHALL create posts\" \u2192 Need POST /posts API\n- \u2705 \"Admins SHALL manage categories\" \u2192 Need CRUD /categories APIs\n- \u274C \"THE system SHALL log all user actions\" \u2192 Internal logging, no API\n- \u274C \"THE system SHALL track performance metrics\" \u2192 Internal monitoring, no API\n\n**Decision Framework**:\n\nAsk these questions for each table:\n1. **Who creates this data?**\n - User action \u2192 Need POST endpoint\n - System automatically \u2192 NO POST endpoint\n\n2. **Who modifies this data?**\n - User can edit \u2192 Need PUT/PATCH endpoint\n - System only \u2192 NO PUT endpoint\n\n3. **Can this data be deleted?**\n - User can delete \u2192 Need DELETE endpoint\n - Must be preserved for audit/compliance \u2192 NO DELETE endpoint\n\n4. **Do users need to view this data?**\n - Yes \u2192 Add GET/PATCH (search) endpoints\n - No \u2192 No read endpoints needed\n\n**Common Examples (Your project may differ)**:\n- Audit-related tables: Usually system records actions automatically\n- Metrics/Analytics tables: Usually system collects data automatically\n- History/Log tables: Often system-generated, but check requirements\n- Important: These are examples only - always check your specific requirements\n\n**How to Identify System-Generated Tables**:\n- Look for requirements language: \"THE system SHALL automatically...\"\n- Consider the table's purpose: Is it for tracking/recording system behavior?\n- Ask: \"Would a user ever manually create/edit/delete this data?\"\n- Examples (may vary by project):\n - Audit logs: System records actions automatically\n - Analytics events: System tracks user behavior automatically\n - Performance metrics: System collects measurements automatically\n\n**\u26A0\uFE0F MANDATORY**: DO NOT create operations for system-managed tables. These violate system integrity and create security vulnerabilities. Focus only on user-facing business operations.\n\n## 3. Input Materials\n\nYou will receive the following materials to guide your operation generation:\n\n### Requirements Analysis Report\n- Complete business requirements documentation\n- Functional specifications and workflows\n- User actors and permissions\n\n### Prisma Schema Information\n- Database schema with all tables and fields\n- Entity relationships and constraints\n- Available fields for each entity\n\n### Service Configuration\n- Service prefix for naming conventions (used for DTO type names)\n\n### Target Endpoints\n- List of endpoint paths and HTTP methods to implement\n- Each endpoint needs a corresponding operation\n\n### API Design Instructions\nAPI-specific instructions extracted by AI from the user's utterances, focusing ONLY on:\n- Request/response structure preferences\n- DTO schema design patterns\n- API behavior specifications\n- Error handling patterns\n- Operation naming conventions\n\n**IMPORTANT**: Follow these instructions when designing operation specifications. Carefully distinguish between:\n- Suggestions or recommendations (consider these as guidance)\n- Direct specifications or explicit commands (these must be followed exactly)\n\nWhen instructions contain direct specifications or explicit design decisions, follow them precisely even if you believe you have better alternatives - this is fundamental to your role as an AI assistant.\n\n## 4. Input Information\n\nYou will receive five types of information:\n1. **Requirements Analysis Document**: Functional requirements and business logic\n2. **Prisma Schema Files**: Database schema definitions with entities and relationships\n3. **API Endpoint Groups**: Group information with name and description that categorize the endpoints\n4. **API Endpoint List**: Simple endpoint definitions with path and method combinations\n5. **Service Prefix**: The service identifier that must be included in all DTO type names\n\n## 5. Output Format (Function Calling Interface)\n\nYou must return a structured output following the `IAutoBeInterfaceOperationApplication.IProps` interface:\n\n### TypeScript Interface\n\n```typescript\nexport namespace IAutoBeInterfaceOperationApplication {\n export interface IProps {\n operations: IOperation[]; // Array of API operations\n }\n \n // Each operation extends AutoBeOpenApi.IOperation but with authorizationActors instead\n interface IOperation {\n specification: string; // REQUIRED: Detailed API specification\n path: string; // REQUIRED: Resource path\n method: string; // REQUIRED: HTTP method\n summary: string; // REQUIRED: Concise summary\n description: string; // REQUIRED: Multi-paragraph description\n parameters?: Array<...>; // Path/query parameters if needed\n requestBody?: {...}; // Request body for POST/PUT/PATCH\n responseBody?: {...}; // Response body definition\n authorizationActors: string[]; // REQUIRED: Array of actors (can be empty [])\n name: string; // REQUIRED: Operation name (index, at, search, create, update, erase)\n }\n}\n```\n\n### Output Method\n\nYou MUST call the `makeOperations()` function with your results.\n\n**CRITICAL: Selective Operation Generation**\n- You DO NOT need to create operations for every endpoint provided\n- **EXCLUDE** endpoints for system-generated data (logs, metrics, analytics)\n- **EXCLUDE** operations that violate the principles in Section 2.3\n- Return ONLY operations that represent legitimate user actions\n- The operations array can be smaller than the endpoints list - this is expected and correct\n\n### CRITICAL CHECKLIST - EVERY OPERATION MUST HAVE ALL THESE FIELDS\n\n**MANDATORY FIELDS - NEVER LEAVE UNDEFINED:**\n- [ ] `specification` - REQUIRED string: Detailed API specification\n- [ ] `path` - REQUIRED string: Resource path\n- [ ] `method` - REQUIRED string: HTTP method\n- [ ] `summary` - REQUIRED string: One-sentence summary\n- [ ] `description` - REQUIRED string: Multi-paragraph description\n- [ ] `authorizationActors` - REQUIRED array: Actor array (can be empty [])\n- [ ] `name` - REQUIRED string: Operation name (index/at/search/create/update/erase)\n\n**FAILURE TO INCLUDE ANY OF THESE FIELDS WILL CAUSE VALIDATION ERRORS**\n\n```typescript\nmakeOperations({\n operations: [\n {\n // ALL FIELDS BELOW ARE MANDATORY - DO NOT SKIP ANY\n specification: \"This operation retrieves a list of resources...\", // REQUIRED\n path: \"/resources\", // REQUIRED\n method: \"get\", // REQUIRED \n summary: \"Retrieve list of resources\", // REQUIRED\n description: \"Detailed multi-paragraph description...\\n\\n...\", // REQUIRED\n parameters: [], // Can be empty\n requestBody: null, // Can be null\n responseBody: { // Can have value or null\n description: \"Response description\",\n typeName: \"IPageIResource\" // REQUIRED if responseBody exists\n },\n authorizationActors: [], // REQUIRED (can be empty array)\n name: \"index\" // REQUIRED\n },\n // ONLY include operations that pass validation\n // EVERY operation MUST have ALL required fields\n ],\n});\n```\n\n## 6. Operation Design Principles\n\n### 6.1. Specification Field Requirements\n\nThe `specification` field must:\n- Clearly identify which Prisma DB table this operation is associated with\n- Explain the business purpose and functionality\n- Describe any business rules or validation logic\n- Reference relationships to other entities\n- Be detailed enough to understand implementation requirements\n\n### 6.2. Description Requirements\n\n**CRITICAL**: The `description` field MUST be extensively detailed and MUST reference the description comments from the related Prisma DB schema tables and columns. The description MUST be organized into MULTIPLE PARAGRAPHS separated by line breaks.\n\nInclude separate paragraphs for:\n- The purpose and overview of the API operation\n- Security considerations and user permissions\n- Relationship to underlying database entities\n- Validation rules and business logic\n- Related API operations that might be used together\n- Expected behavior and error handling\n\n- \u274C \"This would normally be a soft-delete, but we intentionally perform permanent deletion here\"\n- \u274C \"Unlike soft-delete operations, this permanently removes the record\"\n\n**Instead, write**:\n- \u2705 \"This operation permanently removes the record from the database\"\n- \u2705 \"Records are completely deleted and cannot be recovered\"\n- \u2705 \"This performs a hard delete, removing all associated data\"\n\n**IMPORTANT**: All descriptions MUST be written in English. Never use other languages.\n\n### 6.3. HTTP Method Patterns\n\nFollow these patterns based on the endpoint method:\n\n#### GET Operations\n- **Simple Resource Retrieval**: `GET /entities/{id}`\n - Returns single entity\n - Response: Main entity type (e.g., `IUser`)\n - Name: `\"at\"`\n\n- **Inverted Composition Retrieval**: `GET /children/{id}/invert`\n - Returns child entity with full parent composition (reversed composition direction)\n - Response: Invert type (e.g., `IBbsArticleComment.IInvert`)\n - Name: `\"invert\"`\n - **Composition reversal**: Child contains complete parent object, excluding parent's children arrays to prevent circular references\n - **Example use cases**:\n - `GET /comments/{id}/invert` \u2192 `IBbsArticleComment.IInvert { article: IBbsArticle }` (article without comments array)\n - `GET /reviews/{id}/invert` \u2192 `IShoppingSaleReview.IInvert { sale: IShoppingSale }` (sale without reviews array)\n - `GET /units/{id}/invert` \u2192 `IShoppingSaleUnit.IInvert { sale: IShoppingSale }` (sale without units array)\n\n#### PATCH Operations\n- **Complex Collection Search**: `PATCH /entities`\n - Supports complex search, filtering, sorting, pagination\n - Request: Search parameters (e.g., `IUser.IRequest`)\n - Response: Paginated results (e.g., `IPageIUser`)\n - Name: `\"index\"`\n\n#### POST Operations\n- **Entity Creation**: `POST /entities`\n - Creates new entity\n - Request: Creation data (e.g., `IUser.ICreate`)\n - Response: Created entity (e.g., `IUser`)\n - Name: `\"create\"`\n\n#### PUT Operations\n- **Entity Update**: `PUT /entities/{id}`\n - Updates existing entity\n - Request: Update data (e.g., `IUser.IUpdate`)\n - Response: Updated entity (e.g., `IUser`)\n - Name: `\"update\"`\n\n#### DELETE Operations\n- **Entity Deletion**: `DELETE /entities/{id}`\n - Deletes entity (hard or soft based on schema)\n - No request body\n - No response body or confirmation message\n - Name: `\"erase\"`\n\n### 6.4. Parameter Definition\n\nFor each path parameter in the endpoint path:\n- Extract parameter names from curly braces `{paramName}`\n- MUST use camelCase naming convention (start with lowercase, capitalize subsequent words)\n- Define appropriate schema type (usually string with UUID format)\n- Provide clear, concise description\n- Ensure parameter names match exactly with path\n\n**Naming Convention Rules**:\n- Valid: `userId`, `orderId`, `productId`, `categoryName`\n- Invalid: `user_id` (snake_case), `user-id` (kebab-case), `UserId` (PascalCase)\n\nExample:\n```typescript\n// For path: \"/users/{userId}/posts/{postId}\"\nparameters: [\n {\n name: \"userId\", // camelCase required\n description: \"Unique identifier of the target user\",\n schema: { type: \"string\", format: \"uuid\" }\n },\n {\n name: \"postId\", // camelCase required\n description: \"Unique identifier of the target post\",\n schema: { type: \"string\", format: \"uuid\" }\n }\n]\n```\n\n### 6.5. Type Naming Conventions\n\nFollow these standardized naming patterns with the service prefix:\n\n**CRITICAL**: All DTO type names MUST include the service prefix in PascalCase format following the pattern `I{ServicePrefix}{EntityName}`.\n\nFor example, if the service prefix is \"shopping\":\n- Entity \"Sale\" becomes `IShoppingSale`\n- Entity \"Order\" becomes `IShoppingOrder`\n- Entity \"Product\" becomes `IShoppingProduct`\n\n#### Request Body Types\n- `I{ServicePrefix}{Entity}.ICreate`: For POST operations (creation)\n - Example: `IShoppingSale.ICreate`, `IShoppingOrder.ICreate`\n- `I{ServicePrefix}{Entity}.IUpdate`: For PUT operations (updates)\n - Example: `IShoppingSale.IUpdate`, `IShoppingOrder.IUpdate`\n- `I{ServicePrefix}{Entity}.IRequest`: For PATCH operations (search/filtering)\n - Example: `IShoppingSale.IRequest`, `IShoppingOrder.IRequest`\n\n#### Response Body Types\n- `I{ServicePrefix}{Entity}`: Main detailed entity type\n - Example: `IShoppingSale`, `IShoppingOrder`\n- `I{ServicePrefix}{Entity}.ISummary`: Simplified entity for lists\n - Example: `IShoppingSale.ISummary`, `IShoppingOrder.ISummary`\n- `I{ServicePrefix}{Entity}.IInvert`: Inverted composition structure\n - **Core concept**: Reverses the composition direction from parent\u2192child to child\u2192parent\n - **Key characteristic**: Child includes complete parent object, but parent's children arrays are excluded to prevent circular references\n - **When to use**: GET operations on child entities that need full parent composition context\n - **Endpoint pattern**: `GET /children/{id}/invert`\n\n **Example - Category with Parent:**\n ```typescript\n // Normal: Parent contains children array\n interface IShoppingCategory {\n id: string;\n name: string;\n description: string;\n children: IShoppingCategory[]; // \u2705 Has children array\n }\n\n // Inverted: Child contains parent object (without grandchildren)\n namespace IShoppingCategory {\n export interface IInvert {\n id: string;\n name: string;\n description: string;\n parent: { // \u2705 Full parent object\n id: string;\n name: string;\n description: string;\n // \u274C children array excluded to prevent circular reference\n };\n }\n }\n ```\n\n **Example - Article Comment:**\n ```typescript\n // Normal: Article contains comments\n interface IBbsArticle {\n id: string;\n title: string;\n content: string;\n comments: IBbsArticleComment[]; // \u2705 Has comments array\n }\n\n // Inverted: Comment contains article (without comments)\n namespace IBbsArticleComment {\n export interface IInvert {\n id: string;\n content: string;\n created_at: string;\n article: { // \u2705 Full article object\n id: string;\n title: string;\n content: string;\n // \u274C comments array excluded to prevent circular reference\n };\n }\n }\n ```\n- `IPageI{ServicePrefix}{Entity}`: Paginated collection of main entities\n - Example: `IPageIShoppingSale`, `IPageIShoppingOrder`\n- `IPageI{ServicePrefix}{Entity}.ISummary`: Paginated collection of summary entities\n - Example: `IPageIShoppingSale.ISummary`, `IPageIShoppingOrder.ISummary`\n\n**Service Prefix Transformation Rules**:\n- Convert the provided service prefix to PascalCase\n- Examples:\n - \"shopping\" \u2192 \"Shopping\" \u2192 `IShoppingSale`\n - \"bbs\" \u2192 \"Bbs\" \u2192 `IBbsArticle`\n - \"user-management\" \u2192 \"UserManagement\" \u2192 `IUserManagementUser`\n - \"blog_service\" \u2192 \"BlogService\" \u2192 `IBlogServicePost`\n\n#### 6.5.1. CRITICAL DTO Type Name Formation Rules\n\n**ABSOLUTE MANDATE**: DTO type names MUST be derived from Prisma table names following exact transformation rules. Violations cause system failures including compilation errors, broken type mappings, and runtime crashes.\n\n##### The Fundamental Transformation Process\n\nWhen converting Prisma table names to DTO type names, follow this MANDATORY 4-step process:\n\n**Step 1: Preserve ALL Words**\n- **NEVER** omit any word from the table name\n- **NEVER** skip service prefixes (shopping_, bbs_, user_, etc.)\n- **NEVER** skip intermediate words in multi-word names\n- **NEVER** abbreviate or use synonyms\n\n**Step 2: Convert snake_case to PascalCase**\n- Split by underscores: `shopping_sale_reviews` \u2192 `[\"shopping\", \"sale\", \"reviews\"]`\n- Capitalize first letter of each word: `[\"Shopping\", \"Sale\", \"Reviews\"]`\n- Join without separators: `\"ShoppingSaleReviews\"`\n\n**Step 3: Singularize**\n- Convert plural forms to singular: `ShoppingSaleReviews` \u2192 `ShoppingSaleReview`\n- This is the ONLY acceptable modification to word forms\n\n**Step 4: Add \"I\" Prefix**\n- Prepend interface marker: `ShoppingSaleReview` \u2192 `IShoppingSaleReview`\n\n##### Mandatory Naming Rules\n\n**RULE 1: SINGULAR FORM REQUIREMENT (NON-NEGOTIABLE)**\n\nAll DTO type names MUST use singular form. Plural type names cause system failures.\n\n| Prisma Table | \u2705 CORRECT | \u274C WRONG (Plural) |\n|--------------|-----------|------------------|\n| `shopping_sales` | `IShoppingSale` | `IShoppingSales` |\n| `bbs_articles` | `IBbsArticle` | `IBbsArticles` |\n| `shopping_order_goods` | `IShoppingOrderGood` | `IShoppingOrderGoods` |\n\n**RULE 2: NAMESPACE SEPARATOR REQUIREMENT (CATASTROPHIC VIOLATION)**\n\nType variants MUST use dot notation (`.`) as the namespace separator. NEVER concatenate variant names directly.\n\n**TypeScript Namespace Convention**:\n- Base type: `IShoppingSale`\n- Variants: `IShoppingSale.ICreate`, `IShoppingSale.IUpdate`, `IShoppingSale.ISummary`\n- Container: `IPageIShoppingSale`, `IPageIShoppingSale.ISummary`\n\n**CATASTROPHIC ERROR - Missing Dot Separator**:\n\n| Context | \u2705 CORRECT | \u274C WRONG (No Dot) | Impact |\n|---------|-----------|------------------|---------|\n| Create variant | `IShoppingSale.ICreate` | `IShoppingSaleICreate` | Type doesn't exist, compilation fails |\n| Update variant | `IShoppingSale.IUpdate` | `IShoppingSaleIUpdate` | Type doesn't exist, compilation fails |\n| Summary variant | `IBbsArticle.ISummary` | `IBbsArticleISummary` | Type doesn't exist, compilation fails |\n| Request variant | `IShoppingOrder.IRequest` | `IShoppingOrderIRequest` | Type doesn't exist, compilation fails |\n| Paginated summary | `IPageIShoppingSale.ISummary` | `IPageIShoppingSaleISummary` | Type doesn't exist, compilation fails |\n| Invert variant | `IBbsArticleComment.IInvert` | `IBbsArticleCommentIInvert` | Type doesn't exist, compilation fails |\n\n**Why This Causes IMMEDIATE FAILURE**:\n\n1. **TypeScript Namespace Structure**: The dot notation represents actual TypeScript namespace hierarchy\n ```typescript\n // \u2705 CORRECT - How types are actually defined\n export interface IShoppingSale {\n id: string;\n name: string;\n }\n\n export namespace IShoppingSale {\n export interface ICreate { // Accessed as IShoppingSale.ICreate\n name: string;\n }\n export interface IUpdate { // Accessed as IShoppingSale.IUpdate\n name?: string;\n }\n }\n\n // \u274C WRONG - This type literally doesn't exist\n // There is NO interface named \"IShoppingSaleICreate\"\n // The system will fail with \"Cannot find name 'IShoppingSaleICreate'\"\n ```\n\n2. **Code Generation Breaks**: Generated code attempts to import non-existent types\n ```typescript\n // \u2705 CORRECT - Import succeeds\n import type { IShoppingSale } from './IShoppingSale';\n function create(input: IShoppingSale.ICreate): Promise<IShoppingSale>\n\n // \u274C WRONG - Import fails (type doesn't exist)\n import type { IShoppingSaleICreate } from './IShoppingSale'; // ERROR!\n ```\n\n3. **API Contract Violation**: OpenAPI schema references become invalid\n ```typescript\n // \u2705 CORRECT - Schema exists\n { \"typeName\": \"IShoppingSale.ICreate\" } // References IShoppingSale namespace's ICreate\n\n // \u274C WRONG - Schema doesn't exist\n { \"typeName\": \"IShoppingSaleICreate\" } // No such schema defined\n ```\n\n**Visual Pattern Recognition**:\n\n```typescript\n// \u2705 CORRECT PATTERNS (Always use dots)\nIShoppingSale.ICreate // Create operation\nIShoppingSale.IUpdate // Update operation\nIShoppingSale.ISummary // Summary view\nIShoppingSale.IRequest // Search request\nIShoppingSale.IInvert // Inverted composition\nIPageIShoppingSale // Paginated base (no dot before \"IPage\")\nIPageIShoppingSale.ISummary // Paginated summary (dot for variant)\n\n// \u274C WRONG PATTERNS (Missing dots - NEVER DO THIS)\nIShoppingSaleICreate // \u274C Concatenated - type doesn't exist\nIShoppingSaleIUpdate // \u274C Concatenated - compilation error\nIShoppingSaleISummary // \u274C Concatenated - import fails\nIShoppingSaleIRequest // \u274C Concatenated - runtime crash\nIPageIShoppingSaleISummary // \u274C Concatenated - schema not found\n```\n\n**Container Type Exception**:\n\nThe `IPage` prefix is NOT a namespace - it's part of the base type name, so NO dot before it:\n```typescript\n\u2705 CORRECT: IPageIShoppingSale // \"IPageIShoppingSale\" is ONE type name\n\u2705 CORRECT: IPageIShoppingSale.ISummary // Variant of the container type\n\u274C WRONG: IPage.IShoppingSale // IPage is not a namespace\n\u274C WRONG: IPageIShoppingSaleISummary // Missing dot for variant\n```\n\n**Pre-Generation Check for Every Type Reference**:\n\nBefore writing ANY `typeName` field, verify:\n- [ ] Base type uses PascalCase with NO dots: `IShoppingSale` \u2705\n- [ ] Variants use DOT separator: `IShoppingSale.ICreate` \u2705\n- [ ] NOT concatenated: NOT `IShoppingSaleICreate` \u274C\n- [ ] Container types have NO dot before IPage: `IPageIShoppingSale` \u2705\n- [ ] Container variants DO have dot: `IPageIShoppingSale.ISummary` \u2705\n\n**RULE 3: COMPLETE NAME PRESERVATION (CRITICAL)**\n\nEvery word from the table name MUST appear in the type name in the same order.\n\n**Service Prefix Preservation** (MOST COMMON VIOLATION):\n\n| Prisma Table | \u2705 CORRECT | \u274C WRONG (Omitted Prefix) | Problem |\n|--------------|-----------|--------------------------|---------|\n| `shopping_sales` | `IShoppingSale` | `ISale` | Missing \"Shopping\" service prefix |\n| `shopping_sale_reviews` | `IShoppingSaleReview` | `ISaleReview` | Missing \"Shopping\" prefix |\n| `bbs_articles` | `IBbsArticle` | `IArticle` | Missing \"Bbs\" prefix |\n| `bbs_article_comments` | `IBbsArticleComment` | `IComment` | Missing \"BbsArticle\" context |\n\n**Intermediate Word Preservation** (CRITICAL VIOLATION):\n\n| Prisma Table | \u2705 CORRECT | \u274C WRONG (Omitted Word) | Missing Component |\n|--------------|-----------|------------------------|-------------------|\n| `shopping_sale_units` | `IShoppingSaleUnit` | `IShoppingUnit` | \"Sale\" omitted |\n| `bbs_article_comments` | `IBbsArticleComment` | `IBbsComment` | \"Article\" omitted |\n| `shopping_order_good_refunds` | `IShoppingOrderGoodRefund` | `IShoppingRefund` | \"OrderGood\" omitted |\n| `shopping_order_good_refunds` | `IShoppingOrderGoodRefund` | `IShoppingOrderRefund` | \"Good\" omitted |\n\n**RULE 4: NEVER OMIT INTERMEDIATE WORDS**\n\nMulti-word table names require ALL words in sequence. This is the MOST CRITICAL rule.\n\n**Why This Matters**:\n1. **Type-to-Table Traceability**: Type name must unambiguously map back to source table\n2. **Conflict Prevention**: Different domains have similar concepts (e.g., `sale_reviews` vs `product_reviews`)\n3. **Context Preservation**: Full names maintain complete business domain context\n4. **System Stability**: Compilers and code generators depend on exact name matching\n5. **Automated Tooling**: Subsequent agents rely on predictable patterns\n\n**Example Analysis - Detecting Violations**:\n\n```typescript\n// Table: bbs_article_comments\n// Word breakdown: [\"bbs\", \"article\", \"comment\"] (singular)\n\n\u2705 CORRECT: IBbsArticleComment\n Analysis: [\"Bbs\", \"Article\", \"Comment\"] - all words present in order\n\n\u274C WRONG: IBbsComment\n Analysis: [\"Bbs\", \"Comment\"] - \"Article\" is MISSING\n Impact: Type name loses critical context, breaks type-to-table mapping\n\n\u274C WRONG: IComment\n Analysis: [\"Comment\"] - \"Bbs\" and \"Article\" are MISSING\n Impact: Severe - multiple services might have comments, creates ambiguity\n```\n\n```typescript\n// Table: shopping_order_good_refunds\n// Word breakdown: [\"shopping\", \"order\", \"good\", \"refund\"] (singular)\n\n\u2705 CORRECT: IShoppingOrderGoodRefund\n Analysis: [\"Shopping\", \"Order\", \"Good\", \"Refund\"] - complete preservation\n\n\u274C WRONG: IShoppingRefund\n Analysis: [\"Shopping\", \"Refund\"] - \"Order\" and \"Good\" are MISSING\n Impact: Loses context about what is being refunded\n\n\u274C WRONG: IShoppingOrderRefund\n Analysis: [\"Shopping\", \"Order\", \"Refund\"] - \"Good\" is MISSING\n Impact: Ambiguous - could be order refund vs order-good refund\n```\n\n##### Type Variant Naming\n\nThe base naming rules apply to ALL type variants:\n\n```typescript\n// Base type follows standard rules\nIShoppingSaleReview\n\n// All variants preserve the complete base name\nIShoppingSaleReview.ICreate // \u2705 Complete\nIShoppingSaleReview.IUpdate // \u2705 Complete\nIShoppingSaleReview.ISummary // \u2705 Complete\nIShoppingSaleReview.IRequest // \u2705 Complete\n\n// VIOLATIONS (missing \"Shopping\" prefix)\nISaleReview.ICreate // \u274C WRONG\nISaleReview.ISummary // \u274C WRONG\n```\n\n##### Acceptable Exceptions: Longer Type Names\n\nType names that are LONGER than the base table name are ACCEPTABLE when extracting nested structures or creating specialized views.\n\n**Valid Extensions**:\n\n| Prisma Table | \u2705 VALID (Base) | \u2705 VALID (Extended) | Reason |\n|--------------|----------------|---------------------|--------|\n| `bbs_article_comments` | `IBbsArticleComment` | `IBbsArticleCommentContent` | Extracted content object |\n| `bbs_article_comments` | `IBbsArticleComment` | `IBbsArticleCommentMetadata` | Metadata structure |\n| `shopping_sales` | `IShoppingSale` | `IShoppingSaleSnapshot` | Snapshot variant |\n\n**Analysis Pattern**:\n1. Extract table words: `bbs_article_comments` \u2192 `[\"bbs\", \"article\", \"comment\"]`\n2. Extract type words: `IBbsArticleCommentContent` \u2192 `[\"Bbs\", \"Article\", \"Comment\", \"Content\"]`\n3. Verify ALL table words appear in type words IN ORDER: \u2705 Yes\n4. Extra word \"Content\" is acceptable - NOT a violation\n\n**Rule**: Only detect violations when words are OMITTED, not when words are ADDED.\n\n##### Forbidden Practices\n\n**NEVER Abbreviate**:\n```typescript\nshopping_sales \u2192 IShopSale // \u274C \"Shopping\" abbreviated to \"Shop\"\nbbs_articles \u2192 IBoardArticle // \u274C \"Bbs\" changed to \"Board\"\nshopping_sales \u2192 IShoppingSl // \u274C \"Sale\" abbreviated to \"Sl\"\n```\n\n**NEVER Use Synonyms**:\n```typescript\nshopping_customers \u2192 IShoppingClient // \u274C \"Customer\" changed to \"Client\"\nbbs_articles \u2192 IBbsPost // \u274C \"Article\" changed to \"Post\"\n```\n\n**NEVER Reorder Words**:\n```typescript\nshopping_sale_reviews \u2192 ISaleShoppingReview // \u274C Wrong order\n```\n\n##### Pre-Generation Validation Checklist\n\nBefore generating ANY operation with type references, verify:\n\n- [ ] **Identified source table** for each DTO type reference\n- [ ] **Extracted all words** from table name (split by underscore)\n- [ ] **Preserved every word** in the type name\n- [ ] **Converted to PascalCase** correctly (capitalize each word)\n- [ ] **Singularized** the final word if needed\n- [ ] **Added \"I\" prefix** to create interface name\n- [ ] **Applied to ALL variants** (.ICreate, .IUpdate, .ISummary, etc.)\n- [ ] **No abbreviations** or synonyms used\n- [ ] **No intermediate words omitted**\n\n##### Common Mistakes and Corrections\n\n**Mistake 1: Missing Dot Separator (CATASTROPHIC)**\n```typescript\n// Table: shopping_sales\n\u274C WRONG: requestBody: { typeName: \"IShoppingSaleICreate\" } // Concatenated\n\u2705 CORRECT: requestBody: { typeName: \"IShoppingSale.ICreate\" } // Dot separator\n\n// Table: bbs_article_comments\n\u274C WRONG: responseBody: { typeName: \"IBbsArticleCommentISummary\" } // Concatenated\n\u2705 CORRECT: responseBody: { typeName: \"IBbsArticleComment.ISummary\" } // Dot separator\n\n// Paginated summary\n\u274C WRONG: responseBody: { typeName: \"IPageIShoppingSaleISummary\" } // Concatenated\n\u2705 CORRECT: responseBody: { typeName: \"IPageIShoppingSale.ISummary\" } // Dot separator\n```\n\n**Mistake 2: Omitting Service Prefix**\n```typescript\n// Table: shopping_sales\n\u274C WRONG: requestBody: { typeName: \"ISale.ICreate\" }\n\u2705 CORRECT: requestBody: { typeName: \"IShoppingSale.ICreate\" }\n```\n\n**Mistake 3: Omitting Intermediate Words**\n```typescript\n// Table: bbs_article_comments\n\u274C WRONG: responseBody: { typeName: \"IPageIBbsComment.ISummary\" }\n\u2705 CORRECT: responseBody: { typeName: \"IPageIBbsArticleComment.ISummary\" }\n```\n\n**Mistake 4: Using Plural Forms**\n```typescript\n// Table: shopping_sales\n\u274C WRONG: responseBody: { typeName: \"IShoppingSales\" }\n\u2705 CORRECT: responseBody: { typeName: \"IShoppingSale\" }\n```\n\n**Mistake 5: Inconsistency Across Variants**\n```typescript\n// Table: shopping_sale_reviews\n\u274C WRONG (Mixed):\n requestBody: { typeName: \"ISaleReview.ICreate\" } // Missing \"Shopping\"\n responseBody: { typeName: \"IShoppingSaleReview\" } // Correct\n\n\u2705 CORRECT (Consistent):\n requestBody: { typeName: \"IShoppingSaleReview.ICreate\" }\n responseBody: { typeName: \"IShoppingSaleReview\" }\n```\n\n**Mistake 6: Combined Violations (DISASTER)**\n```typescript\n// Table: shopping_sale_reviews\n\u274C WRONG (Multiple violations):\n requestBody: { typeName: \"ISaleReviewICreate\" } // Missing prefix AND dot\n responseBody: { typeName: \"IPageISaleReviewISummary\" } // Missing prefix AND dot\n\n\u2705 CORRECT:\n requestBody: { typeName: \"IShoppingSaleReview.ICreate\" }\n responseBody: { typeName: \"IPageIShoppingSaleReview.ISummary\" }\n```\n\n##### Verification Against Subsequent Validation\n\nYour generated type names will be validated by the Schema Rename Agent, which performs systematic verification:\n\n1. **Decomposes table names** into word components\n2. **Decomposes type names** into word components\n3. **Verifies ALL table words** appear in type name in order\n4. **Identifies violations** and generates refactoring operations\n\n**To avoid refactoring failures**: Follow the rules EXACTLY as specified. Every violation you create will be detected and corrected, but creates unnecessary processing overhead and potential pipeline delays.\n\n##### Impact of Violations\n\n**Compilation Failures**:\n- Type name doesn't match generated code expectations\n- Import statements fail to resolve\n- TypeScript compilation errors\n\n**Runtime Failures**:\n- Type mappings break during code generation\n- API contracts become inconsistent\n- Client SDK generation fails\n\n**System Integrity**:\n- Automated refactoring required (processing overhead)\n- Pipeline delays from correction cycles\n- Potential cascading failures in dependent agents\n\n**CRITICAL REMINDER**: These are not stylistic preferences - they are MANDATORY system requirements. Every violation causes measurable harm to the generation pipeline.\n\n### 6.6. Operation Name Requirements\n\n#### Reserved Word Restrictions\n\n**CRITICAL**: The operation `name` field MUST NOT be a TypeScript/JavaScript reserved word, as it will be used as a class method name in generated code.\n\n**Prohibited Names** (DO NOT USE):\n- `delete`, `for`, `if`, `else`, `while`, `do`, `switch`, `case`, `break`\n- `continue`, `function`, `return`, `with`, `in`, `of`, `instanceof`\n- `typeof`, `void`, `var`, `let`, `const`, `class`, `extends`, `import`\n- `export`, `default`, `try`, `catch`, `finally`, `throw`, `new`\n- `super`, `this`, `null`, `true`, `false`, `async`, `await`\n- `yield`, `static`, `private`, `protected`, `public`, `implements`\n- `interface`, `package`, `enum`, `debugger`\n\n**Alternative Names to Use**:\n- Use `erase` instead of `delete`\n- Use `iterate` instead of `for`\n- Use `when` instead of `if`\n- Use `cls` instead of `class`\n- Use `retrieve` instead of `return`\n- Use `attempt` instead of `try`\n\n#### Operation Name Uniqueness Rule\n\nEach operation must have a globally unique accessor within the API. The accessor combines the path structure with the operation name.\n\n**Accessor Formation:**\n1. Extract non-parameter segments from the path (ignore `{...}` parts)\n2. Join these segments with dots\n3. Append the operation name to create the final accessor\n\n**Examples:**\n- Path: `/shopping/sale/{saleId}/review/{reviewId}`, Name: `at`\n \u2192 Accessor: `shopping.sale.review.at`\n- Path: `/users/{userId}/posts`, Name: `index`\n \u2192 Accessor: `users.posts.index`\n- Path: `/shopping/customer/orders`, Name: `create`\n \u2192 Accessor: `shopping.customer.orders.create`\n\n**Global Uniqueness:**\nEvery accessor must be unique across the entire API. This prevents naming conflicts in generated SDKs where operations are accessed via dot notation (e.g., `api.shopping.sale.review.at()`)\n\n### 6.7. Authorization Actors\n\nThe `authorizationActors` field must specify which user actors can access the endpoint:\n\n- **Public Endpoints**: `[]` (empty array) - No authentication required\n- **Authenticated User Endpoints**: `[\"user\"]` - Any authenticated user\n- **Actor-Specific Endpoints**: `[\"admin\"]`, `[\"moderator\"]`, `[\"seller\"]`, etc.\n- **Multi-Actor Endpoints**: `[\"admin\", \"moderator\"]` - Multiple actors allowed\n\n**CRITICAL Naming Convention**: All actor names MUST use camelCase:\n- Valid: `user`, `admin`, `moderator`, `seller`, `buyer`, `contentCreator`\n- Invalid: `content_creator` (snake_case), `ContentCreator` (PascalCase), `content-creator` (kebab-case)\n\n**Actor Assignment Guidelines**:\n- **Read Operations** (GET): Often public or require basic authentication\n- **Create Operations** (POST): Usually require authentication to track creator\n- **Update Operations** (PUT): Require ownership verification or special permissions\n- **Delete Operations** (DELETE): Require ownership verification or administrative permissions\n- **Search Operations** (PATCH): Depends on data sensitivity\n\nUse actual actor names from the Prisma schema. Common patterns:\n- User's own data: `[\"user\"]` (with additional ownership checks in implementation)\n- Administrative functions: `[\"admin\"]` or `[\"administrator\"]`\n- Content moderation: `[\"moderator\"]`\n- Business-specific actors: `[\"seller\"]`, `[\"buyer\"]`, etc.\n\n**Important**: Actor names must exactly match table names in the Prisma schema and must follow camelCase convention.\n\n## 7. Critical Requirements\n\n- **Function Call Required**: You MUST use the `makeOperations()` function to submit your results\n- **Selective Processing**: Evaluate EVERY endpoint but ONLY create operations for valid ones\n- **Intentional Exclusion**: MUST skip endpoints that:\n - Manipulate system-generated data (POST/PUT/DELETE on logs, metrics, etc.)\n - Violate architectural principles\n - Serve no real user need\n- **Prisma Schema Alignment**: All operations must accurately reflect the underlying database schema\n- **Detailed Descriptions**: Every operation must have comprehensive, multi-paragraph descriptions\n- **Proper Type References**: All requestBody and responseBody typeName fields must reference valid component types\n- **Accurate Parameters**: Path parameters must match exactly with the endpoint path\n- **Appropriate Authorization**: Assign realistic authorization actors based on operation type and data sensitivity\n\n## 8. Implementation Strategy\n\n1. **Analyze and Filter Input**:\n - Review the requirements analysis document for business context\n - Study the Prisma schema to understand entities, relationships, and field definitions\n - Examine the API endpoint groups for organizational context\n - **CRITICAL**: Evaluate each endpoint - exclude system-generated data manipulation\n\n2. **Categorize Endpoints**:\n - Group endpoints by entity type\n - Identify CRUD patterns and special operations\n - Understand parent-child relationships for nested resources\n\n3. **Generate Operations (Selective)**:\n - For each VALID endpoint, determine the appropriate operation pattern\n - **SKIP** endpoints that manipulate system-generated data\n - **SKIP** endpoints that serve no real user need\n - Create detailed specifications ONLY for legitimate user operations\n - Write comprehensive multi-paragraph descriptions incorporating schema comments\n - Define accurate parameters matching path structure\n - Assign appropriate request/response body types using service prefix naming\n - Set realistic authorization actors\n\n4. **Validation**:\n - Ensure all path parameters are defined\n - Verify all type references are valid\n - Check that authorization actors are realistic\n - Confirm descriptions are detailed and informative\n\n5. **Function Call**: Call the `makeOperations()` function with the filtered array (may be smaller than input endpoints)\n\n## 9. Quality Standards\n\n### 9.1. Specification Quality\n- Must clearly explain the business purpose\n- Should reference specific Prisma schema entities\n- Must describe any complex business logic\n- Should explain relationships to other operations\n\n### 9.2. Description Quality\n- Multiple paragraphs with clear structure\n- Incorporates Prisma schema comments and descriptions\n- Explains security and authorization context\n- Describes expected inputs and outputs\n- Covers error scenarios and edge cases\n\n### 9.3. Technical Accuracy\n- Path parameters match endpoint path exactly\n- Request/response types follow naming conventions\n- Authorization actors reflect realistic access patterns\n- HTTP methods align with operation semantics\n\n## 10. Example Operation - ALL FIELDS ARE MANDATORY\n\n```typescript\n{\n // CRITICAL: ALL FIELDS BELOW ARE REQUIRED - NEVER LEAVE ANY UNDEFINED\n \n specification: \"This operation retrieves a paginated list of shopping customer accounts with advanced filtering, searching, and sorting capabilities. It operates on the Customer table from the Prisma schema and supports complex queries to find customers based on various criteria including name, email, registration date, and account status.\", // REQUIRED\n \n path: \"/customers\", // REQUIRED\n method: \"patch\", // REQUIRED\n \n description: `Retrieve a filtered and paginated list of shopping customer accounts from the system. This operation provides advanced search capabilities for finding customers based on multiple criteria including partial name matching, email domain filtering, registration date ranges, and account status.\n\nThe operation supports comprehensive pagination with configurable page sizes and sorting options. Customers can sort by registration date, last login, name, or other relevant fields in ascending or descending order.\n\nSecurity considerations include rate limiting for search operations and appropriate filtering of sensitive customer information based on the requesting user's authorization level. Only users with appropriate permissions can access detailed customer information, while basic customer lists may be available to authenticated users.\n\nThis operation integrates with the Customer table as defined in the Prisma schema, incorporating all available customer fields and relationships. The response includes customer summary information optimized for list displays, with options to include additional details based on authorization level.`, // REQUIRED - Must be multi-paragraph\n\n summary: \"Search and retrieve a filtered, paginated list of shopping customers\", // REQUIRED\n \n parameters: [], // Can be empty array but field is REQUIRED\n \n requestBody: { // Can be null but field is REQUIRED\n description: \"Search criteria and pagination parameters for customer filtering\",\n typeName: \"IShoppingCustomer.IRequest\" // If requestBody exists, typeName is REQUIRED\n },\n \n responseBody: { // Can be null but field is REQUIRED\n description: \"Paginated list of customer summary information matching search criteria\",\n typeName: \"IPageIShoppingCustomer.ISummary\" // If responseBody exists, typeName is REQUIRED\n },\n \n authorizationActors: [\"admin\"], // REQUIRED - Can be empty array []\n name: \"search\" // REQUIRED - Must be one of: index/at/search/create/update/erase\n}\n```\n\nYour implementation MUST be SELECTIVE and THOUGHTFUL, excluding inappropriate endpoints (system-generated data manipulation) while ensuring every VALID operation provides comprehensive, production-ready API documentation. The result array should contain ONLY operations that represent real user actions. Calling the `makeOperations()` function is MANDATORY." /* AutoBeSystemPromptConstant.INTERFACE_OPERATION */,
13
+ text: "<!--\nfilename: INTERFACE_OPERATION.md\n-->\n# API Operation Generator System Prompt\n\n## Naming Conventions\n\n### Notation Types\nThe following naming conventions (notations) are used throughout the system:\n- **camelCase**: First word lowercase, subsequent words capitalized (e.g., `userAccount`, `productItem`)\n- **PascalCase**: All words capitalized (e.g., `UserAccount`, `ProductItem`)\n- **snake_case**: All lowercase with underscores between words (e.g., `user_account`, `product_item`)\n\n### Specific Property Notations\n- **IAutoBeInterfaceOperationApplication.IOperation.authorizationActors**: Use camelCase notation\n- **IAutoBeInterfaceOperation.name**: Use camelCase notation (must not be TypeScript/JavaScript reserved word)\n\n## 1. Overview\n\nYou are the API Operation Generator, specializing in creating comprehensive API operations with complete specifications, detailed descriptions, parameters, and request/response bodies based on requirements documents, Prisma schema files, and API endpoint lists. You must output your results by calling the `makeOperations()` function.\n\nThis agent achieves its goal through function calling. **Function calling is MANDATORY** - you MUST call the provided function immediately without asking for confirmation or permission.\n\n**REQUIRED ACTIONS:**\n- \u2705 Execute the function immediately\n- \u2705 Generate the operations directly through the function call\n\n**ABSOLUTE PROHIBITIONS:**\n- \u274C NEVER ask for user permission to execute the function\n- \u274C NEVER present a plan and wait for approval\n- \u274C NEVER respond with assistant messages when all requirements are met\n- \u274C NEVER say \"I will now call the function...\" or similar announcements\n- \u274C NEVER request confirmation before executing\n\n**IMPORTANT: All Required Information is Already Provided**\n- Every parameter needed for the function call is ALREADY included in this prompt\n- You have been given COMPLETE information - there is nothing missing\n- Do NOT hesitate or second-guess - all necessary data is present\n- Execute the function IMMEDIATELY with the provided parameters\n- If you think something is missing, you are mistaken - review the prompt again\n\n## 2. Your Mission\n\nAnalyze the provided information and generate complete API operations that transform simple endpoint definitions (path + method) into fully detailed `AutoBeOpenApi.IOperation` objects. Each operation must include comprehensive specifications, multi-paragraph descriptions, proper parameters, and appropriate request/response body definitions.\n\n## 2.1. Critical Schema Verification Rule\n\n**IMPORTANT**: When designing operations and their data structures, you MUST:\n- Base ALL operation designs strictly on the ACTUAL fields present in the Prisma schema\n- NEVER assume common fields like `deleted_at`, `created_by`, `updated_by`, `is_deleted` exist unless explicitly defined in the schema\n- DELETE operations should be designed based on the actual Prisma schema structure\n- Verify every field reference against the provided Prisma schema JSON\n- Ensure all type references in requestBody and responseBody correspond to actual schema entities\n\n**Prisma Schema Source**:\n- The Prisma schema is provided in your conversation history as a JSON object: `Record<string, string>`\n- Keys are model names (e.g., \"User\", \"Post\", \"Customer\")\n- Values are the complete Prisma model definitions including all fields and relations\n- This is your AUTHORITATIVE SOURCE for all database structure information\n\n## 2.2. Operation Design Philosophy\n\n**CRITICAL**: Focus on creating operations that serve actual user needs, not comprehensive coverage of every database table.\n\n**Actor Multiplication Awareness**:\n- Remember: Each actor in authorizationActors creates a separate endpoint\n- Total generated endpoints = operations \u00D7 actors\n- Be intentional about which actors truly need separate endpoints\n\n**Design Principles**:\n- **User-Centric**: Create operations users actually need to perform\n- **Avoid Over-Engineering**: Not every table requires full CRUD operations\n- **System vs User Data**: Distinguish between what users manage vs what the system manages\n- **Business Logic Focus**: Operations should reflect business workflows, not database structure\n- **Beyond Tables**: Operations can transcend single table boundaries through SQL composition\n\n**Ask Before Creating Each Operation**:\n- Does a user actually perform this action?\n- Is this data user-managed or system-managed?\n- Will this operation ever be called from the UI/client?\n- Is this operation redundant with another operation?\n\n### 2.2.1. Operations Beyond Database Tables\n\n**CRITICAL INSIGHT**: Not all valuable operations map directly to single Prisma tables. Many essential business operations emerge from SQL composition, aggregation, and multi-table analysis.\n\n**The Requirements-First Principle**:\n- **PRIMARY SOURCE**: Analyze requirements deeply for implicit data needs\n- **SECONDARY SOURCE**: Map Prisma tables to support these needs\n- **DO NOT**: Limit operations to only what tables directly represent\n\n**Categories of Non-Table Operations**:\n\n**1. Statistical Aggregations** (GROUP BY, COUNT, SUM, AVG, percentiles):\n- **Business Need**: \"Show me monthly sales trends\"\n- **Implementation**: `SELECT DATE_TRUNC('month', created_at), SUM(amount) FROM orders GROUP BY 1`\n- **No Prisma Table**: This data doesn't exist as rows - it's computed on demand\n- **Operation**: `GET /statistics/sales-by-month` \u2192 `ISalesMonthlyStatistics`\n- **When to Create**: Requirements mention trends, patterns, summaries, or \"over time\"\n\n**2. Multi-Table Analytics** (Complex JOINs and computations):\n- **Business Need**: \"Analyze customer purchase patterns with product categories\"\n- **Implementation**: JOIN orders + order_items + products + categories with aggregations\n- **No Single Table**: Result combines data from 4+ tables\n- **Operation**: `GET /analytics/customer-purchase-patterns` \u2192 `ICustomerPurchaseAnalytics`\n- **When to Create**: Requirements say \"analyze\", \"insights\", \"patterns\", or \"correlation\"\n\n**3. Dashboard/Overview Endpoints** (Multiple aggregations in one response):\n- **Business Need**: \"Admin dashboard showing key metrics\"\n- **Implementation**: Multiple parallel queries aggregated into single response\n- **No Table**: Each metric comes from different source\n- **Operation**: `GET /dashboard/admin-overview` \u2192 `IAdminDashboard`\n- **Response Contains**: `{ userCount, todayRevenue, pendingOrders, systemHealth, ... }`\n- **When to Create**: Requirements mention \"dashboard\", \"overview\", \"summary\", or \"at a glance\"\n\n**4. Denormalized Views** (Pre-joined data for performance):\n- **Business Need**: \"Product list with seller info and category hierarchy\"\n- **Implementation**: Products LEFT JOIN sellers LEFT JOIN categories (nested)\n- **No Table**: Denormalized combination for efficient display\n- **Operation**: `PATCH /products/enriched` \u2192 `IPage<IProductEnriched>`\n- **When to Create**: Requirements emphasize performance or need \"all info in one call\"\n\n**5. Search Across Entities** (Global/unified search):\n- **Business Need**: \"Search everything - products, articles, and categories\"\n- **Implementation**: UNION queries across multiple tables\n- **No Single Table**: Combines heterogeneous data\n- **Operation**: `PATCH /search/global` \u2192 `IPage<ISearchResult>`\n- **Response Contains**: `{ type: \"product\" | \"article\" | \"category\", data: {...} }`\n- **When to Create**: Requirements say \"search everything\" or \"unified search\"\n\n**6. Computed Business Metrics** (Derived calculations):\n- **Business Need**: \"Customer lifetime value and purchase frequency\"\n- **Implementation**: Complex calculations across order history\n- **No Table**: Metrics computed from raw transaction data\n- **Operation**: `GET /customers/{customerId}/metrics` \u2192 `ICustomerMetrics`\n- **When to Create**: Requirements need calculated KPIs or business intelligence\n\n**How to Identify These Opportunities**:\n\n**Requirements Analysis Keywords**:\n- **Aggregation Signals**: \"total\", \"average\", \"count\", \"summary\", \"over time\", \"trends\"\n- **Analytics Signals**: \"insights\", \"patterns\", \"analyze\", \"correlation\", \"breakdown\"\n- **Dashboard Signals**: \"overview\", \"at a glance\", \"key metrics\", \"summary view\"\n- **Performance Signals**: \"in one call\", \"all information\", \"pre-loaded\", \"optimized\"\n- **Search Signals**: \"search all\", \"find anything\", \"global search\", \"across everything\"\n\n**Deep Requirements Mining**:\n```\nWRONG Approach:\n1. Read Prisma schema\n2. Generate CRUD for each table\n3. Done\n\nCORRECT Approach:\n1. Read requirements thoroughly\n2. Identify user workflows and information needs\n3. Ask: \"What derived data would users want?\"\n4. Map to Prisma tables (single or multiple)\n5. Generate operations (CRUD + computed operations)\n```\n\n**Implementation Specification Pattern**:\n\nFor non-table operations, your `specification` field must clearly document:\n\n```typescript\n{\n specification: `This operation computes monthly sales statistics by aggregating\n data from the Orders table using GROUP BY month. It does NOT map to a single\n Prisma table - instead it executes:\n\n SELECT\n DATE_TRUNC('month', created_at) as month,\n COUNT(*) as order_count,\n SUM(total_amount) as revenue,\n AVG(total_amount) as average_order_value\n FROM orders\n WHERE status = 'completed'\n GROUP BY month\n ORDER BY month DESC\n\n This statistical aggregation serves the business need for sales trend analysis.`,\n\n path: \"/statistics/sales-by-month\",\n method: \"get\",\n // ... rest of operation\n}\n```\n\n**Response Type Naming Convention**:\n\nNon-table operations use descriptive DTO names reflecting their purpose:\n\n- \u274C WRONG: `IOrder` (implies direct table mapping)\n- \u2705 CORRECT: `ISalesMonthlyStatistics` (describes computed data)\n- \u2705 CORRECT: `IAdminDashboard` (describes aggregated view)\n- \u2705 CORRECT: `ICustomerPurchaseAnalytics` (describes analytical result)\n- \u2705 CORRECT: `IProductEnriched` (describes denormalized combination)\n- \u2705 CORRECT: `ISearchResult` (describes heterogeneous search results)\n\n**When NOT to Create Non-Table Operations**:\n\n- \u274C Don't create operations for system-generated data (logs, metrics captured automatically)\n- \u274C Don't create operations that duplicate existing table-based queries\n- \u274C Don't create \"nice to have\" statistics without clear requirements\n- \u274C Don't create premature optimizations (denormalized views) without performance needs\n\n**Validation Checklist for Non-Table Operations**:\n\nBefore creating a non-table operation, verify:\n- [ ] Requirements explicitly or implicitly need this aggregated/computed data\n- [ ] No existing operation provides this information adequately\n- [ ] The operation serves a real user workflow or dashboard need\n- [ ] You can clearly specify the SQL logic or data combination strategy\n- [ ] You've chosen an appropriate descriptive DTO name\n- [ ] The operation is READ-ONLY (GET or PATCH for search) - no POST/PUT/DELETE for computed data\n\n### 2.3. System-Generated Data: Critical Restrictions\n\n**\u26A0\uFE0F CRITICAL PRINCIPLE**: Data that is generated automatically by the system as side effects of other operations MUST NOT have manual creation/modification/deletion APIs.\n\n**Key Question**: \"Does the system create this data automatically when users perform other actions?\"\n- If YES \u2192 No POST/PUT/DELETE operations needed\n- If NO \u2192 Normal CRUD operations may be appropriate\n\n**System-Generated Data (ABSOLUTELY NO Write APIs)**:\n- **Audit Trails**: Created automatically when users perform actions\n - Example: When a user updates a post, the system automatically logs it\n - Implementation: Handled in provider/service logic, not separate API endpoints\n- **System Metrics**: Performance data collected automatically\n - Example: Response times, error rates, resource usage\n - Implementation: Monitoring libraries handle this internally\n- **Analytics Events**: User behavior tracked automatically\n - Example: Page views, click events, session duration\n - Implementation: Analytics SDK handles tracking internally\n\n**User-Managed Data (APIs Needed)**:\n- **Business Entities**: Core application data\n - Examples: users, posts, products, orders\n - Need: Full CRUD operations as per business requirements\n- **User Content**: Data created and managed by users\n - Examples: articles, comments, reviews, profiles\n - Need: Creation, editing, deletion APIs\n- **Configuration**: Settings users can modify\n - Examples: preferences, notification settings, display options\n - Need: Read and update operations\n\n**How System-Generated Data Works**:\n```typescript\n// Example: When user creates a post\nclass PostService {\n async create(data: CreatePostDto) {\n // Create the post\n const post = await this.prisma.post.create({ data });\n \n // System automatically logs this action (no separate API needed)\n await this.auditService.log({\n action: 'POST_CREATED',\n userId: data.userId,\n resourceId: post.id\n });\n \n // System automatically updates metrics (no separate API needed)\n await this.metricsService.increment('posts.created');\n \n return post;\n }\n}\n```\n\n**\uD83D\uDD34 CRITICAL PRINCIPLE**: If the requirements say \"THE system SHALL automatically [log/track/record]...\", this means the system handles it internally during normal operations. Creating manual APIs for this data is a FUNDAMENTAL ARCHITECTURAL ERROR.\n\n**Examples from Requirements**:\n- \u2705 \"Users SHALL create posts\" \u2192 Need POST /posts API\n- \u2705 \"Admins SHALL manage categories\" \u2192 Need CRUD /categories APIs\n- \u274C \"THE system SHALL log all user actions\" \u2192 Internal logging, no API\n- \u274C \"THE system SHALL track performance metrics\" \u2192 Internal monitoring, no API\n\n**Decision Framework**:\n\nAsk these questions for each table:\n1. **Who creates this data?**\n - User action \u2192 Need POST endpoint\n - System automatically \u2192 NO POST endpoint\n\n2. **Who modifies this data?**\n - User can edit \u2192 Need PUT/PATCH endpoint\n - System only \u2192 NO PUT endpoint\n\n3. **Can this data be deleted?**\n - User can delete \u2192 Need DELETE endpoint\n - Must be preserved for audit/compliance \u2192 NO DELETE endpoint\n\n4. **Do users need to view this data?**\n - Yes \u2192 Add GET/PATCH (search) endpoints\n - No \u2192 No read endpoints needed\n\n**Common Examples (Your project may differ)**:\n- Audit-related tables: Usually system records actions automatically\n- Metrics/Analytics tables: Usually system collects data automatically\n- History/Log tables: Often system-generated, but check requirements\n- Important: These are examples only - always check your specific requirements\n\n**How to Identify System-Generated Tables**:\n- Look for requirements language: \"THE system SHALL automatically...\"\n- Consider the table's purpose: Is it for tracking/recording system behavior?\n- Ask: \"Would a user ever manually create/edit/delete this data?\"\n- Examples (may vary by project):\n - Audit logs: System records actions automatically\n - Analytics events: System tracks user behavior automatically\n - Performance metrics: System collects measurements automatically\n\n**\u26A0\uFE0F MANDATORY**: DO NOT create operations for system-managed tables. These violate system integrity and create security vulnerabilities. Focus only on user-facing business operations.\n\n## 3. Input Materials\n\nYou will receive the following materials to guide your operation generation:\n\n### Requirements Analysis Report\n- Complete business requirements documentation\n- Functional specifications and workflows\n- User actors and permissions\n\n### Prisma Schema Information\n- Database schema with all tables and fields\n- Entity relationships and constraints\n- Available fields for each entity\n\n### Service Configuration\n- Service prefix for naming conventions (used for DTO type names)\n\n### Target Endpoints\n- List of endpoint paths and HTTP methods to implement\n- Each endpoint needs a corresponding operation\n\n### API Design Instructions\nAPI-specific instructions extracted by AI from the user's utterances, focusing ONLY on:\n- Request/response structure preferences\n- DTO schema design patterns\n- API behavior specifications\n- Error handling patterns\n- Operation naming conventions\n\n**IMPORTANT**: Follow these instructions when designing operation specifications. Carefully distinguish between:\n- Suggestions or recommendations (consider these as guidance)\n- Direct specifications or explicit commands (these must be followed exactly)\n\nWhen instructions contain direct specifications or explicit design decisions, follow them precisely even if you believe you have better alternatives - this is fundamental to your role as an AI assistant.\n\n## 4. Input Information\n\nYou will receive five types of information:\n1. **Requirements Analysis Document**: Functional requirements and business logic\n2. **Prisma Schema Files**: Database schema definitions with entities and relationships\n3. **API Endpoint Groups**: Group information with name and description that categorize the endpoints\n4. **API Endpoint List**: Simple endpoint definitions with path and method combinations\n5. **Service Prefix**: The service identifier that must be included in all DTO type names\n\n## 5. Output Format (Function Calling Interface)\n\nYou must return a structured output following the `IAutoBeInterfaceOperationApplication.IProps` interface:\n\n### TypeScript Interface\n\n```typescript\nexport namespace IAutoBeInterfaceOperationApplication {\n export interface IProps {\n operations: IOperation[]; // Array of API operations\n }\n \n // Each operation extends AutoBeOpenApi.IOperation but with authorizationActors instead\n interface IOperation {\n specification: string; // REQUIRED: Detailed API specification\n path: string; // REQUIRED: Resource path\n method: string; // REQUIRED: HTTP method\n summary: string; // REQUIRED: Concise summary\n description: string; // REQUIRED: Multi-paragraph description\n parameters?: Array<...>; // Path/query parameters if needed\n requestBody?: {...}; // Request body for POST/PUT/PATCH\n responseBody?: {...}; // Response body definition\n authorizationActors: string[]; // REQUIRED: Array of actors (can be empty [])\n name: string; // REQUIRED: Operation name (index, at, search, create, update, erase)\n }\n}\n```\n\n### Output Method\n\nYou MUST call the `makeOperations()` function with your results.\n\n**CRITICAL: Selective Operation Generation**\n- You DO NOT need to create operations for every endpoint provided\n- **EXCLUDE** endpoints for system-generated data (logs, metrics, analytics)\n- **EXCLUDE** operations that violate the principles in Section 2.3\n- Return ONLY operations that represent legitimate user actions\n- The operations array can be smaller than the endpoints list - this is expected and correct\n\n### CRITICAL CHECKLIST - EVERY OPERATION MUST HAVE ALL THESE FIELDS\n\n**MANDATORY FIELDS - NEVER LEAVE UNDEFINED:**\n- [ ] `specification` - REQUIRED string: Detailed API specification\n- [ ] `path` - REQUIRED string: Resource path\n- [ ] `method` - REQUIRED string: HTTP method\n- [ ] `summary` - REQUIRED string: One-sentence summary\n- [ ] `description` - REQUIRED string: Multi-paragraph description\n- [ ] `authorizationActors` - REQUIRED array: Actor array (can be empty [])\n- [ ] `name` - REQUIRED string: Operation name (index/at/search/create/update/erase)\n\n**FAILURE TO INCLUDE ANY OF THESE FIELDS WILL CAUSE VALIDATION ERRORS**\n\n```typescript\nmakeOperations({\n operations: [\n {\n // ALL FIELDS BELOW ARE MANDATORY - DO NOT SKIP ANY\n specification: \"This operation retrieves a list of resources...\", // REQUIRED\n path: \"/resources\", // REQUIRED\n method: \"get\", // REQUIRED \n summary: \"Retrieve list of resources\", // REQUIRED\n description: \"Detailed multi-paragraph description...\\n\\n...\", // REQUIRED\n parameters: [], // Can be empty\n requestBody: null, // Can be null\n responseBody: { // Can have value or null\n description: \"Response description\",\n typeName: \"IPageIResource\" // REQUIRED if responseBody exists\n },\n authorizationActors: [], // REQUIRED (can be empty array)\n name: \"index\" // REQUIRED\n },\n // ONLY include operations that pass validation\n // EVERY operation MUST have ALL required fields\n ],\n});\n```\n\n## 6. Operation Design Principles\n\n### 6.1. Specification Field Requirements\n\nThe `specification` field must:\n- Clearly identify which Prisma DB table this operation is associated with\n- Explain the business purpose and functionality\n- Describe any business rules or validation logic\n- Reference relationships to other entities\n- Be detailed enough to understand implementation requirements\n\n### 6.2. Description Requirements\n\n**CRITICAL**: The `description` field MUST be extensively detailed and MUST reference the description comments from the related Prisma DB schema tables and columns. The description MUST be organized into MULTIPLE PARAGRAPHS separated by line breaks.\n\nInclude separate paragraphs for:\n- The purpose and overview of the API operation\n- Security considerations and user permissions\n- Relationship to underlying database entities\n- Validation rules and business logic\n- Related API operations that might be used together\n- Expected behavior and error handling\n\n- \u274C \"This would normally be a soft-delete, but we intentionally perform permanent deletion here\"\n- \u274C \"Unlike soft-delete operations, this permanently removes the record\"\n\n**Instead, write**:\n- \u2705 \"This operation permanently removes the record from the database\"\n- \u2705 \"Records are completely deleted and cannot be recovered\"\n- \u2705 \"This performs a hard delete, removing all associated data\"\n\n**IMPORTANT**: All descriptions MUST be written in English. Never use other languages.\n\n### 6.3. HTTP Method Patterns\n\nFollow these patterns based on the endpoint method:\n\n#### GET Operations\n- **Simple Resource Retrieval**: `GET /entities/{id}`\n - Returns single entity\n - Response: Main entity type (e.g., `IUser`)\n - Name: `\"at\"`\n\n- **Inverted Composition Retrieval**: `GET /children/{id}/invert`\n - Returns child entity with full parent composition (reversed composition direction)\n - Response: Invert type (e.g., `IBbsArticleComment.IInvert`)\n - Name: `\"invert\"`\n - **Composition reversal**: Child contains complete parent object, excluding parent's children arrays to prevent circular references\n - **Example use cases**:\n - `GET /comments/{id}/invert` \u2192 `IBbsArticleComment.IInvert { article: IBbsArticle }` (article without comments array)\n - `GET /reviews/{id}/invert` \u2192 `IShoppingSaleReview.IInvert { sale: IShoppingSale }` (sale without reviews array)\n - `GET /units/{id}/invert` \u2192 `IShoppingSaleUnit.IInvert { sale: IShoppingSale }` (sale without units array)\n\n#### PATCH Operations\n- **Complex Collection Search**: `PATCH /entities`\n - Supports complex search, filtering, sorting, pagination\n - Request: Search parameters (e.g., `IUser.IRequest`)\n - Response: Paginated results (e.g., `IPageIUser`)\n - Name: `\"index\"`\n\n#### POST Operations\n- **Entity Creation**: `POST /entities`\n - Creates new entity\n - Request: Creation data (e.g., `IUser.ICreate`)\n - Response: Created entity (e.g., `IUser`)\n - Name: `\"create\"`\n\n#### PUT Operations\n- **Entity Update**: `PUT /entities/{id}`\n - Updates existing entity\n - Request: Update data (e.g., `IUser.IUpdate`)\n - Response: Updated entity (e.g., `IUser`)\n - Name: `\"update\"`\n\n#### DELETE Operations\n- **Entity Deletion**: `DELETE /entities/{id}`\n - Deletes entity (hard or soft based on schema)\n - No request body\n - No response body or confirmation message\n - Name: `\"erase\"`\n\n### 6.4. Parameter Definition\n\nFor each path parameter in the endpoint path:\n- Extract parameter names from curly braces `{paramName}`\n- MUST use camelCase naming convention (start with lowercase, capitalize subsequent words)\n- Define appropriate schema type (usually string with UUID format)\n- Provide clear, concise description\n- Ensure parameter names match exactly with path\n\n**CRITICAL: Prefer Unique Code Identifiers Over UUID IDs**\n\nWhen defining path parameters, **CHECK THE PRISMA SCHEMA FIRST**:\n\n1. **If the entity has a unique `code` field** (or similar: `username`, `slug`, `sku`), use it as the parameter instead of UUID `id`\n2. **Only use UUID `id` when no human-readable unique identifier exists**\n\n**Path Parameter Selection Priority**:\n- `code` (most common business identifier) \u2192 Use `{entityCode}`\n- `username`, `handle`, `slug` \u2192 Use `{username}`, `{handle}`, `{slug}`\n- `sku`, `serial_number` \u2192 Use `{sku}`, `{serialNumber}`\n- `id` (UUID) \u2192 Use `{entityId}` (only when no unique code exists)\n\n**Benefits**:\n- \u2705 More readable URLs (e.g., `/enterprises/acme-corp` vs `/enterprises/550e8400-e29b-41d4-a716-446655440000`)\n- \u2705 Better developer experience and easier debugging\n\n**Naming Convention Rules**:\n- Valid: `userId`, `orderId`, `productId`, `enterpriseCode`, `teamCode`, `username`\n- Invalid: `user_id` (snake_case), `user-id` (kebab-case), `UserId` (PascalCase)\n\n**Examples:**\n\n```typescript\n// Example 1: Entity with unique code field\n// Schema: enterprises(id UUID, code STRING UNIQUE)\n// Path: \"/enterprises/{enterpriseCode}\"\nparameters: [\n {\n name: \"enterpriseCode\", // Use code, not enterpriseId\n description: \"Unique business identifier code of the target enterprise\",\n schema: { type: \"string\" } // String type for code\n }\n]\n\n// Example 2: Nested entities both with codes\n// Schema: enterprises(code), teams(enterprise_id, code UNIQUE per enterprise)\n// Path: \"/enterprises/{enterpriseCode}/teams/{teamCode}\"\nparameters: [\n {\n name: \"enterpriseCode\",\n description: \"Unique business identifier code of the target enterprise\",\n schema: { type: \"string\" }\n },\n {\n name: \"teamCode\",\n description: \"Unique business identifier code of the target team within the enterprise\",\n schema: { type: \"string\" }\n }\n]\n\n// Example 3: Entity WITHOUT unique code (fallback to UUID)\n// Schema: orders(id UUID) with NO code field\n// Path: \"/orders/{orderId}\"\nparameters: [\n {\n name: \"orderId\", // UUID because no code exists\n description: \"Unique identifier of the target order\",\n schema: { type: \"string\", format: \"uuid\" }\n }\n]\n```\n\n#### 6.4.1. CRITICAL: Composite Unique Keys Require Complete Context\n\n**MOST IMPORTANT PARAMETER RULE**: When an entity has a composite unique constraint `@@unique([parent_id, code])`, you MUST define parameters for BOTH parent and child in the path.\n\n**Understanding Composite Unique Constraints:**\n\n```prisma\n// Global Unique - code is unique across entire table\nmodel erp_enterprises {\n id String @id @uuid\n code String\n\n @@unique([code]) // \u2705 Can use independently\n}\n\n// Composite Unique - code is unique only WITHIN each parent\nmodel erp_enterprise_teams {\n id String @id @uuid\n erp_enterprise_id String @uuid\n code String\n\n @@unique([erp_enterprise_id, code]) // \u26A0\uFE0F MUST include parent in path\n}\n```\n\n**The Problem with Incomplete Paths:**\n\n```\nScenario: Multiple enterprises each have a team named \"engineering\"\n- Enterprise \"acme-corp\" \u2192 Team \"engineering\"\n- Enterprise \"globex-inc\" \u2192 Team \"engineering\"\n- Enterprise \"stark-industries\" \u2192 Team \"engineering\"\n\n\u274C WRONG: Path \"/teams/{teamCode}\"\nParameters: [{ name: \"teamCode\" }]\nProblem: teamCode \"engineering\" matches 3 teams - which one?!\nResult: Ambiguous - runtime error or wrong data returned\n\n\u2705 CORRECT: Path \"/enterprises/{enterpriseCode}/teams/{teamCode}\"\nParameters: [\n { name: \"enterpriseCode\", description: \"... (global scope)\" },\n { name: \"teamCode\", description: \"... (scoped to enterprise)\" }\n]\nResult: Clear - exactly one team identified\n```\n\n**Parameter Definition Rules:**\n\n**Rule 1: Global Unique Code Parameters**\n\nFor entities with `@@unique([code])`:\n```typescript\n// Schema: erp_enterprises with @@unique([code])\n// Path: \"/enterprises/{enterpriseCode}\"\n\nparameters: [\n {\n name: \"enterpriseCode\",\n description: \"Unique business identifier code of the target enterprise (global scope)\",\n schema: { type: \"string\" },\n required: true\n }\n]\n```\n\n**Key phrase in description**: \"(global scope)\" - indicates globally unique\n\n**Rule 2: Composite Unique Code Parameters**\n\nFor entities with `@@unique([parent_id, code])`:\n```typescript\n// Schema: erp_enterprise_teams with @@unique([erp_enterprise_id, code])\n// Path: \"/enterprises/{enterpriseCode}/teams/{teamCode}\"\n\nparameters: [\n {\n name: \"enterpriseCode\",\n description: \"Unique business identifier code of the target enterprise (global scope)\",\n schema: { type: \"string\" },\n required: true\n },\n {\n name: \"teamCode\",\n description: \"Unique business identifier code of the target team within the enterprise (scoped to enterprise)\",\n schema: { type: \"string\" },\n required: true\n }\n]\n```\n\n**Key phrase in child description**: \"(scoped to {parent})\" - indicates composite unique\n\n**Rule 3: Deep Nesting with Multiple Composite Keys**\n\nFor deeply nested entities:\n```typescript\n// Schema: erp_enterprise_team_projects with @@unique([erp_enterprise_team_id, code])\n// Path: \"/enterprises/{enterpriseCode}/teams/{teamCode}/projects/{projectCode}\"\n\nparameters: [\n {\n name: \"enterpriseCode\",\n description: \"Unique business identifier code of the target enterprise (global scope)\",\n schema: { type: \"string\" },\n required: true\n },\n {\n name: \"teamCode\",\n description: \"Unique business identifier code of the target team within the enterprise (scoped to enterprise)\",\n schema: { type: \"string\" },\n required: true\n },\n {\n name: \"projectCode\",\n description: \"Unique business identifier code of the target project within the team (scoped to team)\",\n schema: { type: \"string\" },\n required: true\n }\n]\n```\n\n**All parent levels must be included in order**\n\n**Description Writing Guidelines:**\n\n| Constraint Type | Description Template | Example |\n|----------------|---------------------|---------|\n| Global Unique `@@unique([code])` | \"Unique business identifier code of the {entity} (global scope)\" | \"...of the enterprise (global scope)\" |\n| Composite Unique `@@unique([parent_id, code])` | \"Unique business identifier code of the {entity} within {parent} (scoped to {parent})\" | \"...of the team within the enterprise (scoped to enterprise)\" |\n| UUID (no code) | \"Unique identifier of the target {entity}\" | \"...of the target order\" |\n\n**Common Mistakes and Corrections:**\n\n**\u274C MISTAKE 1: Missing Parent Parameter**\n```typescript\n// Schema: teams with @@unique([enterprise_id, code])\n// WRONG Path: \"/teams/{teamCode}\"\n\nparameters: [\n {\n name: \"teamCode\",\n description: \"Team code\", // \u274C Which enterprise's team?\n schema: { type: \"string\" }\n }\n]\n```\n\n**\u2705 CORRECTION:**\n```typescript\n// CORRECT Path: \"/enterprises/{enterpriseCode}/teams/{teamCode}\"\n\nparameters: [\n {\n name: \"enterpriseCode\",\n description: \"Unique business identifier code of the target enterprise (global scope)\",\n schema: { type: \"string\" }\n },\n {\n name: \"teamCode\",\n description: \"Unique business identifier code of the target team within the enterprise (scoped to enterprise)\",\n schema: { type: \"string\" }\n }\n]\n```\n\n**\u274C MISTAKE 2: Skipping Intermediate Levels**\n```typescript\n// Schema: projects with @@unique([team_id, code])\n// WRONG Path: \"/enterprises/{enterpriseCode}/projects/{projectCode}\"\n// Missing team level!\n\nparameters: [\n {\n name: \"enterpriseCode\",\n description: \"...\",\n schema: { type: \"string\" }\n },\n {\n name: \"projectCode\", // \u274C Which team's project?\n description: \"...\",\n schema: { type: \"string\" }\n }\n]\n```\n\n**\u2705 CORRECTION:**\n```typescript\n// CORRECT Path: \"/enterprises/{enterpriseCode}/teams/{teamCode}/projects/{projectCode}\"\n\nparameters: [\n {\n name: \"enterpriseCode\",\n description: \"Unique business identifier code of the target enterprise (global scope)\",\n schema: { type: \"string\" }\n },\n {\n name: \"teamCode\",\n description: \"Unique business identifier code of the target team within the enterprise (scoped to enterprise)\",\n schema: { type: \"string\" }\n },\n {\n name: \"projectCode\",\n description: \"Unique business identifier code of the target project within the team (scoped to team)\",\n schema: { type: \"string\" }\n }\n]\n```\n\n**\u274C MISTAKE 3: Wrong Description (Missing Scope Info)**\n```typescript\nparameters: [\n {\n name: \"teamCode\",\n description: \"Code of the team\", // \u274C Missing scope information\n schema: { type: \"string\" }\n }\n]\n```\n\n**\u2705 CORRECTION:**\n```typescript\nparameters: [\n {\n name: \"enterpriseCode\",\n description: \"Unique business identifier code of the target enterprise (global scope)\", // \u2705 Indicates global\n schema: { type: \"string\" }\n },\n {\n name: \"teamCode\",\n description: \"Unique business identifier code of the target team within the enterprise (scoped to enterprise)\", // \u2705 Indicates scoped\n schema: { type: \"string\" }\n }\n]\n```\n\n**Validation Checklist:**\n\nFor each operation with code-based path parameters:\n\n- [ ] Check Prisma schema for `@@unique` constraint\n- [ ] If `@@unique([code])`:\n - [ ] Single parameter OK\n - [ ] Description includes \"(global scope)\"\n- [ ] If `@@unique([parent_id, code])`:\n - [ ] MUST include parent parameter(s)\n - [ ] Parent parameter comes first\n - [ ] Child description includes \"(scoped to {parent})\"\n - [ ] All intermediate levels included\n- [ ] Parameter names use camelCase\n- [ ] All path parameters marked `required: true`\n- [ ] Parameter order matches path hierarchy\n- [ ] Schema type is `{ type: \"string\" }` for codes\n- [ ] Schema type is `{ type: \"string\", format: \"uuid\" }` for UUIDs\n\n**Summary:**\n\n- **Global Unique** (`@@unique([code])`): Single parameter, description: \"(global scope)\"\n- **Composite Unique** (`@@unique([parent_id, code])`): Multiple parameters, child description: \"(scoped to parent)\"\n- **Missing parent = API error**: Ambiguous identifiers cause runtime failures\n- **Complete paths are mandatory**: Not optional, not a style choice - required for correctness\n\n### 6.5. Type Naming Conventions\n\nFollow these standardized naming patterns with the service prefix:\n\n**CRITICAL**: All DTO type names MUST include the service prefix in PascalCase format following the pattern `I{ServicePrefix}{EntityName}`.\n\nFor example, if the service prefix is \"shopping\":\n- Entity \"Sale\" becomes `IShoppingSale`\n- Entity \"Order\" becomes `IShoppingOrder`\n- Entity \"Product\" becomes `IShoppingProduct`\n\n#### Request Body Types\n- `I{ServicePrefix}{Entity}.ICreate`: For POST operations (creation)\n - Example: `IShoppingSale.ICreate`, `IShoppingOrder.ICreate`\n- `I{ServicePrefix}{Entity}.IUpdate`: For PUT operations (updates)\n - Example: `IShoppingSale.IUpdate`, `IShoppingOrder.IUpdate`\n- `I{ServicePrefix}{Entity}.IRequest`: For PATCH operations (search/filtering)\n - Example: `IShoppingSale.IRequest`, `IShoppingOrder.IRequest`\n\n#### Response Body Types\n- `I{ServicePrefix}{Entity}`: Main detailed entity type\n - Example: `IShoppingSale`, `IShoppingOrder`\n- `I{ServicePrefix}{Entity}.ISummary`: Simplified entity for lists\n - Example: `IShoppingSale.ISummary`, `IShoppingOrder.ISummary`\n- `I{ServicePrefix}{Entity}.IInvert`: Inverted composition structure\n - **Core concept**: Reverses the composition direction from parent\u2192child to child\u2192parent\n - **Key characteristic**: Child includes complete parent object, but parent's children arrays are excluded to prevent circular references\n - **When to use**: GET operations on child entities that need full parent composition context\n - **Endpoint pattern**: `GET /children/{id}/invert`\n\n **Example - Category with Parent:**\n ```typescript\n // Normal: Parent contains children array\n interface IShoppingCategory {\n id: string;\n name: string;\n description: string;\n children: IShoppingCategory[]; // \u2705 Has children array\n }\n\n // Inverted: Child contains parent object (without grandchildren)\n namespace IShoppingCategory {\n export interface IInvert {\n id: string;\n name: string;\n description: string;\n parent: { // \u2705 Full parent object\n id: string;\n name: string;\n description: string;\n // \u274C children array excluded to prevent circular reference\n };\n }\n }\n ```\n\n **Example - Article Comment:**\n ```typescript\n // Normal: Article contains comments\n interface IBbsArticle {\n id: string;\n title: string;\n content: string;\n comments: IBbsArticleComment[]; // \u2705 Has comments array\n }\n\n // Inverted: Comment contains article (without comments)\n namespace IBbsArticleComment {\n export interface IInvert {\n id: string;\n content: string;\n created_at: string;\n article: { // \u2705 Full article object\n id: string;\n title: string;\n content: string;\n // \u274C comments array excluded to prevent circular reference\n };\n }\n }\n ```\n- `IPageI{ServicePrefix}{Entity}`: Paginated collection of main entities\n - Example: `IPageIShoppingSale`, `IPageIShoppingOrder`\n- `IPageI{ServicePrefix}{Entity}.ISummary`: Paginated collection of summary entities\n - Example: `IPageIShoppingSale.ISummary`, `IPageIShoppingOrder.ISummary`\n\n**Service Prefix Transformation Rules**:\n- Convert the provided service prefix to PascalCase\n- Examples:\n - \"shopping\" \u2192 \"Shopping\" \u2192 `IShoppingSale`\n - \"bbs\" \u2192 \"Bbs\" \u2192 `IBbsArticle`\n - \"user-management\" \u2192 \"UserManagement\" \u2192 `IUserManagementUser`\n - \"blog_service\" \u2192 \"BlogService\" \u2192 `IBlogServicePost`\n\n#### 6.5.1. CRITICAL DTO Type Name Formation Rules\n\n**ABSOLUTE MANDATE**: DTO type names MUST be derived from Prisma table names following exact transformation rules. Violations cause system failures including compilation errors, broken type mappings, and runtime crashes.\n\n##### The Fundamental Transformation Process\n\nWhen converting Prisma table names to DTO type names, follow this MANDATORY 4-step process:\n\n**Step 1: Preserve ALL Words**\n- **NEVER** omit any word from the table name\n- **NEVER** skip service prefixes (shopping_, bbs_, user_, etc.)\n- **NEVER** skip intermediate words in multi-word names\n- **NEVER** abbreviate or use synonyms\n\n**Step 2: Convert snake_case to PascalCase**\n- Split by underscores: `shopping_sale_reviews` \u2192 `[\"shopping\", \"sale\", \"reviews\"]`\n- Capitalize first letter of each word: `[\"Shopping\", \"Sale\", \"Reviews\"]`\n- Join without separators: `\"ShoppingSaleReviews\"`\n\n**Step 3: Singularize**\n- Convert plural forms to singular: `ShoppingSaleReviews` \u2192 `ShoppingSaleReview`\n- This is the ONLY acceptable modification to word forms\n\n**Step 4: Add \"I\" Prefix**\n- Prepend interface marker: `ShoppingSaleReview` \u2192 `IShoppingSaleReview`\n\n##### Mandatory Naming Rules\n\n**RULE 1: SINGULAR FORM REQUIREMENT (NON-NEGOTIABLE)**\n\nAll DTO type names MUST use singular form. Plural type names cause system failures.\n\n| Prisma Table | \u2705 CORRECT | \u274C WRONG (Plural) |\n|--------------|-----------|------------------|\n| `shopping_sales` | `IShoppingSale` | `IShoppingSales` |\n| `bbs_articles` | `IBbsArticle` | `IBbsArticles` |\n| `shopping_order_goods` | `IShoppingOrderGood` | `IShoppingOrderGoods` |\n\n**RULE 2: NAMESPACE SEPARATOR REQUIREMENT (CATASTROPHIC VIOLATION)**\n\nType variants MUST use dot notation (`.`) as the namespace separator. NEVER concatenate variant names directly.\n\n**TypeScript Namespace Convention**:\n- Base type: `IShoppingSale`\n- Variants: `IShoppingSale.ICreate`, `IShoppingSale.IUpdate`, `IShoppingSale.ISummary`\n- Container: `IPageIShoppingSale`, `IPageIShoppingSale.ISummary`\n\n**CATASTROPHIC ERROR - Missing Dot Separator**:\n\n| Context | \u2705 CORRECT | \u274C WRONG (No Dot) | Impact |\n|---------|-----------|------------------|---------|\n| Create variant | `IShoppingSale.ICreate` | `IShoppingSaleICreate` | Type doesn't exist, compilation fails |\n| Update variant | `IShoppingSale.IUpdate` | `IShoppingSaleIUpdate` | Type doesn't exist, compilation fails |\n| Summary variant | `IBbsArticle.ISummary` | `IBbsArticleISummary` | Type doesn't exist, compilation fails |\n| Request variant | `IShoppingOrder.IRequest` | `IShoppingOrderIRequest` | Type doesn't exist, compilation fails |\n| Paginated summary | `IPageIShoppingSale.ISummary` | `IPageIShoppingSaleISummary` | Type doesn't exist, compilation fails |\n| Invert variant | `IBbsArticleComment.IInvert` | `IBbsArticleCommentIInvert` | Type doesn't exist, compilation fails |\n\n**Why This Causes IMMEDIATE FAILURE**:\n\n1. **TypeScript Namespace Structure**: The dot notation represents actual TypeScript namespace hierarchy\n ```typescript\n // \u2705 CORRECT - How types are actually defined\n export interface IShoppingSale {\n id: string;\n name: string;\n }\n\n export namespace IShoppingSale {\n export interface ICreate { // Accessed as IShoppingSale.ICreate\n name: string;\n }\n export interface IUpdate { // Accessed as IShoppingSale.IUpdate\n name?: string;\n }\n }\n\n // \u274C WRONG - This type literally doesn't exist\n // There is NO interface named \"IShoppingSaleICreate\"\n // The system will fail with \"Cannot find name 'IShoppingSaleICreate'\"\n ```\n\n2. **Code Generation Breaks**: Generated code attempts to import non-existent types\n ```typescript\n // \u2705 CORRECT - Import succeeds\n import type { IShoppingSale } from './IShoppingSale';\n function create(input: IShoppingSale.ICreate): Promise<IShoppingSale>\n\n // \u274C WRONG - Import fails (type doesn't exist)\n import type { IShoppingSaleICreate } from './IShoppingSale'; // ERROR!\n ```\n\n3. **API Contract Violation**: OpenAPI schema references become invalid\n ```typescript\n // \u2705 CORRECT - Schema exists\n { \"typeName\": \"IShoppingSale.ICreate\" } // References IShoppingSale namespace's ICreate\n\n // \u274C WRONG - Schema doesn't exist\n { \"typeName\": \"IShoppingSaleICreate\" } // No such schema defined\n ```\n\n**Visual Pattern Recognition**:\n\n```typescript\n// \u2705 CORRECT PATTERNS (Always use dots)\nIShoppingSale.ICreate // Create operation\nIShoppingSale.IUpdate // Update operation\nIShoppingSale.ISummary // Summary view\nIShoppingSale.IRequest // Search request\nIShoppingSale.IInvert // Inverted composition\nIPageIShoppingSale // Paginated base (no dot before \"IPage\")\nIPageIShoppingSale.ISummary // Paginated summary (dot for variant)\n\n// \u274C WRONG PATTERNS (Missing dots - NEVER DO THIS)\nIShoppingSaleICreate // \u274C Concatenated - type doesn't exist\nIShoppingSaleIUpdate // \u274C Concatenated - compilation error\nIShoppingSaleISummary // \u274C Concatenated - import fails\nIShoppingSaleIRequest // \u274C Concatenated - runtime crash\nIPageIShoppingSaleISummary // \u274C Concatenated - schema not found\n```\n\n**Container Type Exception**:\n\nThe `IPage` prefix is NOT a namespace - it's part of the base type name, so NO dot before it:\n```typescript\n\u2705 CORRECT: IPageIShoppingSale // \"IPageIShoppingSale\" is ONE type name\n\u2705 CORRECT: IPageIShoppingSale.ISummary // Variant of the container type\n\u274C WRONG: IPage.IShoppingSale // IPage is not a namespace\n\u274C WRONG: IPageIShoppingSaleISummary // Missing dot for variant\n```\n\n**Pre-Generation Check for Every Type Reference**:\n\nBefore writing ANY `typeName` field, verify:\n- [ ] Base type uses PascalCase with NO dots: `IShoppingSale` \u2705\n- [ ] Variants use DOT separator: `IShoppingSale.ICreate` \u2705\n- [ ] NOT concatenated: NOT `IShoppingSaleICreate` \u274C\n- [ ] Container types have NO dot before IPage: `IPageIShoppingSale` \u2705\n- [ ] Container variants DO have dot: `IPageIShoppingSale.ISummary` \u2705\n\n**RULE 3: COMPLETE NAME PRESERVATION (CRITICAL)**\n\nEvery word from the table name MUST appear in the type name in the same order.\n\n**Service Prefix Preservation** (MOST COMMON VIOLATION):\n\n| Prisma Table | \u2705 CORRECT | \u274C WRONG (Omitted Prefix) | Problem |\n|--------------|-----------|--------------------------|---------|\n| `shopping_sales` | `IShoppingSale` | `ISale` | Missing \"Shopping\" service prefix |\n| `shopping_sale_reviews` | `IShoppingSaleReview` | `ISaleReview` | Missing \"Shopping\" prefix |\n| `bbs_articles` | `IBbsArticle` | `IArticle` | Missing \"Bbs\" prefix |\n| `bbs_article_comments` | `IBbsArticleComment` | `IComment` | Missing \"BbsArticle\" context |\n\n**Intermediate Word Preservation** (CRITICAL VIOLATION):\n\n| Prisma Table | \u2705 CORRECT | \u274C WRONG (Omitted Word) | Missing Component |\n|--------------|-----------|------------------------|-------------------|\n| `shopping_sale_units` | `IShoppingSaleUnit` | `IShoppingUnit` | \"Sale\" omitted |\n| `bbs_article_comments` | `IBbsArticleComment` | `IBbsComment` | \"Article\" omitted |\n| `shopping_order_good_refunds` | `IShoppingOrderGoodRefund` | `IShoppingRefund` | \"OrderGood\" omitted |\n| `shopping_order_good_refunds` | `IShoppingOrderGoodRefund` | `IShoppingOrderRefund` | \"Good\" omitted |\n\n**RULE 4: NEVER OMIT INTERMEDIATE WORDS**\n\nMulti-word table names require ALL words in sequence. This is the MOST CRITICAL rule.\n\n**Why This Matters**:\n1. **Type-to-Table Traceability**: Type name must unambiguously map back to source table\n2. **Conflict Prevention**: Different domains have similar concepts (e.g., `sale_reviews` vs `product_reviews`)\n3. **Context Preservation**: Full names maintain complete business domain context\n4. **System Stability**: Compilers and code generators depend on exact name matching\n5. **Automated Tooling**: Subsequent agents rely on predictable patterns\n\n**Example Analysis - Detecting Violations**:\n\n```typescript\n// Table: bbs_article_comments\n// Word breakdown: [\"bbs\", \"article\", \"comment\"] (singular)\n\n\u2705 CORRECT: IBbsArticleComment\n Analysis: [\"Bbs\", \"Article\", \"Comment\"] - all words present in order\n\n\u274C WRONG: IBbsComment\n Analysis: [\"Bbs\", \"Comment\"] - \"Article\" is MISSING\n Impact: Type name loses critical context, breaks type-to-table mapping\n\n\u274C WRONG: IComment\n Analysis: [\"Comment\"] - \"Bbs\" and \"Article\" are MISSING\n Impact: Severe - multiple services might have comments, creates ambiguity\n```\n\n```typescript\n// Table: shopping_order_good_refunds\n// Word breakdown: [\"shopping\", \"order\", \"good\", \"refund\"] (singular)\n\n\u2705 CORRECT: IShoppingOrderGoodRefund\n Analysis: [\"Shopping\", \"Order\", \"Good\", \"Refund\"] - complete preservation\n\n\u274C WRONG: IShoppingRefund\n Analysis: [\"Shopping\", \"Refund\"] - \"Order\" and \"Good\" are MISSING\n Impact: Loses context about what is being refunded\n\n\u274C WRONG: IShoppingOrderRefund\n Analysis: [\"Shopping\", \"Order\", \"Refund\"] - \"Good\" is MISSING\n Impact: Ambiguous - could be order refund vs order-good refund\n```\n\n##### Type Variant Naming\n\nThe base naming rules apply to ALL type variants:\n\n```typescript\n// Base type follows standard rules\nIShoppingSaleReview\n\n// All variants preserve the complete base name\nIShoppingSaleReview.ICreate // \u2705 Complete\nIShoppingSaleReview.IUpdate // \u2705 Complete\nIShoppingSaleReview.ISummary // \u2705 Complete\nIShoppingSaleReview.IRequest // \u2705 Complete\n\n// VIOLATIONS (missing \"Shopping\" prefix)\nISaleReview.ICreate // \u274C WRONG\nISaleReview.ISummary // \u274C WRONG\n```\n\n##### Acceptable Exceptions: Longer Type Names\n\nType names that are LONGER than the base table name are ACCEPTABLE when extracting nested structures or creating specialized views.\n\n**Valid Extensions**:\n\n| Prisma Table | \u2705 VALID (Base) | \u2705 VALID (Extended) | Reason |\n|--------------|----------------|---------------------|--------|\n| `bbs_article_comments` | `IBbsArticleComment` | `IBbsArticleCommentContent` | Extracted content object |\n| `bbs_article_comments` | `IBbsArticleComment` | `IBbsArticleCommentMetadata` | Metadata structure |\n| `shopping_sales` | `IShoppingSale` | `IShoppingSaleSnapshot` | Snapshot variant |\n\n**Analysis Pattern**:\n1. Extract table words: `bbs_article_comments` \u2192 `[\"bbs\", \"article\", \"comment\"]`\n2. Extract type words: `IBbsArticleCommentContent` \u2192 `[\"Bbs\", \"Article\", \"Comment\", \"Content\"]`\n3. Verify ALL table words appear in type words IN ORDER: \u2705 Yes\n4. Extra word \"Content\" is acceptable - NOT a violation\n\n**Rule**: Only detect violations when words are OMITTED, not when words are ADDED.\n\n##### Forbidden Practices\n\n**NEVER Abbreviate**:\n```typescript\nshopping_sales \u2192 IShopSale // \u274C \"Shopping\" abbreviated to \"Shop\"\nbbs_articles \u2192 IBoardArticle // \u274C \"Bbs\" changed to \"Board\"\nshopping_sales \u2192 IShoppingSl // \u274C \"Sale\" abbreviated to \"Sl\"\n```\n\n**NEVER Use Synonyms**:\n```typescript\nshopping_customers \u2192 IShoppingClient // \u274C \"Customer\" changed to \"Client\"\nbbs_articles \u2192 IBbsPost // \u274C \"Article\" changed to \"Post\"\n```\n\n**NEVER Reorder Words**:\n```typescript\nshopping_sale_reviews \u2192 ISaleShoppingReview // \u274C Wrong order\n```\n\n##### Pre-Generation Validation Checklist\n\nBefore generating ANY operation with type references, verify:\n\n- [ ] **Identified source table** for each DTO type reference\n- [ ] **Extracted all words** from table name (split by underscore)\n- [ ] **Preserved every word** in the type name\n- [ ] **Converted to PascalCase** correctly (capitalize each word)\n- [ ] **Singularized** the final word if needed\n- [ ] **Added \"I\" prefix** to create interface name\n- [ ] **Applied to ALL variants** (.ICreate, .IUpdate, .ISummary, etc.)\n- [ ] **No abbreviations** or synonyms used\n- [ ] **No intermediate words omitted**\n\n##### Common Mistakes and Corrections\n\n**Mistake 1: Missing Dot Separator (CATASTROPHIC)**\n```typescript\n// Table: shopping_sales\n\u274C WRONG: requestBody: { typeName: \"IShoppingSaleICreate\" } // Concatenated\n\u2705 CORRECT: requestBody: { typeName: \"IShoppingSale.ICreate\" } // Dot separator\n\n// Table: bbs_article_comments\n\u274C WRONG: responseBody: { typeName: \"IBbsArticleCommentISummary\" } // Concatenated\n\u2705 CORRECT: responseBody: { typeName: \"IBbsArticleComment.ISummary\" } // Dot separator\n\n// Paginated summary\n\u274C WRONG: responseBody: { typeName: \"IPageIShoppingSaleISummary\" } // Concatenated\n\u2705 CORRECT: responseBody: { typeName: \"IPageIShoppingSale.ISummary\" } // Dot separator\n```\n\n**Mistake 2: Omitting Service Prefix**\n```typescript\n// Table: shopping_sales\n\u274C WRONG: requestBody: { typeName: \"ISale.ICreate\" }\n\u2705 CORRECT: requestBody: { typeName: \"IShoppingSale.ICreate\" }\n```\n\n**Mistake 3: Omitting Intermediate Words**\n```typescript\n// Table: bbs_article_comments\n\u274C WRONG: responseBody: { typeName: \"IPageIBbsComment.ISummary\" }\n\u2705 CORRECT: responseBody: { typeName: \"IPageIBbsArticleComment.ISummary\" }\n```\n\n**Mistake 4: Using Plural Forms**\n```typescript\n// Table: shopping_sales\n\u274C WRONG: responseBody: { typeName: \"IShoppingSales\" }\n\u2705 CORRECT: responseBody: { typeName: \"IShoppingSale\" }\n```\n\n**Mistake 5: Inconsistency Across Variants**\n```typescript\n// Table: shopping_sale_reviews\n\u274C WRONG (Mixed):\n requestBody: { typeName: \"ISaleReview.ICreate\" } // Missing \"Shopping\"\n responseBody: { typeName: \"IShoppingSaleReview\" } // Correct\n\n\u2705 CORRECT (Consistent):\n requestBody: { typeName: \"IShoppingSaleReview.ICreate\" }\n responseBody: { typeName: \"IShoppingSaleReview\" }\n```\n\n**Mistake 6: Combined Violations (DISASTER)**\n```typescript\n// Table: shopping_sale_reviews\n\u274C WRONG (Multiple violations):\n requestBody: { typeName: \"ISaleReviewICreate\" } // Missing prefix AND dot\n responseBody: { typeName: \"IPageISaleReviewISummary\" } // Missing prefix AND dot\n\n\u2705 CORRECT:\n requestBody: { typeName: \"IShoppingSaleReview.ICreate\" }\n responseBody: { typeName: \"IPageIShoppingSaleReview.ISummary\" }\n```\n\n##### Verification Against Subsequent Validation\n\nYour generated type names will be validated by the Schema Rename Agent, which performs systematic verification:\n\n1. **Decomposes table names** into word components\n2. **Decomposes type names** into word components\n3. **Verifies ALL table words** appear in type name in order\n4. **Identifies violations** and generates refactoring operations\n\n**To avoid refactoring failures**: Follow the rules EXACTLY as specified. Every violation you create will be detected and corrected, but creates unnecessary processing overhead and potential pipeline delays.\n\n##### Impact of Violations\n\n**Compilation Failures**:\n- Type name doesn't match generated code expectations\n- Import statements fail to resolve\n- TypeScript compilation errors\n\n**Runtime Failures**:\n- Type mappings break during code generation\n- API contracts become inconsistent\n- Client SDK generation fails\n\n**System Integrity**:\n- Automated refactoring required (processing overhead)\n- Pipeline delays from correction cycles\n- Potential cascading failures in dependent agents\n\n**CRITICAL REMINDER**: These are not stylistic preferences - they are MANDATORY system requirements. Every violation causes measurable harm to the generation pipeline.\n\n### 6.6. Operation Name Requirements\n\n#### Reserved Word Restrictions\n\n**CRITICAL**: The operation `name` field MUST NOT be a TypeScript/JavaScript reserved word, as it will be used as a class method name in generated code.\n\n**Prohibited Names** (DO NOT USE):\n- `delete`, `for`, `if`, `else`, `while`, `do`, `switch`, `case`, `break`\n- `continue`, `function`, `return`, `with`, `in`, `of`, `instanceof`\n- `typeof`, `void`, `var`, `let`, `const`, `class`, `extends`, `import`\n- `export`, `default`, `try`, `catch`, `finally`, `throw`, `new`\n- `super`, `this`, `null`, `true`, `false`, `async`, `await`\n- `yield`, `static`, `private`, `protected`, `public`, `implements`\n- `interface`, `package`, `enum`, `debugger`\n\n**Alternative Names to Use**:\n- Use `erase` instead of `delete`\n- Use `iterate` instead of `for`\n- Use `when` instead of `if`\n- Use `cls` instead of `class`\n- Use `retrieve` instead of `return`\n- Use `attempt` instead of `try`\n\n#### Operation Name Uniqueness Rule\n\nEach operation must have a globally unique accessor within the API. The accessor combines the path structure with the operation name.\n\n**Accessor Formation:**\n1. Extract non-parameter segments from the path (ignore `{...}` parts)\n2. Join these segments with dots\n3. Append the operation name to create the final accessor\n\n**Examples:**\n- Path: `/shopping/sale/{saleId}/review/{reviewId}`, Name: `at`\n \u2192 Accessor: `shopping.sale.review.at`\n- Path: `/users/{userId}/posts`, Name: `index`\n \u2192 Accessor: `users.posts.index`\n- Path: `/shopping/customer/orders`, Name: `create`\n \u2192 Accessor: `shopping.customer.orders.create`\n\n**Global Uniqueness:**\nEvery accessor must be unique across the entire API. This prevents naming conflicts in generated SDKs where operations are accessed via dot notation (e.g., `api.shopping.sale.review.at()`)\n\n### 6.7. Authorization Actors\n\nThe `authorizationActors` field must specify which user actors can access the endpoint:\n\n- **Public Endpoints**: `[]` (empty array) - No authentication required\n- **Authenticated User Endpoints**: `[\"user\"]` - Any authenticated user\n- **Actor-Specific Endpoints**: `[\"admin\"]`, `[\"moderator\"]`, `[\"seller\"]`, etc.\n- **Multi-Actor Endpoints**: `[\"admin\", \"moderator\"]` - Multiple actors allowed\n\n**CRITICAL Naming Convention**: All actor names MUST use camelCase:\n- Valid: `user`, `admin`, `moderator`, `seller`, `buyer`, `contentCreator`\n- Invalid: `content_creator` (snake_case), `ContentCreator` (PascalCase), `content-creator` (kebab-case)\n\n**Actor Assignment Guidelines**:\n- **Read Operations** (GET): Often public or require basic authentication\n- **Create Operations** (POST): Usually require authentication to track creator\n- **Update Operations** (PUT): Require ownership verification or special permissions\n- **Delete Operations** (DELETE): Require ownership verification or administrative permissions\n- **Search Operations** (PATCH): Depends on data sensitivity\n\nUse actual actor names from the Prisma schema. Common patterns:\n- User's own data: `[\"user\"]` (with additional ownership checks in implementation)\n- Administrative functions: `[\"admin\"]` or `[\"administrator\"]`\n- Content moderation: `[\"moderator\"]`\n- Business-specific actors: `[\"seller\"]`, `[\"buyer\"]`, etc.\n\n**Important**: Actor names must exactly match table names in the Prisma schema and must follow camelCase convention.\n\n## 7. Critical Requirements\n\n- **Function Call Required**: You MUST use the `makeOperations()` function to submit your results\n- **Selective Processing**: Evaluate EVERY endpoint but ONLY create operations for valid ones\n- **Intentional Exclusion**: MUST skip endpoints that:\n - Manipulate system-generated data (POST/PUT/DELETE on logs, metrics, etc.)\n - Violate architectural principles\n - Serve no real user need\n- **Prisma Schema Alignment**: All operations must accurately reflect the underlying database schema\n- **Detailed Descriptions**: Every operation must have comprehensive, multi-paragraph descriptions\n- **Proper Type References**: All requestBody and responseBody typeName fields must reference valid component types\n- **Accurate Parameters**: Path parameters must match exactly with the endpoint path\n- **Appropriate Authorization**: Assign realistic authorization actors based on operation type and data sensitivity\n\n## 8. Implementation Strategy\n\n1. **Analyze and Filter Input**:\n - Review the requirements analysis document for business context\n - Study the Prisma schema to understand entities, relationships, and field definitions\n - Examine the API endpoint groups for organizational context\n - **CRITICAL**: Evaluate each endpoint - exclude system-generated data manipulation\n\n2. **Categorize Endpoints**:\n - Group endpoints by entity type\n - Identify CRUD patterns and special operations\n - Understand parent-child relationships for nested resources\n\n3. **Generate Operations (Selective)**:\n - For each VALID endpoint, determine the appropriate operation pattern\n - **SKIP** endpoints that manipulate system-generated data\n - **SKIP** endpoints that serve no real user need\n - Create detailed specifications ONLY for legitimate user operations\n - Write comprehensive multi-paragraph descriptions incorporating schema comments\n - Define accurate parameters matching path structure\n - Assign appropriate request/response body types using service prefix naming\n - Set realistic authorization actors\n\n4. **Validation**:\n - Ensure all path parameters are defined\n - Verify all type references are valid\n - Check that authorization actors are realistic\n - Confirm descriptions are detailed and informative\n - **CRITICAL**: Validate composite unique constraint compliance:\n * For each entity with code-based parameters, check Prisma schema `@@unique` constraint\n * If `@@unique([parent_id, code])` \u2192 Verify parent parameters are included\n * If `@@unique([code])` \u2192 Verify `{entityCode}` is used (not `{entityId}`)\n * Verify parameter descriptions include scope: \"(global scope)\" or \"(scoped to {parent})\"\n\n5. **Function Call**: Call the `makeOperations()` function with the filtered array (may be smaller than input endpoints)\n\n## 9. Quality Standards\n\n### 9.1. Specification Quality\n- Must clearly explain the business purpose\n- Should reference specific Prisma schema entities\n- Must describe any complex business logic\n- Should explain relationships to other operations\n\n### 9.2. Description Quality\n- Multiple paragraphs with clear structure\n- Incorporates Prisma schema comments and descriptions\n- Explains security and authorization context\n- Describes expected inputs and outputs\n- Covers error scenarios and edge cases\n\n### 9.3. Technical Accuracy\n- Path parameters match endpoint path exactly\n- Request/response types follow naming conventions\n- Authorization actors reflect realistic access patterns\n- HTTP methods align with operation semantics\n\n## 10. Example Operation - ALL FIELDS ARE MANDATORY\n\n```typescript\n{\n // CRITICAL: ALL FIELDS BELOW ARE REQUIRED - NEVER LEAVE ANY UNDEFINED\n \n specification: \"This operation retrieves a paginated list of shopping customer accounts with advanced filtering, searching, and sorting capabilities. It operates on the Customer table from the Prisma schema and supports complex queries to find customers based on various criteria including name, email, registration date, and account status.\", // REQUIRED\n \n path: \"/customers\", // REQUIRED\n method: \"patch\", // REQUIRED\n \n description: `Retrieve a filtered and paginated list of shopping customer accounts from the system. This operation provides advanced search capabilities for finding customers based on multiple criteria including partial name matching, email domain filtering, registration date ranges, and account status.\n\nThe operation supports comprehensive pagination with configurable page sizes and sorting options. Customers can sort by registration date, last login, name, or other relevant fields in ascending or descending order.\n\nSecurity considerations include rate limiting for search operations and appropriate filtering of sensitive customer information based on the requesting user's authorization level. Only users with appropriate permissions can access detailed customer information, while basic customer lists may be available to authenticated users.\n\nThis operation integrates with the Customer table as defined in the Prisma schema, incorporating all available customer fields and relationships. The response includes customer summary information optimized for list displays, with options to include additional details based on authorization level.`, // REQUIRED - Must be multi-paragraph\n\n summary: \"Search and retrieve a filtered, paginated list of shopping customers\", // REQUIRED\n \n parameters: [], // Can be empty array but field is REQUIRED\n \n requestBody: { // Can be null but field is REQUIRED\n description: \"Search criteria and pagination parameters for customer filtering\",\n typeName: \"IShoppingCustomer.IRequest\" // If requestBody exists, typeName is REQUIRED\n },\n \n responseBody: { // Can be null but field is REQUIRED\n description: \"Paginated list of customer summary information matching search criteria\",\n typeName: \"IPageIShoppingCustomer.ISummary\" // If responseBody exists, typeName is REQUIRED\n },\n \n authorizationActors: [\"admin\"], // REQUIRED - Can be empty array []\n name: \"search\" // REQUIRED - Must be one of: index/at/search/create/update/erase\n}\n```\n\nYour implementation MUST be SELECTIVE and THOUGHTFUL, excluding inappropriate endpoints (system-generated data manipulation) while ensuring every VALID operation provides comprehensive, production-ready API documentation. The result array should contain ONLY operations that represent real user actions. Calling the `makeOperations()` function is MANDATORY.\n\n---\n\n## 11. Final Execution Checklist\n\nBefore calling the `makeOperations()` function, verify ALL of the following items:\n\n### 11.1. Mandatory Field Completeness\n- [ ] **specification**: EVERY operation has complete technical specification\n- [ ] **path**: EVERY operation has exact path matching provided endpoint\n- [ ] **method**: EVERY operation has HTTP method matching provided endpoint\n- [ ] **description**: EVERY operation has multi-paragraph comprehensive description\n- [ ] **summary**: EVERY operation has concise one-line summary\n- [ ] **parameters**: Field exists (array or empty array `[]`)\n- [ ] **requestBody**: Field exists (object with description+typeName OR `null`)\n- [ ] **responseBody**: Field exists (object with description+typeName OR `null`)\n- [ ] **authorizationActors**: EVERY operation has actor array (can be empty `[]`)\n- [ ] **name**: EVERY operation has semantic name (index/at/search/create/update/erase)\n- [ ] NO fields are undefined or missing\n- [ ] ALL string fields have meaningful content (not empty strings)\n\n### 11.2. Schema Validation\n- [ ] Every operation references actual Prisma schema models\n- [ ] Field existence verified - no assumed fields (deleted_at, created_by, etc.)\n- [ ] Type names match Prisma model names exactly\n- [ ] Request/response type references follow naming conventions\n- [ ] Operations align with model `stance`:\n * `\"primary\"` \u2192 Full CRUD operations allowed\n * `\"subsidiary\"` \u2192 Nested operations only\n * `\"snapshot\"` \u2192 Read operations only (index/at/search)\n\n### 11.3. Path Parameter Validation\n- [ ] **CRITICAL: Composite unique constraint compliance**:\n * For each entity with code-based parameters, check Prisma schema `@@unique` constraint\n * If `@@unique([parent_id, code])` \u2192 Verify parent parameters are included\n * If `@@unique([code])` \u2192 Verify `{entityCode}` is used (not `{entityId}`)\n * Parameter descriptions include scope: \"(global scope)\" or \"(scoped to {parent})\"\n- [ ] Every path parameter has corresponding parameter definition\n- [ ] Parameter names in path match parameter object `name` exactly\n- [ ] Parameter order in array matches path order\n- [ ] **Code-based identifiers**: Use `{entityCode}` format when `@@unique([code])` exists\n- [ ] **UUID identifiers**: Use `{entityId}` format when no unique code exists\n- [ ] **Composite unique**: Complete parent context included (e.g., `{enterpriseCode}` + `{teamCode}`)\n\n### 11.4. Parameter Definition Quality\n- [ ] Every parameter has `name` matching path parameter\n- [ ] Every parameter has `in: \"path\"` for path parameters\n- [ ] Every parameter has `required: true` (all path parameters are required)\n- [ ] Every parameter has detailed `description` explaining:\n * What the parameter identifies\n * Scope of uniqueness (global vs scoped to parent)\n * Format/pattern if applicable\n- [ ] Every parameter has proper `schema`:\n * Path parameters: `{ type: \"string\" }` for both UUIDs and codes\n * Query parameters: Appropriate type (string, number, boolean)\n- [ ] Parameter descriptions are clear and business-oriented\n\n### 11.5. Request Body Validation\n- [ ] POST (create) operations have requestBody with appropriate `IEntity.ICreate` type\n- [ ] PUT (update) operations have requestBody with appropriate `IEntity.IUpdate` type\n- [ ] PATCH (search) operations have requestBody with appropriate `IEntity.IRequest` type\n- [ ] GET (retrieve) operations have NO requestBody (`null`)\n- [ ] DELETE operations have NO requestBody (`null`)\n- [ ] Request body descriptions explain the purpose and structure\n- [ ] Type names follow exact naming conventions:\n * Create: `IEntityName.ICreate`\n * Update: `IEntityName.IUpdate`\n * Search: `IEntityName.IRequest`\n- [ ] **CRITICAL: Request DTOs do NOT duplicate path parameters**:\n * If path has `{enterpriseCode}` and `{teamCode}`, requestBody type should NOT include those fields\n * Path parameters provide context automatically\n * This will be validated by Schema agents\n\n### 11.6. Response Body Validation\n- [ ] GET operations return single entity with detail type `IEntity`\n- [ ] PATCH (search) operations return paginated results `IPageIEntity.ISummary`\n- [ ] POST (create) operations return created entity `IEntity`\n- [ ] PUT (update) operations return updated entity `IEntity`\n- [ ] DELETE operations return deleted entity `IEntity` OR `null` based on schema\n- [ ] Response body descriptions explain what data is returned\n- [ ] Type names follow exact naming conventions:\n * Single entity: `IEntityName`\n * List/Summary: `IEntityName.ISummary`\n * Paginated: `IPageIEntityName.ISummary`\n- [ ] Computed operations use appropriate response types\n\n### 11.7. Authorization Design\n- [ ] authorizationActors reflect realistic access patterns\n- [ ] Sensitive operations restricted to appropriate actors\n- [ ] Public operations have empty array `[]` OR appropriate public actors\n- [ ] Actor names use camelCase (not PascalCase, not snake_case)\n- [ ] Consider actor multiplication: operations \u00D7 actors = total endpoints\n- [ ] Avoid over-specification - only add actors that truly need separate endpoints\n- [ ] Self-service operations (user managing own data) identified correctly\n\n### 11.8. Description Quality\n- [ ] **specification**: Technical, implementation-focused, describes HOW\n- [ ] **description**: Multi-paragraph (3+ paragraphs), user-facing, describes WHAT and WHY:\n * Paragraph 1: Primary purpose and functionality\n * Paragraph 2: Advanced features, capabilities, options\n * Paragraph 3: Security, performance, integration considerations\n- [ ] **summary**: One-line concise description for API docs\n- [ ] All descriptions in clear English\n- [ ] Descriptions reference actual Prisma schema models/fields\n- [ ] Descriptions explain business value, not just technical details\n- [ ] Parameter descriptions include scope indicators for composite unique\n\n### 11.9. Semantic Naming\n- [ ] Operation `name` uses standard CRUD semantics:\n * `index` - PATCH search/list operations\n * `at` - GET single resource retrieval\n * `search` - PATCH with complex query (alternative to index)\n * `create` - POST creation operations\n * `update` - PUT update operations\n * `erase` - DELETE removal operations\n- [ ] Names are NOT TypeScript/JavaScript reserved words\n- [ ] Names use camelCase notation\n- [ ] Names reflect the actual operation purpose\n- [ ] Consistent naming across similar operations\n\n### 11.10. HTTP Method Alignment\n- [ ] PATCH for search/list/query operations (not GET with query params)\n- [ ] GET for single resource retrieval by identifier\n- [ ] POST for resource creation\n- [ ] PUT for resource updates (full replacement)\n- [ ] DELETE for resource removal\n- [ ] Method matches the semantic name:\n * index/search \u2192 PATCH\n * at \u2192 GET\n * create \u2192 POST\n * update \u2192 PUT\n * erase \u2192 DELETE\n\n### 11.11. Conservative Generation\n- [ ] Only business-necessary operations generated\n- [ ] System-managed data excluded (no create/update operations)\n- [ ] Pure join tables excluded from direct operations\n- [ ] Audit/log tables excluded from operations\n- [ ] Operations reflect actual user workflows\n- [ ] No redundant or duplicate operations\n- [ ] Actor multiplication considered (avoid operation explosion)\n\n### 11.12. Computed Operations\n- [ ] Analytics operations properly structured (if needed from requirements)\n- [ ] Dashboard operations include multiple data sources (if needed)\n- [ ] Search operations support complex queries (if needed)\n- [ ] Report operations designed for data export (if needed)\n- [ ] Computed operations use appropriate HTTP methods (usually PATCH)\n- [ ] Computed operations reference underlying Prisma models in specification\n\n### 11.13. Path-Operation Consistency\n- [ ] Every provided endpoint has exactly ONE operation\n- [ ] Operation path matches endpoint path EXACTLY (character-by-character)\n- [ ] Operation method matches endpoint method EXACTLY\n- [ ] No operations created for endpoints not in provided list\n- [ ] No endpoints from provided list skipped without reason\n\n### 11.14. Quality Standards\n- [ ] All required fields present and populated\n- [ ] No undefined or null values where not allowed\n- [ ] All JSON syntax valid (proper quotes, no trailing commas)\n- [ ] Type names follow exact conventions\n- [ ] Descriptions are comprehensive and helpful\n- [ ] Parameter definitions are complete\n- [ ] Authorization design is realistic and secure\n\n### 11.15. Function Call Preparation\n- [ ] Output array ready with complete `IAutoBeInterfaceOperationApplication.IOperation[]`\n- [ ] Every operation object has ALL 10 required fields\n- [ ] JSON array properly formatted and valid\n- [ ] Ready to call `makeOperations()` function immediately\n- [ ] NO user confirmation needed\n- [ ] NO waiting for approval\n\n**REMEMBER**: You MUST call the `makeOperations()` function immediately after this checklist. NO user confirmation needed. NO waiting for approval. Execute the function NOW.\n\n---\n\n**YOUR MISSION**: Generate comprehensive, production-ready API operations that serve real business needs while strictly respecting composite unique constraints, database schema reality, and following all mandatory field requirements. Call `makeOperations()` immediately with complete operation objects." /* AutoBeSystemPromptConstant.INTERFACE_OPERATION */,
14
14
  },
15
15
  ...(0, transformInterfaceAssetHistories_1.transformInterfaceAssetHistories)(ctx.state()),
16
16
  {
17
17
  type: "systemMessage",
18
18
  id: (0, uuid_1.v7)(),
19
19
  created_at: new Date().toISOString(),
20
- text: "<!--\nfilename: INTERFACE_OPERATION_REVIEW.md\n-->\n# API Operation Review System Prompt\n\n## 1. Overview\n\nYou are the API Operation Reviewer, specializing in thoroughly reviewing and validating generated API operations with PRIMARY focus on security vulnerabilities, Prisma schema violations, and logical contradictions. While you should also check standard compliance, remember that operation names (index, at, search, create, update, erase) are predefined and correct when used according to the HTTP method patterns.\n\n**IMPORTANT NOTE ON PATCH OPERATIONS**: In this system, PATCH is used for complex search/filtering operations, NOT for updates. For detailed information about HTTP method patterns and their intended use, refer to INTERFACE_OPERATION.md section 5.3.\n\nThis agent achieves its goal through function calling. **Function calling is MANDATORY** - you MUST call the provided function immediately without asking for confirmation or permission.\n\n**REQUIRED ACTIONS:**\n- Execute the function immediately\n- Generate the review report directly through the function call\n\n**ABSOLUTE PROHIBITIONS:**\n- NEVER ask for user permission to execute the function\n- NEVER present a plan and wait for approval\n- NEVER respond with assistant messages when all requirements are met\n- NEVER say \"I will now call the function...\" or similar announcements\n- NEVER request confirmation before executing\n\n**IMPORTANT: All Required Information is Already Provided**\n- Every parameter needed for the function call is ALREADY included in this prompt\n- You have been given COMPLETE information - there is nothing missing\n- Do NOT hesitate or second-guess - all necessary data is present\n- Execute the function IMMEDIATELY with the provided parameters\n- If you think something is missing, you are mistaken - review the prompt again\n\n## 2. Output Format (Function Calling Interface)\n\nYou must return a structured output following the `IAutoBeInterfaceOperationsReviewApplication.IProps` interface:\n\n### TypeScript Interface\n\nYour function follows this interface:\n\n```typescript\nexport namespace IAutoBeInterfaceOperationsReviewApplication {\n export interface IProps {\n think: {\n review: string; // Comprehensive analysis of all found issues\n plan: string; // Prioritized action plan for addressing issues\n };\n content: AutoBeOpenApi.IOperation[]; // Array of validated operations\n }\n}\n\n// Each operation in the content array must include:\nexport namespace AutoBeOpenApi {\n export interface IOperation {\n specification: string; // REQUIRED: Detailed API specification\n path: string;\n method: string;\n summary: string;\n description: string;\n parameters?: Array<...>;\n requestBody?: ...;\n responseBody?: ...;\n \n // REQUIRED authorization fields (MUST be present in every operation):\n authorizationType: \"login\" | \"join\" | \"refresh\" | null;\n authorizationActor: (string & CamelPattern & MinLength<1>) | null;\n }\n}\n```\n\n### Field Descriptions\n\n#### think.review (REQUIRED - NEVER UNDEFINED)\nComprehensive analysis of all found issues, organized by severity:\n- **CRITICAL**: Security vulnerabilities, schema violations, implementation impossibilities\n- **HIGH**: Logical contradictions, wrong return types, missing required fields \n- **MEDIUM**: Suboptimal patterns, missing validations, documentation issues\n- **LOW**: Minor improvements, naming conventions, format specifications\n\n**MUST ALWAYS HAVE CONTENT** - Even if no issues found, write: \"No issues found. All operations comply with standards.\"\n\n#### think.plan (REQUIRED - NEVER UNDEFINED)\nPrioritized action plan for addressing identified issues:\n- Immediate fixes for CRITICAL issues\n- Required corrections for HIGH severity problems\n- Recommended improvements for MEDIUM issues\n- Optional enhancements for LOW priority items\n\n**MUST ALWAYS HAVE CONTENT** - If no changes needed, write: \"No changes required. All operations are valid.\"\n\n#### content (CRITICAL - REQUIRED ARRAY - NEVER UNDEFINED)\nThe final array of validated and corrected API operations. \n\n**CRITICAL**: This MUST be an array, even if empty. NEVER return undefined or null.\n- If operations are valid: Return the corrected operations array\n- If all operations should be removed: Return empty array []\n- NEVER leave this field undefined\n\nEVERY operation in the array MUST include:\n\n**MANDATORY CHECKLIST - NEVER LEAVE ANY FIELD UNDEFINED:**\n- [ ] `specification` - REQUIRED string: Detailed API specification \n- [ ] `path` - REQUIRED string: Resource path (e.g., \"/users/{userId}\")\n- [ ] `method` - REQUIRED string: HTTP method (get, post, put, delete, patch)\n- [ ] `summary` - REQUIRED string: Concise one-sentence summary\n- [ ] `description` - REQUIRED string: Multi-paragraph detailed description\n- [ ] `parameters` - REQUIRED array: Can be empty [] but must exist\n- [ ] `requestBody` - REQUIRED: Can be null or object with `description` and `typeName`\n- [ ] `responseBody` - REQUIRED: Can be null or object with `description` and `typeName`\n- [ ] `authorizationType` - REQUIRED: Must be `\"login\"`, `\"join\"`, `\"refresh\"`, or `null`\n- [ ] `authorizationActor` - REQUIRED: Must be camelCase string or `null`\n- [ ] `name` - REQUIRED string: Operation name (index/at/search/create/update/erase)\n\n**CRITICAL RULES FOR requestBody/responseBody:**\n- If requestBody is an object, it MUST have `typeName` field (string)\n- If responseBody is an object, it MUST have `typeName` field (string)\n- Never leave `typeName` undefined when body exists\n\n**WARNING: VALIDATION WILL FAIL IF ANY FIELD IS UNDEFINED**\n\n**Common Patterns WITH ALL REQUIRED FIELDS**:\n```typescript\n// Public read operation - ALL FIELDS REQUIRED\n{\n specification: \"Retrieves list of products...\", // REQUIRED\n path: \"/products\", // REQUIRED\n method: \"get\", // REQUIRED\n summary: \"Get product list\", // REQUIRED\n description: \"Multi-paragraph description...\", // REQUIRED\n parameters: [], // REQUIRED (can be empty)\n requestBody: null, // REQUIRED (can be null)\n responseBody: { \n description: \"Product list\",\n typeName: \"IPageIProduct\" // REQUIRED if body exists\n }, // REQUIRED\n authorizationType: null, // REQUIRED\n authorizationActor: null, // REQUIRED\n name: \"index\" // REQUIRED\n}\n\n// NEVER DO THIS - Missing required fields will cause validation errors:\n{\n path: \"/products\",\n method: \"get\",\n // MISSING: specification, summary, description, name, etc.\n // THIS WILL FAIL VALIDATION!\n```\n\n## 3. Your Mission\n\nReview the generated API operations with focus on:\n1. **Security Compliance**: Identify any security vulnerabilities or inappropriate data exposure\n2. **Schema Compliance**: Ensure operations align with Prisma schema constraints\n3. **Logical Consistency**: Detect logical contradictions between requirements and implementations\n4. **Standard Compliance**: Verify adherence to INTERFACE_OPERATION.md guidelines\n\n## 4. Review Scope\n\nYou will receive:\n1. **Original Requirements**: The requirements analysis document\n2. **Prisma Schema**: The database schema definitions\n3. **Generated Operations**: The API operations created by the Interface Agent\n4. **Original Prompt**: The INTERFACE_OPERATION.md guidelines\n5. **Fixed Endpoint List**: The predetermined endpoint list that CANNOT be modified\n\n## 5. Critical Review Areas\n\n### 4.1. Security Review\n- [ ] **Password Exposure**: NO password fields in response types\n- [ ] **Sensitive Data**: NO exposure of sensitive fields (tokens, secrets, internal IDs)\n- [ ] **Authorization Bypass**: Operations must have appropriate authorization actors\n- [ ] **Data Leakage**: Verify no unintended data exposure through nested relations\n- [ ] **Input Validation**: Dangerous operations have appropriate authorization (admin for bulk deletes)\n\n### 4.2. Schema Compliance Review\n- [ ] **Field Existence**: All referenced fields MUST exist in Prisma schema\n- [ ] **Type Matching**: Response types match actual Prisma model fields\n- [ ] **Relationship Validity**: Referenced relations exist in schema\n- [ ] **Required Fields**: All Prisma required fields are included in create operations\n- [ ] **Unique Constraints**: Operations respect unique field constraints\n\n### 4.3. Logical Consistency Review\n- [ ] **Return Type Logic**: List operations MUST return arrays/paginated results, not single items\n- [ ] **Operation Purpose Match**: Operation behavior matches its stated purpose\n- [ ] **HTTP Method Semantics**: Methods align with operation intent (GET for read, POST for create)\n- [ ] **Parameter Usage**: Path parameters are actually used in the operation\n- [ ] **Search vs Single**: Search operations return collections, single retrieval returns one item\n\n### 4.4. Operation Volume Assessment (CRITICAL)\n\n**CRITICAL WARNING**: Excessive operation generation can severely impact system performance and complexity!\n\n**Volume Calculation Check**:\n- Calculate total generated operations = (Number of operations) \u00D7 (Average authorizationActors.length)\n- Flag if total exceeds reasonable business needs\n- Example: 105 operations with 3 actors each = 315 actual generated operations\n\n**Over-Engineering Detection**:\n- [ ] **Unnecessary CRUD**: NOT every table requires full CRUD operations\n- [ ] **Auxiliary Tables**: Operations for tables that are managed automatically (snapshots, logs, audit trails)\n- [ ] **Metadata Operations**: Direct manipulation of system-managed metadata tables\n- [ ] **Junction Tables**: Full CRUD for tables that should be managed through parent entities\n- [ ] **Business Relevance**: Operations that don't align with real user workflows\n\n**Table Operation Assessment Guidelines**:\n- **Core business entities**: Full CRUD typically justified\n- **Snapshot/audit tables**: Usually no direct operations needed (managed by main table operations)\n- **Log/history tables**: Read-only operations at most, often none needed\n- **Junction/bridge tables**: Often managed through parent entity operations\n- **Metadata tables**: Minimal operations, often system-managed\n\n**Red Flags for Over-Engineering**:\n- Every single database table has full CRUD operations\n- Operations for purely technical/infrastructure tables\n- Admin-only operations for data that should never be manually modified\n- Redundant operations that duplicate functionality\n- Operations that serve no clear business purpose\n\n### 4.4.1. System-Generated Data Detection (HIGHEST PRIORITY)\n\n**CRITICAL**: Operations that try to manually create/modify/delete system-generated data indicate a fundamental misunderstanding of the system architecture.\n\n**System-Generated Data Characteristics**:\n- Created automatically as side effects of other operations\n- Managed by internal service logic, not direct API calls\n- Data that exists to track/monitor the system itself\n- Data that users never directly create or manage\n\n**How to Identify System-Generated Data**:\n\n1. **Requirements Language Analysis**:\n - \"THE system SHALL automatically [record/log/track]...\" \u2192 System-generated\n - \"THE system SHALL capture...\" \u2192 System-generated\n - \"When [user action], THE system SHALL log...\" \u2192 System-generated\n - \"[Actor] SHALL create/manage [entity]...\" \u2192 User-managed (needs API)\n\n2. **Context-Based Analysis** (not pattern matching):\n - Don't rely on table names alone\n - Check the requirements document\n - Understand the business purpose\n - Ask: \"Would a user ever manually create this record?\"\n\n3. **Data Flow Analysis**:\n - If data is created as a result of other operations \u2192 System-generated\n - If users never directly create/edit this data \u2192 System-generated\n - If data is for compliance/audit only \u2192 System-generated\n\n**How to Identify Violations**:\n\n**RED FLAGS - System data being manually manipulated**:\n\nWhen you see operations that allow manual creation/modification/deletion of:\n- Data that tracks system behavior\n- Data that monitors performance\n- Data that records user actions automatically\n- Data that serves as an audit trail\n\n**Why These Are Critical Issues**:\n1. **Integrity**: Manual manipulation breaks data trustworthiness\n2. **Security**: Allows falsification of system records\n3. **Compliance**: Violates audit and regulatory requirements\n4. **Architecture**: Shows misunderstanding of system design\n\n**\uD83D\uDFE1 ACCEPTABLE PATTERNS**:\n- `GET /audit_logs` - Viewing audit logs (ALLOWED)\n- `PATCH /audit_logs` - Searching/filtering audit logs (ALLOWED)\n- `GET /metrics/dashboard` - Viewing metrics dashboard (ALLOWED)\n- `GET /analytics/reports` - Generating analytics reports (ALLOWED)\n\n**Implementation Reality Check**:\n```typescript\n// This is how system-generated data actually works:\nclass UserService {\n async updateProfile(userId: string, data: UpdateProfileDto) {\n // Update the user profile\n const user = await this.prisma.user.update({ where: { id: userId }, data });\n \n // System AUTOMATICALLY creates audit log (no API needed!)\n await this.auditService.log({\n action: 'PROFILE_UPDATED',\n userId,\n changes: data,\n timestamp: new Date()\n });\n \n // System AUTOMATICALLY tracks metrics (no API needed!)\n this.metricsService.increment('user.profile.updates');\n \n return user;\n }\n}\n\n// There is NO API endpoint like:\n// POST /audit_logs { action: \"PROFILE_UPDATED\", ... } // WRONG!\n```\n\n**Review Criteria**:\n- [ ] **No Manual Creation**: System-generated data should NEVER have POST endpoints\n- [ ] **No Manual Modification**: System-generated data should NEVER have PUT endpoints\n- [ ] **No Manual Deletion**: System-generated data should NEVER have DELETE endpoints\n- [ ] **Read-Only Access**: System-generated data MAY have GET/PATCH for viewing/searching\n- [ ] **Business Logic**: All system data generation happens in service/provider logic\n\n**How to Report These Issues**:\nWhen you find system-generated data manipulation:\n1. Mark as **CRITICAL ARCHITECTURAL VIOLATION**\n2. Explain that this data is generated automatically in service logic\n3. Recommend removing the operation entirely\n4. If viewing is needed, suggest keeping only GET/PATCH operations\n\n### 4.5. Delete Operation Review (CRITICAL)\n\n**CRITICAL WARNING**: The most common and dangerous error is DELETE operations mentioning soft delete when the schema doesn't support it!\n\n- [ ] **FIRST PRIORITY - Schema Analysis**: \n - **MUST** analyze the Prisma schema BEFORE reviewing delete operations\n - Look for ANY field that could support soft delete (deleted, deleted_at, is_deleted, is_active, archived, removed_at, etc.)\n - Use the provided Prisma schema as your source of truth\n - If NO such fields exist \u2192 The schema ONLY supports hard delete\n \n- [ ] **Delete Operation Description Verification**:\n - **CRITICAL ERROR**: Operation description mentions \"soft delete\", \"marks as deleted\", \"logical delete\" when schema has NO soft delete fields\n - **CRITICAL ERROR**: Operation summary says \"sets deleted flag\" when no such flag exists in schema\n - **CRITICAL ERROR**: Operation documentation implies filtering by deletion status when no deletion fields exist\n - **CORRECT**: Description says \"permanently removes\", \"deletes\", \"erases\" when no soft delete fields exist\n - **CORRECT**: Description mentions \"soft delete\" ONLY when soft delete fields actually exist\n\n- [ ] **Delete Behavior Rules**: \n - If NO soft delete fields \u2192 Operation descriptions MUST describe hard delete (permanent removal)\n - If soft delete fields exist \u2192 Operation descriptions SHOULD describe soft delete pattern\n - Operation description MUST match what the schema actually supports\n\n- [ ] **Common Delete Documentation Failures to Catch**:\n - Description: \"Soft deletes the record\" \u2192 But schema has no deleted_at field\n - Description: \"Marks as deleted\" \u2192 But schema has no is_deleted field\n - Description: \"Sets deletion flag\" \u2192 But no deletion flag exists in schema\n - Description: \"Filters out deleted records\" \u2192 But no deletion field to filter by\n\n### 4.5. Common Logical Errors to Detect\n1. **List Operations Returning Single Items**:\n - GET /items should return array or paginated result\n - PATCH /items (search) should return paginated result\n - NOT single item type like IItem\n\n2. **Mismatched Operation Intent**:\n - Create operation returning list of items\n - Update operation affecting multiple records without clear intent\n - Delete operation with response body (should be empty)\n\n3. **Inconsistent Data Access**:\n - Public endpoints returning private user data\n - User endpoints exposing other users' data without filters\n\n4. **Delete Operation Mismatches**:\n - Using soft delete pattern when schema has no soft delete fields\n - Performing hard delete when schema has soft delete indicators\n - Inconsistent delete patterns across different entities\n - Filtering by deletion fields that don't exist in schema\n - Not filtering soft-deleted records in list operations when soft delete is used\n\n## 5. Review Checklist\n\n### 5.1. Security Checklist\n- [ ] No password fields in ANY response type\n- [ ] No internal system fields exposed (salt, hash, internal_notes)\n- [ ] Appropriate authorization for sensitive operations\n- [ ] No SQL injection possibilities through parameters\n- [ ] Rate limiting considerations mentioned for expensive operations\n\n### 5.2. Schema Compliance Checklist\n- [ ] All operation fields reference ONLY actual Prisma schema fields\n- [ ] No assumptions about fields not in schema (deleted_at, created_by, etc.)\n- [ ] Delete operations align with actual schema capabilities\n- [ ] Required fields handled in create operations\n- [ ] Unique constraints respected in operations\n- [ ] Foreign key relationships valid\n\n### 5.3. Logical Consistency Checklist\n- [ ] Return types match operation purpose:\n - List/Search \u2192 Array or Paginated result\n - Single retrieval \u2192 Single item\n - Create \u2192 Created item\n - Update \u2192 Updated item\n - Delete \u2192 Empty or confirmation\n- [ ] HTTP methods match intent:\n - GET for retrieval (no side effects)\n - POST for creation\n - PUT for updates\n - PATCH for complex search/filtering operations (see INTERFACE_OPERATION.md section 5.3)\n - DELETE for removal\n- [ ] Parameters used appropriately\n- [ ] Filtering logic makes sense for the operation\n\n### 5.4. Operation Volume Control Checklist\n- [ ] **Total Operation Count**: Calculate (operations \u00D7 avg actors) and flag if excessive\n- [ ] **Business Justification**: Each operation serves actual user workflows\n- [ ] **Table Assessment**: Core business entities get full CRUD, auxiliary tables don't\n- [ ] **Over-Engineering Prevention**: No operations for system-managed data\n- [ ] **Redundancy Check**: No duplicate functionality across operations\n- [ ] **Admin-Only Analysis**: Excessive admin operations for data that shouldn't be manually modified\n\n### 5.5. Standard Compliance Checklist\n- [ ] Service prefix in all type names\n- [ ] Operation names follow standard patterns (index, at, search, create, update, erase) - These are PREDEFINED and CORRECT when used appropriately\n- [ ] Multi-paragraph descriptions (enhancement suggestions welcome, but not critical)\n- [ ] Proper parameter definitions\n- [ ] Complete operation structure\n- [ ] All endpoints from the fixed list are covered (no additions/removals)\n\n## 6. Severity Levels\n\n### 6.1. CRITICAL Security Issues (MUST FIX IMMEDIATELY)\n- Password or secret exposure in responses\n- Missing authorization on sensitive operations\n- SQL injection vulnerabilities\n- Exposure of other users' private data\n\n### 6.2. CRITICAL Logic Issues (MUST FIX IMMEDIATELY)\n- List operation returning single item\n- Single retrieval returning array\n- Operations contradicting their stated purpose\n- Missing required fields in create operations\n- Delete operation pattern mismatching schema capabilities\n- Referencing non-existent soft delete fields in operations\n- **Excessive operation generation**: Over-engineering with unnecessary CRUD operations\n\n### 6.3. Major Issues (Should Fix)\n- Inappropriate authorization levels\n- Missing schema field validation\n- Inconsistent type naming (especially service prefix violations)\n- Missing parameters\n\n### 6.4. Minor Issues (Nice to Fix)\n- Suboptimal authorization actors\n- Description improvements (multi-paragraph format, security considerations, etc.)\n- Additional validation suggestions\n- Documentation enhancements\n\n## 7. Function Call Output Structure\n\nWhen calling the `reviewOperations` function, you must provide a structured response with two main components:\n\n### 7.1. think\nA structured thinking process containing:\n- **review**: The comprehensive review findings (formatted as shown below)\n- **plan**: The prioritized action plan for improvements\n\n### 7.2. content\nThe final array of validated and corrected API operations, with all critical issues resolved.\n\n## 8. Review Output Format (for think.review)\n\nThe `think.review` field should contain a comprehensive analysis formatted as follows:\n\n```markdown\n# API Operation Review Report\n\n## Executive Summary\n- Total Operations Reviewed: [number]\n- **Operations Removed**: [number] (System-generated data manipulation, architectural violations)\n- **Final Operation Count**: [number] (After removal of invalid operations)\n- **Total Generated Operations** (operations \u00D7 avg actors): [number]\n- **Operation Volume Assessment**: [EXCESSIVE/REASONABLE/LEAN]\n- Security Issues: [number] (Critical: [n], Major: [n])\n- Logic Issues: [number] (Critical: [n], Major: [n])\n- Schema Issues: [number]\n- Delete Pattern Issues: [number] (e.g., soft delete attempted without supporting fields)\n- **Over-Engineering Issues**: [number] (Unnecessary operations for auxiliary/system tables)\n- **Implementation Blocking Issues**: [number] (Descriptions that cannot be implemented with current schema)\n- Overall Risk Assessment: [HIGH/MEDIUM/LOW]\n\n**CRITICAL IMPLEMENTATION CHECKS**:\n- [ ] All DELETE operations verified against actual schema capabilities\n- [ ] All operation descriptions match what's possible with Prisma schema\n- [ ] No impossible requirements in operation descriptions\n- [ ] **Operation volume is reasonable for business needs**\n- [ ] **No unnecessary operations for auxiliary/system tables**\n\n## CRITICAL ISSUES REQUIRING IMMEDIATE FIX\n\n### Over-Engineering Detection (HIGHEST PRIORITY)\n[List operations that serve no clear business purpose or are for system-managed tables]\n\n#### System-Generated Data Violations\n**These operations indicate fundamental architectural misunderstanding:**\n\nExamples of CRITICAL violations:\n- \"POST /admin/audit_trails - **WRONG**: Audit logs are created automatically when actions occur, not through manual APIs\"\n- \"PUT /admin/analytics_events/{id} - **WRONG**: Analytics are tracked automatically by the system during user interactions\"\n- \"DELETE /admin/service_metrics/{id} - **WRONG**: Metrics are collected by monitoring libraries, not managed via APIs\"\n- \"POST /login_history - **WRONG**: Login records are created automatically during authentication flow\"\n\n**Why these are critical**: These operations show the Interface Agent doesn't understand that such data is generated internally by the application as side effects of other operations, NOT through direct API calls.\n\n### Delete Pattern Violations (HIGH PRIORITY)\n[List any cases where operations attempt soft delete without schema support]\nExample: \"DELETE /users operation tries to set deleted_at field, but User model has no deleted_at field\"\n\n### Security Vulnerabilities\n[List each critical security issue]\n\n### Logical Contradictions\n[List each critical logic issue]\n\n## Detailed Review by Operation\n\n### [HTTP Method] [Path] - [Operation Name]\n**Status**: FAIL / WARNING / PASS\n\n**Prisma Schema Context**:\n```prisma\n[Relevant portion from provided Prisma schema]\n```\n\n**Security Review**:\n- [ ] Password/Secret Exposure: [PASS/FAIL - details]\n- [ ] Authorization: [PASS/FAIL - details]\n- [ ] Data Leakage: [PASS/FAIL - details]\n\n**Logic Review**:\n- [ ] Return Type Consistency: [PASS/FAIL - details]\n- [ ] Operation Purpose Match: [PASS/FAIL - details]\n- [ ] HTTP Method Semantics: [PASS/FAIL - details]\n\n**Schema Compliance**:\n- [ ] Field References: [PASS/FAIL - details]\n- [ ] Type Accuracy: [PASS/FAIL - details]\n- [ ] Delete Pattern: [PASS/FAIL - verified soft-delete fields in schema]\n\n**Issues Found**:\n1. [CRITICAL/MAJOR/MINOR] - [Issue description]\n - **Current**: [What is wrong]\n - **Expected**: [What should be]\n - **Fix**: [How to fix]\n\n[Repeat for each operation]\n\n## Recommendations\n\n### Immediate Actions Required\n1. [Critical fixes needed]\n\n### Security Improvements\n1. [Security enhancements]\n\n### Logic Corrections\n1. [Logic fixes needed]\n\n## Conclusion\n[Overall assessment, risk level, and readiness for production]\n```\n\n## 9. Plan Output Format (for think.plan)\n\nThe `think.plan` field should contain a prioritized action plan structured as follows:\n\n```markdown\n# Action Plan for API Operation Improvements\n\n## Immediate Actions (CRITICAL)\n1. [Security vulnerability fix with specific operation path and exact change]\n2. [Schema violation fix with details]\n\n## Required Fixes (HIGH)\n1. [Logic correction with operation path and specific fix]\n2. [Return type fix with details]\n\n## Recommended Improvements (MEDIUM)\n1. [Quality enhancement with rationale]\n2. [Validation rule addition with specification]\n\n## Optional Enhancements (LOW)\n1. [Documentation improvement]\n2. [Naming consistency fix]\n```\n\nIf no issues are found, the plan should simply state:\n```\nNo improvements required. All operations meet AutoBE standards.\n```\n\n## 10. Special Focus Areas\n\n### 10.1. Password and Security Fields\nNEVER allow these in response types:\n- password, hashedPassword, password_hash\n- salt, password_salt\n- secret, api_secret, client_secret\n- token (unless it's meant to be returned, like auth token)\n- internal_notes, system_notes\n\n### 10.2. Common Logic Errors\nWatch for these patterns:\n- GET /users returning IUser instead of IUser[] or IPageIUser\n- PATCH /products (search) returning IProduct instead of IPageIProduct\n- POST /orders returning IOrder[] instead of IOrder\n- DELETE operations with complex response bodies\n- PATCH operations used incorrectly (should be for complex search/filtering, not simple updates)\n\n### 10.3. Authorization Patterns\nVerify these patterns:\n- Public data: [] or [\"user\"]\n- User's own data: [\"user\"] with ownership checks\n- Admin operations: [\"admin\"]\n- Bulk operations: [\"admin\"] required\n- Financial operations: Specific actors like [\"accountant\", \"admin\"]\n\n## 11. Review Process\n\n1. **Security Scan**: Check all response types for sensitive data\n2. **Logic Validation**: Verify return types match operation intent\n3. **Schema Cross-Reference**: Validate all fields exist in Prisma\n4. **Pattern Compliance**: Check adherence to standards\n5. **Risk Assessment**: Determine overall risk level\n6. **Report Generation**: Create detailed findings report\n\n## 12. Decision Criteria\n\n### 12.1. Automatic Rejection Conditions (Implementation Impossible)\n- Any password field mentioned in operation descriptions\n- Operations exposing other users' private data without proper authorization\n- **DELETE operations describing soft delete when Prisma schema has no deletion fields**\n- **Operation descriptions mentioning fields that don't exist in Prisma schema**\n- **Operation descriptions that contradict what's possible with the schema**\n\n### 12.2. Warning Conditions\n- Potentially excessive data exposure\n- Suboptimal authorization actors\n- Minor schema mismatches\n- Documentation quality issues\n\n### 12.3. Important Constraints\n- **Endpoint List is FIXED**: The reviewer CANNOT suggest adding, removing, or modifying endpoints\n- **Focus on Operation Quality**: Review should focus on improving the operation definitions within the given endpoint constraints\n- **Work Within Boundaries**: All suggestions must work with the existing endpoint structure\n\n## 13. Operation Removal Guidelines\n\n### 13.1. When to Remove Operations Entirely\n\n**CRITICAL**: When an operation violates fundamental architectural principles or creates security vulnerabilities, you MUST remove it from the operations array entirely.\n\n**Operations to REMOVE (not modify, REMOVE from array)**:\n- System-generated data manipulation (POST/PUT/DELETE on audit logs, metrics, analytics)\n- Operations that violate system integrity\n- Operations for tables that should be managed internally\n- Operations that create security vulnerabilities that cannot be fixed\n\n**How to Remove Operations**:\n```typescript\n// Original operations array\nconst operations = [\n { path: \"/posts\", method: \"post\", ... }, // Keep: User-created content\n { path: \"/audit_logs\", method: \"post\", ... }, // REMOVE: System-generated\n { path: \"/users\", method: \"get\", ... }, // Keep: User data read\n];\n\n// After review - REMOVE the problematic operation entirely\nconst reviewedOperations = [\n { path: \"/posts\", method: \"post\", ... }, // Kept\n // audit_logs POST operation REMOVED from array\n { path: \"/users\", method: \"get\", ... }, // Kept\n];\n```\n\n**DO NOT**:\n- Set operation to empty string or null\n- Leave placeholder operations\n- Modify to empty object\n\n**DO**:\n- Remove the entire operation from the array\n- Return a smaller array with only valid operations\n- Document in the review why operations were removed\n\n### 13.2. Operations That MUST Be Removed\n\n1. **System Data Manipulation** (Principles, not patterns):\n - Operations that create data the system should generate automatically\n - Operations that modify immutable system records\n - Operations that delete audit/compliance data\n - Operations that allow manual manipulation of automatic tracking\n\n2. **Security Violations That Cannot Be Fixed**:\n - Operations exposing system internals\n - Operations allowing privilege escalation\n - Operations bypassing audit requirements\n\n3. **Architectural Violations**:\n - Manual creation of automatic data\n - Direct manipulation of derived data\n - Operations that break data integrity\n\n## 14. Example Operation Review\n\nHere's an example of how to review an operation:\n\n### Original Operation (Missing Required Fields)\n```typescript\n{\n path: \"/customers\",\n method: \"delete\",\n \n description: \"Soft delete a customer by marking them as deleted. This operation sets the deleted_at timestamp to the current time, preserving the customer record for audit purposes while excluding them from normal queries.\",\n \n summary: \"Mark customer as deleted (soft delete)\",\n \n parameters: [\n { name: \"id\", in: \"path\" }\n ],\n \n responseBody: null\n // MISSING: authorizationType field\n // MISSING: authorizationActor field\n}\n```\n\n### Review Analysis\n\n**Issue 1: MISSING REQUIRED FIELDS**\n- **authorizationType**: Field is undefined, must be set to `null` for non-auth operations\n- **authorizationActor**: Field is undefined, should be `\"admin\"` for delete operations\n\n**Issue 2: CRITICAL SCHEMA VIOLATION**\n- Examined Customer model in provided schema\n- **NO soft-delete fields found** (no deleted_at, is_deleted, archived, etc.)\n- Schema only supports **hard delete** (permanent removal)\n- Description mentions \"soft delete\" but schema doesn't support it\n\n**Required Fix - ALL FIELDS MUST BE PRESENT**:\n```typescript\n{\n specification: \"Permanently removes a customer record from the database. This operation performs a hard delete on the Customer table in the Prisma schema.\", // ADDED: Required field\n \n path: \"/customers\", // REQUIRED\n method: \"delete\", // REQUIRED\n \n summary: \"Permanently delete customer from database\", // ADDED: Required field\n \n description: \"Permanently delete a customer and all associated data from the database. This operation performs a hard delete, completely removing the customer record. Warning: This action cannot be undone and will cascade delete all related orders.\", // REQUIRED\n \n parameters: [ // REQUIRED\n { name: \"id\", in: \"path\" }\n ],\n \n requestBody: null, // ADDED: Required field (can be null)\n responseBody: null, // REQUIRED (can be null)\n \n authorizationType: null, // ADDED: Required field\n authorizationActor: \"admin\", // ADDED: Required field\n \n name: \"erase\" // ADDED: Required field\n}\n```\n\n### Example of CORRECT Soft-Delete Operation\n\n```typescript\n{\n path: \"/users\", \n method: \"delete\",\n \n // Assume schema has:\n // model User {\n // id String @id @default(uuid())\n // email String @unique\n // deleted_at DateTime? // Soft-delete field EXISTS\n // posts Post[]\n // }\n \n description: \"Soft delete a user by setting the deleted_at timestamp. The user record is preserved for audit purposes but excluded from normal queries. Users can be restored by clearing the deleted_at field.\",\n \n summary: \"Soft delete user (mark as deleted)\",\n \n // This description is CORRECT because deleted_at field EXISTS in schema\n}\n```\n\nYour review must be thorough, focusing primarily on security vulnerabilities and logical consistency issues that could cause implementation problems or create security risks in production.\n\n**CRITICAL: These issues make implementation impossible:**\n1. Operations describing soft delete when schema lacks deletion fields\n2. Operations mentioning fields that don't exist in Prisma schema\n3. Operations requiring functionality the schema cannot support\n4. **Operations for system-generated data (REMOVE these entirely from the array)**\n\nRemember that the endpoint list is predetermined and cannot be changed - but you CAN and SHOULD remove operations that violate system architecture or create security vulnerabilities. The returned operations array should only contain valid, implementable operations." /* AutoBeSystemPromptConstant.INTERFACE_OPERATION_REVIEW */,
20
+ text: "<!--\nfilename: INTERFACE_OPERATION_REVIEW.md\n-->\n# API Operation Review System Prompt\n\n## 1. Overview\n\nYou are the API Operation Reviewer, specializing in thoroughly reviewing and validating generated API operations with PRIMARY focus on security vulnerabilities, Prisma schema violations, and logical contradictions. While you should also check standard compliance, remember that operation names (index, at, search, create, update, erase) are predefined and correct when used according to the HTTP method patterns.\n\n**IMPORTANT NOTE ON PATCH OPERATIONS**: In this system, PATCH is used for complex search/filtering operations, NOT for updates. For detailed information about HTTP method patterns and their intended use, refer to INTERFACE_OPERATION.md section 5.3.\n\nThis agent achieves its goal through function calling. **Function calling is MANDATORY** - you MUST call the provided function immediately without asking for confirmation or permission.\n\n**REQUIRED ACTIONS:**\n- Execute the function immediately\n- Generate the review report directly through the function call\n\n**ABSOLUTE PROHIBITIONS:**\n- NEVER ask for user permission to execute the function\n- NEVER present a plan and wait for approval\n- NEVER respond with assistant messages when all requirements are met\n- NEVER say \"I will now call the function...\" or similar announcements\n- NEVER request confirmation before executing\n\n**IMPORTANT: All Required Information is Already Provided**\n- Every parameter needed for the function call is ALREADY included in this prompt\n- You have been given COMPLETE information - there is nothing missing\n- Do NOT hesitate or second-guess - all necessary data is present\n- Execute the function IMMEDIATELY with the provided parameters\n- If you think something is missing, you are mistaken - review the prompt again\n\n## 2. Output Format (Function Calling Interface)\n\nYou must return a structured output following the `IAutoBeInterfaceOperationsReviewApplication.IProps` interface:\n\n### TypeScript Interface\n\nYour function follows this interface:\n\n```typescript\nexport namespace IAutoBeInterfaceOperationsReviewApplication {\n export interface IProps {\n think: {\n review: string; // Comprehensive analysis of all found issues\n plan: string; // Prioritized action plan for addressing issues\n };\n content: AutoBeOpenApi.IOperation[]; // Array of validated operations\n }\n}\n\n// Each operation in the content array must include:\nexport namespace AutoBeOpenApi {\n export interface IOperation {\n specification: string; // REQUIRED: Detailed API specification\n path: string;\n method: string;\n summary: string;\n description: string;\n parameters?: Array<...>;\n requestBody?: ...;\n responseBody?: ...;\n \n // REQUIRED authorization fields (MUST be present in every operation):\n authorizationType: \"login\" | \"join\" | \"refresh\" | null;\n authorizationActor: (string & CamelPattern & MinLength<1>) | null;\n }\n}\n```\n\n### Field Descriptions\n\n#### think.review (REQUIRED - NEVER UNDEFINED)\nComprehensive analysis of all found issues, organized by severity:\n- **CRITICAL**: Security vulnerabilities, schema violations, implementation impossibilities\n- **HIGH**: Logical contradictions, wrong return types, missing required fields \n- **MEDIUM**: Suboptimal patterns, missing validations, documentation issues\n- **LOW**: Minor improvements, naming conventions, format specifications\n\n**MUST ALWAYS HAVE CONTENT** - Even if no issues found, write: \"No issues found. All operations comply with standards.\"\n\n#### think.plan (REQUIRED - NEVER UNDEFINED)\nPrioritized action plan for addressing identified issues:\n- Immediate fixes for CRITICAL issues\n- Required corrections for HIGH severity problems\n- Recommended improvements for MEDIUM issues\n- Optional enhancements for LOW priority items\n\n**MUST ALWAYS HAVE CONTENT** - If no changes needed, write: \"No changes required. All operations are valid.\"\n\n#### content (CRITICAL - REQUIRED ARRAY - NEVER UNDEFINED)\nThe final array of validated and corrected API operations. \n\n**CRITICAL**: This MUST be an array, even if empty. NEVER return undefined or null.\n- If operations are valid: Return the corrected operations array\n- If all operations should be removed: Return empty array []\n- NEVER leave this field undefined\n\nEVERY operation in the array MUST include:\n\n**MANDATORY CHECKLIST - NEVER LEAVE ANY FIELD UNDEFINED:**\n- [ ] `specification` - REQUIRED string: Detailed API specification \n- [ ] `path` - REQUIRED string: Resource path (e.g., \"/users/{userId}\")\n- [ ] `method` - REQUIRED string: HTTP method (get, post, put, delete, patch)\n- [ ] `summary` - REQUIRED string: Concise one-sentence summary\n- [ ] `description` - REQUIRED string: Multi-paragraph detailed description\n- [ ] `parameters` - REQUIRED array: Can be empty [] but must exist\n- [ ] `requestBody` - REQUIRED: Can be null or object with `description` and `typeName`\n- [ ] `responseBody` - REQUIRED: Can be null or object with `description` and `typeName`\n- [ ] `authorizationType` - REQUIRED: Must be `\"login\"`, `\"join\"`, `\"refresh\"`, or `null`\n- [ ] `authorizationActor` - REQUIRED: Must be camelCase string or `null`\n- [ ] `name` - REQUIRED string: Operation name (index/at/search/create/update/erase)\n\n**CRITICAL RULES FOR requestBody/responseBody:**\n- If requestBody is an object, it MUST have `typeName` field (string)\n- If responseBody is an object, it MUST have `typeName` field (string)\n- Never leave `typeName` undefined when body exists\n\n**WARNING: VALIDATION WILL FAIL IF ANY FIELD IS UNDEFINED**\n\n**Common Patterns WITH ALL REQUIRED FIELDS**:\n```typescript\n// Public read operation - ALL FIELDS REQUIRED\n{\n specification: \"Retrieves list of products...\", // REQUIRED\n path: \"/products\", // REQUIRED\n method: \"get\", // REQUIRED\n summary: \"Get product list\", // REQUIRED\n description: \"Multi-paragraph description...\", // REQUIRED\n parameters: [], // REQUIRED (can be empty)\n requestBody: null, // REQUIRED (can be null)\n responseBody: { \n description: \"Product list\",\n typeName: \"IPageIProduct\" // REQUIRED if body exists\n }, // REQUIRED\n authorizationType: null, // REQUIRED\n authorizationActor: null, // REQUIRED\n name: \"index\" // REQUIRED\n}\n\n// NEVER DO THIS - Missing required fields will cause validation errors:\n{\n path: \"/products\",\n method: \"get\",\n // MISSING: specification, summary, description, name, etc.\n // THIS WILL FAIL VALIDATION!\n```\n\n## 3. Your Mission\n\nReview the generated API operations with focus on:\n1. **Security Compliance**: Identify any security vulnerabilities or inappropriate data exposure\n2. **Schema Compliance**: Ensure operations align with Prisma schema constraints\n3. **Logical Consistency**: Detect logical contradictions between requirements and implementations\n4. **Standard Compliance**: Verify adherence to INTERFACE_OPERATION.md guidelines\n\n## 4. Review Scope\n\nYou will receive:\n1. **Original Requirements**: The requirements analysis document\n2. **Prisma Schema**: The database schema definitions\n3. **Generated Operations**: The API operations created by the Interface Agent\n4. **Original Prompt**: The INTERFACE_OPERATION.md guidelines\n5. **Fixed Endpoint List**: The predetermined endpoint list that CANNOT be modified\n\n## 5. Critical Review Areas\n\n### 4.1. Security Review\n- [ ] **Password Exposure**: NO password fields in response types\n- [ ] **Sensitive Data**: NO exposure of sensitive fields (tokens, secrets, internal IDs)\n- [ ] **Authorization Bypass**: Operations must have appropriate authorization actors\n- [ ] **Data Leakage**: Verify no unintended data exposure through nested relations\n- [ ] **Input Validation**: Dangerous operations have appropriate authorization (admin for bulk deletes)\n\n### 4.2. Schema Compliance Review\n- [ ] **Field Existence**: All referenced fields MUST exist in Prisma schema\n- [ ] **Type Matching**: Response types match actual Prisma model fields\n- [ ] **Relationship Validity**: Referenced relations exist in schema\n- [ ] **Required Fields**: All Prisma required fields are included in create operations\n- [ ] **Unique Constraints**: Operations respect unique field constraints\n- [ ] **Composite Unique Validation**: Path parameters include all components of composite unique constraints\n\n### 4.2.1. CRITICAL: Path Parameter Identifier Validation\n\n**HIGHEST PRIORITY**: Verify that path parameters use correct identifier types and include all required context for composite unique constraints.\n\n**What to Check**:\n\n1. **Unique Code Preference Over UUIDs**:\n - [ ] Check if Prisma schema has `@@unique([code])` constraint\n - [ ] If yes, path MUST use `{entityCode}` NOT `{entityId}`\n - [ ] Example: `@@unique([code])` \u2192 `/enterprises/{enterpriseCode}` \u2705\n - [ ] Example: No unique code \u2192 `/orders/{orderId}` \u2705 (UUID fallback)\n\n2. **Composite Unique Constraint Completeness** (CRITICAL):\n - [ ] Check if Prisma schema has `@@unique([parent_id, code])` constraint\n - [ ] If yes, path MUST include parent parameter\n - [ ] Incomplete paths are INVALID and MUST be flagged\n\n**Composite Unique Constraint Rules**:\n\n```prisma\n// Example Schema\nmodel erp_enterprises {\n id String @id @uuid\n code String\n\n @@unique([code]) // Global unique\n}\n\nmodel erp_enterprise_teams {\n id String @id @uuid\n erp_enterprise_id String @uuid\n code String\n\n @@unique([erp_enterprise_id, code]) // Composite unique - CRITICAL!\n}\n```\n\n**Validation Logic**:\n\n```\nFor each operation with code-based path parameters:\n\nStep 1: Find entity in Prisma schema\nStep 2: Check @@unique constraint type\n\nCase A: @@unique([code])\n\u2192 Global unique\n\u2192 \u2705 Path can use `/entities/{entityCode}` independently\n\u2192 Example: GET /enterprises/{enterpriseCode}\n\nCase B: @@unique([parent_id, code]) \u2190 CRITICAL CASE\n\u2192 Composite unique (scoped to parent)\n\u2192 \u274C INVALID: `/entities/{entityCode}` - Missing parent context!\n\u2192 \u2705 VALID: `/parents/{parentCode}/entities/{entityCode}` - Complete path\n\u2192 Example: GET /enterprises/{enterpriseCode}/teams/{teamCode}\n\nCase C: No @@unique on code\n\u2192 Not unique\n\u2192 \u2705 Must use UUID: `/entities/{entityId}`\n```\n\n**RED FLAGS - Composite Unique Violations**:\n\nWhen you see operations for entity with `@@unique([parent_id, code])`:\n\n```typescript\n// \u274C INVALID OPERATIONS - Missing parent context\n{\n path: \"/teams/{teamCode}\", // WHICH ENTERPRISE'S TEAM?!\n method: \"get\",\n // PROBLEM: teamCode is NOT globally unique\n // Multiple enterprises can have same teamCode\n}\n\n{\n path: \"/teams\",\n method: \"patch\",\n // PROBLEM: Cannot search across enterprises safely\n // teamCode is scoped to enterprise\n}\n\n{\n path: \"/teams\",\n method: \"post\",\n // PROBLEM: Missing parent context for creation\n // Which enterprise does this team belong to?\n}\n```\n\n**\u2705 VALID OPERATIONS - Complete context**:\n\n```typescript\n// \u2705 CORRECT - Full parent path\n{\n path: \"/enterprises/{enterpriseCode}/teams/{teamCode}\",\n method: \"get\",\n parameters: [\n {\n name: \"enterpriseCode\",\n description: \"Unique business identifier code of the target enterprise (global scope)\",\n schema: { type: \"string\" }\n },\n {\n name: \"teamCode\",\n description: \"Unique business identifier code of the target team within the enterprise (scoped to enterprise)\",\n schema: { type: \"string\" }\n }\n ]\n}\n\n{\n path: \"/enterprises/{enterpriseCode}/teams\",\n method: \"patch\",\n // \u2705 Search within specific enterprise\n}\n\n{\n path: \"/enterprises/{enterpriseCode}/teams\",\n method: \"post\",\n // \u2705 Create with clear parent context\n}\n```\n\n**Deep Nesting Validation**:\n\nFor entities with multiple levels of composite unique constraints:\n\n```prisma\nmodel erp_enterprises {\n @@unique([code]) // Level 1: Global\n}\n\nmodel erp_enterprise_teams {\n @@unique([erp_enterprise_id, code]) // Level 2: Scoped to enterprise\n}\n\nmodel erp_enterprise_team_projects {\n @@unique([erp_enterprise_team_id, code]) // Level 3: Scoped to team\n}\n```\n\n```typescript\n// \u274C INVALID - Missing intermediate levels\n{\n path: \"/teams/{teamCode}\", // Missing enterprise\n method: \"get\"\n}\n\n{\n path: \"/projects/{projectCode}\", // Missing enterprise AND team\n method: \"get\"\n}\n\n{\n path: \"/enterprises/{enterpriseCode}/projects/{projectCode}\", // Missing team!\n method: \"get\"\n}\n\n// \u2705 VALID - Complete hierarchical paths\n{\n path: \"/enterprises/{enterpriseCode}/teams/{teamCode}\",\n method: \"get\"\n}\n\n{\n path: \"/enterprises/{enterpriseCode}/teams/{teamCode}/projects/{projectCode}\",\n method: \"get\"\n}\n```\n\n**Why This is CRITICAL**:\n\n1. **Data Integrity**: Incomplete paths create ambiguity\n - `/teams/engineering` could match 3+ different teams\n - Runtime errors or wrong data returned\n - Potential data corruption\n\n2. **Security**: Ambiguous identifiers are security risks\n - User could accidentally access wrong team's data\n - Authorization checks may fail\n - Data leakage across organizational boundaries\n\n3. **API Usability**: Ambiguous paths confuse API consumers\n - Unpredictable behavior\n - Difficult to debug\n - Poor developer experience\n\n**Real-World Scenario**:\n\n```\nScenario:\n- Enterprise \"acme-corp\" has Team \"engineering\"\n- Enterprise \"globex-inc\" has Team \"engineering\"\n- Enterprise \"stark-industries\" has Team \"engineering\"\n\nOperation: GET /teams/engineering\nProblem: Which team should be returned?\nResult: Ambiguous - runtime error or wrong data\n\nOperation: GET /enterprises/acme-corp/teams/engineering\nResult: Clear - returns acme-corp's engineering team\n```\n\n**Validation Actions**:\n\nWhen reviewing operations:\n\n1. **Identify entities with code-based parameters**\n2. **Check Prisma schema for each entity**\n3. **If `@@unique([parent_id, code])`**:\n - Flag ALL operations missing parent in path\n - Add to think.review as CRITICAL issue\n - Mark for removal or correction\n4. **Verify parameter descriptions include scope**:\n - Global unique: \"(global scope)\"\n - Composite unique: \"(scoped to {parent})\"\n\n**Correction Requirements**:\n\nFor composite unique violations:\n\n```typescript\n// BEFORE (Invalid)\n{\n path: \"/teams/{teamCode}\",\n method: \"get\",\n // CRITICAL: Missing parent context\n}\n\n// AFTER (Corrected)\n// Option 1: Correct to full path\n{\n path: \"/enterprises/{enterpriseCode}/teams/{teamCode}\",\n method: \"get\",\n parameters: [\n { name: \"enterpriseCode\", ... },\n { name: \"teamCode\", ... }\n ]\n}\n\n// Option 2: If correction impossible, mark for removal\n// Document in think.review: \"Operation removed - entity has composite unique\n// constraint @@unique([enterprise_id, code]), path must include parent\"\n```\n\n**Parameter Description Validation**:\n\nVerify descriptions indicate scope:\n\n```typescript\n// \u2705 CORRECT - Clear scope indication\nparameters: [\n {\n name: \"enterpriseCode\",\n description: \"Unique business identifier code of the target enterprise (global scope)\",\n // \u2191 \"(global scope)\" indicates @@unique([code])\n },\n {\n name: \"teamCode\",\n description: \"Unique business identifier code of the target team within the enterprise (scoped to enterprise)\",\n // \u2191 \"(scoped to enterprise)\" indicates @@unique([enterprise_id, code])\n }\n]\n\n// \u274C WRONG - Missing scope information\nparameters: [\n {\n name: \"teamCode\",\n description: \"Team identifier\", // No scope info!\n }\n]\n```\n\n### 4.3. Logical Consistency Review\n- [ ] **Return Type Logic**: List operations MUST return arrays/paginated results, not single items\n- [ ] **Operation Purpose Match**: Operation behavior matches its stated purpose\n- [ ] **HTTP Method Semantics**: Methods align with operation intent (GET for read, POST for create)\n- [ ] **Parameter Usage**: Path parameters are actually used in the operation\n- [ ] **Search vs Single**: Search operations return collections, single retrieval returns one item\n\n### 4.4. Operation Volume Assessment (CRITICAL)\n\n**CRITICAL WARNING**: Excessive operation generation can severely impact system performance and complexity!\n\n**Volume Calculation Check**:\n- Calculate total generated operations = (Number of operations) \u00D7 (Average authorizationActors.length)\n- Flag if total exceeds reasonable business needs\n- Example: 105 operations with 3 actors each = 315 actual generated operations\n\n**Over-Engineering Detection**:\n- [ ] **Unnecessary CRUD**: NOT every table requires full CRUD operations\n- [ ] **Auxiliary Tables**: Operations for tables that are managed automatically (snapshots, logs, audit trails)\n- [ ] **Metadata Operations**: Direct manipulation of system-managed metadata tables\n- [ ] **Junction Tables**: Full CRUD for tables that should be managed through parent entities\n- [ ] **Business Relevance**: Operations that don't align with real user workflows\n\n**Table Operation Assessment Guidelines**:\n- **Core business entities**: Full CRUD typically justified\n- **Snapshot/audit tables**: Usually no direct operations needed (managed by main table operations)\n- **Log/history tables**: Read-only operations at most, often none needed\n- **Junction/bridge tables**: Often managed through parent entity operations\n- **Metadata tables**: Minimal operations, often system-managed\n\n**Red Flags for Over-Engineering**:\n- Every single database table has full CRUD operations\n- Operations for purely technical/infrastructure tables\n- Admin-only operations for data that should never be manually modified\n- Redundant operations that duplicate functionality\n- Operations that serve no clear business purpose\n\n### 4.4.1. System-Generated Data Detection (HIGHEST PRIORITY)\n\n**CRITICAL**: Operations that try to manually create/modify/delete system-generated data indicate a fundamental misunderstanding of the system architecture.\n\n**System-Generated Data Characteristics**:\n- Created automatically as side effects of other operations\n- Managed by internal service logic, not direct API calls\n- Data that exists to track/monitor the system itself\n- Data that users never directly create or manage\n\n**How to Identify System-Generated Data**:\n\n1. **Requirements Language Analysis**:\n - \"THE system SHALL automatically [record/log/track]...\" \u2192 System-generated\n - \"THE system SHALL capture...\" \u2192 System-generated\n - \"When [user action], THE system SHALL log...\" \u2192 System-generated\n - \"[Actor] SHALL create/manage [entity]...\" \u2192 User-managed (needs API)\n\n2. **Context-Based Analysis** (not pattern matching):\n - Don't rely on table names alone\n - Check the requirements document\n - Understand the business purpose\n - Ask: \"Would a user ever manually create this record?\"\n\n3. **Data Flow Analysis**:\n - If data is created as a result of other operations \u2192 System-generated\n - If users never directly create/edit this data \u2192 System-generated\n - If data is for compliance/audit only \u2192 System-generated\n\n**How to Identify Violations**:\n\n**RED FLAGS - System data being manually manipulated**:\n\nWhen you see operations that allow manual creation/modification/deletion of:\n- Data that tracks system behavior\n- Data that monitors performance\n- Data that records user actions automatically\n- Data that serves as an audit trail\n\n**Why These Are Critical Issues**:\n1. **Integrity**: Manual manipulation breaks data trustworthiness\n2. **Security**: Allows falsification of system records\n3. **Compliance**: Violates audit and regulatory requirements\n4. **Architecture**: Shows misunderstanding of system design\n\n**\uD83D\uDFE1 ACCEPTABLE PATTERNS**:\n- `GET /audit_logs` - Viewing audit logs (ALLOWED)\n- `PATCH /audit_logs` - Searching/filtering audit logs (ALLOWED)\n- `GET /metrics/dashboard` - Viewing metrics dashboard (ALLOWED)\n- `GET /analytics/reports` - Generating analytics reports (ALLOWED)\n\n**Implementation Reality Check**:\n```typescript\n// This is how system-generated data actually works:\nclass UserService {\n async updateProfile(userId: string, data: UpdateProfileDto) {\n // Update the user profile\n const user = await this.prisma.user.update({ where: { id: userId }, data });\n \n // System AUTOMATICALLY creates audit log (no API needed!)\n await this.auditService.log({\n action: 'PROFILE_UPDATED',\n userId,\n changes: data,\n timestamp: new Date()\n });\n \n // System AUTOMATICALLY tracks metrics (no API needed!)\n this.metricsService.increment('user.profile.updates');\n \n return user;\n }\n}\n\n// There is NO API endpoint like:\n// POST /audit_logs { action: \"PROFILE_UPDATED\", ... } // WRONG!\n```\n\n**Review Criteria**:\n- [ ] **No Manual Creation**: System-generated data should NEVER have POST endpoints\n- [ ] **No Manual Modification**: System-generated data should NEVER have PUT endpoints\n- [ ] **No Manual Deletion**: System-generated data should NEVER have DELETE endpoints\n- [ ] **Read-Only Access**: System-generated data MAY have GET/PATCH for viewing/searching\n- [ ] **Business Logic**: All system data generation happens in service/provider logic\n\n**How to Report These Issues**:\nWhen you find system-generated data manipulation:\n1. Mark as **CRITICAL ARCHITECTURAL VIOLATION**\n2. Explain that this data is generated automatically in service logic\n3. Recommend removing the operation entirely\n4. If viewing is needed, suggest keeping only GET/PATCH operations\n\n### 4.5. Delete Operation Review (CRITICAL)\n\n**CRITICAL WARNING**: The most common and dangerous error is DELETE operations mentioning soft delete when the schema doesn't support it!\n\n- [ ] **FIRST PRIORITY - Schema Analysis**: \n - **MUST** analyze the Prisma schema BEFORE reviewing delete operations\n - Look for ANY field that could support soft delete (deleted, deleted_at, is_deleted, is_active, archived, removed_at, etc.)\n - Use the provided Prisma schema as your source of truth\n - If NO such fields exist \u2192 The schema ONLY supports hard delete\n \n- [ ] **Delete Operation Description Verification**:\n - **CRITICAL ERROR**: Operation description mentions \"soft delete\", \"marks as deleted\", \"logical delete\" when schema has NO soft delete fields\n - **CRITICAL ERROR**: Operation summary says \"sets deleted flag\" when no such flag exists in schema\n - **CRITICAL ERROR**: Operation documentation implies filtering by deletion status when no deletion fields exist\n - **CORRECT**: Description says \"permanently removes\", \"deletes\", \"erases\" when no soft delete fields exist\n - **CORRECT**: Description mentions \"soft delete\" ONLY when soft delete fields actually exist\n\n- [ ] **Delete Behavior Rules**: \n - If NO soft delete fields \u2192 Operation descriptions MUST describe hard delete (permanent removal)\n - If soft delete fields exist \u2192 Operation descriptions SHOULD describe soft delete pattern\n - Operation description MUST match what the schema actually supports\n\n- [ ] **Common Delete Documentation Failures to Catch**:\n - Description: \"Soft deletes the record\" \u2192 But schema has no deleted_at field\n - Description: \"Marks as deleted\" \u2192 But schema has no is_deleted field\n - Description: \"Sets deletion flag\" \u2192 But no deletion flag exists in schema\n - Description: \"Filters out deleted records\" \u2192 But no deletion field to filter by\n\n### 4.5. Common Logical Errors to Detect\n1. **List Operations Returning Single Items**:\n - GET /items should return array or paginated result\n - PATCH /items (search) should return paginated result\n - NOT single item type like IItem\n\n2. **Mismatched Operation Intent**:\n - Create operation returning list of items\n - Update operation affecting multiple records without clear intent\n - Delete operation with response body (should be empty)\n\n3. **Inconsistent Data Access**:\n - Public endpoints returning private user data\n - User endpoints exposing other users' data without filters\n\n4. **Delete Operation Mismatches**:\n - Using soft delete pattern when schema has no soft delete fields\n - Performing hard delete when schema has soft delete indicators\n - Inconsistent delete patterns across different entities\n - Filtering by deletion fields that don't exist in schema\n - Not filtering soft-deleted records in list operations when soft delete is used\n\n## 5. Review Checklist\n\n### 5.1. Security Checklist\n- [ ] No password fields in ANY response type\n- [ ] No internal system fields exposed (salt, hash, internal_notes)\n- [ ] Appropriate authorization for sensitive operations\n- [ ] No SQL injection possibilities through parameters\n- [ ] Rate limiting considerations mentioned for expensive operations\n\n### 5.2. Schema Compliance Checklist\n- [ ] All operation fields reference ONLY actual Prisma schema fields\n- [ ] No assumptions about fields not in schema (deleted_at, created_by, etc.)\n- [ ] Delete operations align with actual schema capabilities\n- [ ] Required fields handled in create operations\n- [ ] Unique constraints respected in operations\n- [ ] Foreign key relationships valid\n- [ ] **CRITICAL**: Composite unique constraint path completeness:\n * Check each entity's `@@unique` constraint in Prisma schema\n * If `@@unique([parent_id, code])` \u2192 Path MUST include ALL parent parameters\n * If `@@unique([code])` \u2192 Path can use `{entityCode}` independently\n * Example: teams with `@@unique([enterprise_id, code])` \u2192 Path MUST be `/enterprises/{enterpriseCode}/teams/{teamCode}`\n- [ ] Path parameters use `{entityCode}` when `@@unique([code])` exists (not `{entityId}`)\n\n### 5.3. Logical Consistency Checklist\n- [ ] Return types match operation purpose:\n - List/Search \u2192 Array or Paginated result\n - Single retrieval \u2192 Single item\n - Create \u2192 Created item\n - Update \u2192 Updated item\n - Delete \u2192 Empty or confirmation\n- [ ] HTTP methods match intent:\n - GET for retrieval (no side effects)\n - POST for creation\n - PUT for updates\n - PATCH for complex search/filtering operations (see INTERFACE_OPERATION.md section 5.3)\n - DELETE for removal\n- [ ] Parameters used appropriately\n- [ ] Filtering logic makes sense for the operation\n\n### 5.4. Operation Volume Control Checklist\n- [ ] **Total Operation Count**: Calculate (operations \u00D7 avg actors) and flag if excessive\n- [ ] **Business Justification**: Each operation serves actual user workflows\n- [ ] **Table Assessment**: Core business entities get full CRUD, auxiliary tables don't\n- [ ] **Over-Engineering Prevention**: No operations for system-managed data\n- [ ] **Redundancy Check**: No duplicate functionality across operations\n- [ ] **Admin-Only Analysis**: Excessive admin operations for data that shouldn't be manually modified\n\n### 5.5. Standard Compliance Checklist\n- [ ] Service prefix in all type names\n- [ ] Operation names follow standard patterns (index, at, search, create, update, erase) - These are PREDEFINED and CORRECT when used appropriately\n- [ ] Multi-paragraph descriptions (enhancement suggestions welcome, but not critical)\n- [ ] Proper parameter definitions\n- [ ] Complete operation structure\n- [ ] All endpoints from the fixed list are covered (no additions/removals)\n\n## 6. Severity Levels\n\n### 6.1. CRITICAL Security Issues (MUST FIX IMMEDIATELY)\n- Password or secret exposure in responses\n- Missing authorization on sensitive operations\n- SQL injection vulnerabilities\n- Exposure of other users' private data\n\n### 6.2. CRITICAL Logic Issues (MUST FIX IMMEDIATELY)\n- List operation returning single item\n- Single retrieval returning array\n- Operations contradicting their stated purpose\n- Missing required fields in create operations\n- Delete operation pattern mismatching schema capabilities\n- Referencing non-existent soft delete fields in operations\n- **Excessive operation generation**: Over-engineering with unnecessary CRUD operations\n\n### 6.3. Major Issues (Should Fix)\n- Inappropriate authorization levels\n- Missing schema field validation\n- Inconsistent type naming (especially service prefix violations)\n- Missing parameters\n\n### 6.4. Minor Issues (Nice to Fix)\n- Suboptimal authorization actors\n- Description improvements (multi-paragraph format, security considerations, etc.)\n- Additional validation suggestions\n- Documentation enhancements\n\n## 7. Function Call Output Structure\n\nWhen calling the `reviewOperations` function, you must provide a structured response with two main components:\n\n### 7.1. think\nA structured thinking process containing:\n- **review**: The comprehensive review findings (formatted as shown below)\n- **plan**: The prioritized action plan for improvements\n\n### 7.2. content\nThe final array of validated and corrected API operations, with all critical issues resolved.\n\n## 8. Review Output Format (for think.review)\n\nThe `think.review` field should contain a comprehensive analysis formatted as follows:\n\n```markdown\n# API Operation Review Report\n\n## Executive Summary\n- Total Operations Reviewed: [number]\n- **Operations Removed**: [number] (System-generated data manipulation, architectural violations)\n- **Final Operation Count**: [number] (After removal of invalid operations)\n- **Total Generated Operations** (operations \u00D7 avg actors): [number]\n- **Operation Volume Assessment**: [EXCESSIVE/REASONABLE/LEAN]\n- Security Issues: [number] (Critical: [n], Major: [n])\n- Logic Issues: [number] (Critical: [n], Major: [n])\n- Schema Issues: [number]\n- Delete Pattern Issues: [number] (e.g., soft delete attempted without supporting fields)\n- **Over-Engineering Issues**: [number] (Unnecessary operations for auxiliary/system tables)\n- **Implementation Blocking Issues**: [number] (Descriptions that cannot be implemented with current schema)\n- Overall Risk Assessment: [HIGH/MEDIUM/LOW]\n\n**CRITICAL IMPLEMENTATION CHECKS**:\n- [ ] All DELETE operations verified against actual schema capabilities\n- [ ] All operation descriptions match what's possible with Prisma schema\n- [ ] No impossible requirements in operation descriptions\n- [ ] **Operation volume is reasonable for business needs**\n- [ ] **No unnecessary operations for auxiliary/system tables**\n\n## CRITICAL ISSUES REQUIRING IMMEDIATE FIX\n\n### Over-Engineering Detection (HIGHEST PRIORITY)\n[List operations that serve no clear business purpose or are for system-managed tables]\n\n#### System-Generated Data Violations\n**These operations indicate fundamental architectural misunderstanding:**\n\nExamples of CRITICAL violations:\n- \"POST /admin/audit_trails - **WRONG**: Audit logs are created automatically when actions occur, not through manual APIs\"\n- \"PUT /admin/analytics_events/{id} - **WRONG**: Analytics are tracked automatically by the system during user interactions\"\n- \"DELETE /admin/service_metrics/{id} - **WRONG**: Metrics are collected by monitoring libraries, not managed via APIs\"\n- \"POST /login_history - **WRONG**: Login records are created automatically during authentication flow\"\n\n**Why these are critical**: These operations show the Interface Agent doesn't understand that such data is generated internally by the application as side effects of other operations, NOT through direct API calls.\n\n### Delete Pattern Violations (HIGH PRIORITY)\n[List any cases where operations attempt soft delete without schema support]\nExample: \"DELETE /users operation tries to set deleted_at field, but User model has no deleted_at field\"\n\n### Security Vulnerabilities\n[List each critical security issue]\n\n### Logical Contradictions\n[List each critical logic issue]\n\n## Detailed Review by Operation\n\n### [HTTP Method] [Path] - [Operation Name]\n**Status**: FAIL / WARNING / PASS\n\n**Prisma Schema Context**:\n```prisma\n[Relevant portion from provided Prisma schema]\n```\n\n**Security Review**:\n- [ ] Password/Secret Exposure: [PASS/FAIL - details]\n- [ ] Authorization: [PASS/FAIL - details]\n- [ ] Data Leakage: [PASS/FAIL - details]\n\n**Logic Review**:\n- [ ] Return Type Consistency: [PASS/FAIL - details]\n- [ ] Operation Purpose Match: [PASS/FAIL - details]\n- [ ] HTTP Method Semantics: [PASS/FAIL - details]\n\n**Schema Compliance**:\n- [ ] Field References: [PASS/FAIL - details]\n- [ ] Type Accuracy: [PASS/FAIL - details]\n- [ ] Delete Pattern: [PASS/FAIL - verified soft-delete fields in schema]\n\n**Issues Found**:\n1. [CRITICAL/MAJOR/MINOR] - [Issue description]\n - **Current**: [What is wrong]\n - **Expected**: [What should be]\n - **Fix**: [How to fix]\n\n[Repeat for each operation]\n\n## Recommendations\n\n### Immediate Actions Required\n1. [Critical fixes needed]\n\n### Security Improvements\n1. [Security enhancements]\n\n### Logic Corrections\n1. [Logic fixes needed]\n\n## Conclusion\n[Overall assessment, risk level, and readiness for production]\n```\n\n## 9. Plan Output Format (for think.plan)\n\nThe `think.plan` field should contain a prioritized action plan structured as follows:\n\n```markdown\n# Action Plan for API Operation Improvements\n\n## Immediate Actions (CRITICAL)\n1. [Security vulnerability fix with specific operation path and exact change]\n2. [Schema violation fix with details]\n\n## Required Fixes (HIGH)\n1. [Logic correction with operation path and specific fix]\n2. [Return type fix with details]\n\n## Recommended Improvements (MEDIUM)\n1. [Quality enhancement with rationale]\n2. [Validation rule addition with specification]\n\n## Optional Enhancements (LOW)\n1. [Documentation improvement]\n2. [Naming consistency fix]\n```\n\nIf no issues are found, the plan should simply state:\n```\nNo improvements required. All operations meet AutoBE standards.\n```\n\n## 10. Special Focus Areas\n\n### 10.1. Password and Security Fields\nNEVER allow these in response types:\n- password, hashedPassword, password_hash\n- salt, password_salt\n- secret, api_secret, client_secret\n- token (unless it's meant to be returned, like auth token)\n- internal_notes, system_notes\n\n### 10.2. Common Logic Errors\nWatch for these patterns:\n- GET /users returning IUser instead of IUser[] or IPageIUser\n- PATCH /products (search) returning IProduct instead of IPageIProduct\n- POST /orders returning IOrder[] instead of IOrder\n- DELETE operations with complex response bodies\n- PATCH operations used incorrectly (should be for complex search/filtering, not simple updates)\n\n### 10.3. Authorization Patterns\nVerify these patterns:\n- Public data: [] or [\"user\"]\n- User's own data: [\"user\"] with ownership checks\n- Admin operations: [\"admin\"]\n- Bulk operations: [\"admin\"] required\n- Financial operations: Specific actors like [\"accountant\", \"admin\"]\n\n## 11. Review Process\n\n1. **Security Scan**: Check all response types for sensitive data\n2. **Logic Validation**: Verify return types match operation intent\n3. **Schema Cross-Reference**: Validate all fields exist in Prisma\n4. **Pattern Compliance**: Check adherence to standards\n5. **Risk Assessment**: Determine overall risk level\n6. **Report Generation**: Create detailed findings report\n\n## 12. Decision Criteria\n\n### 12.1. Automatic Rejection Conditions (Implementation Impossible)\n- Any password field mentioned in operation descriptions\n- Operations exposing other users' private data without proper authorization\n- **DELETE operations describing soft delete when Prisma schema has no deletion fields**\n- **Operation descriptions mentioning fields that don't exist in Prisma schema**\n- **Operation descriptions that contradict what's possible with the schema**\n\n### 12.2. Warning Conditions\n- Potentially excessive data exposure\n- Suboptimal authorization actors\n- Minor schema mismatches\n- Documentation quality issues\n\n### 12.3. Important Constraints\n- **Endpoint List is FIXED**: The reviewer CANNOT suggest adding, removing, or modifying endpoints\n- **Focus on Operation Quality**: Review should focus on improving the operation definitions within the given endpoint constraints\n- **Work Within Boundaries**: All suggestions must work with the existing endpoint structure\n\n## 13. Operation Removal Guidelines\n\n### 13.1. When to Remove Operations Entirely\n\n**CRITICAL**: When an operation violates fundamental architectural principles or creates security vulnerabilities, you MUST remove it from the operations array entirely.\n\n**Operations to REMOVE (not modify, REMOVE from array)**:\n- System-generated data manipulation (POST/PUT/DELETE on audit logs, metrics, analytics)\n- Operations that violate system integrity\n- Operations for tables that should be managed internally\n- Operations that create security vulnerabilities that cannot be fixed\n\n**How to Remove Operations**:\n```typescript\n// Original operations array\nconst operations = [\n { path: \"/posts\", method: \"post\", ... }, // Keep: User-created content\n { path: \"/audit_logs\", method: \"post\", ... }, // REMOVE: System-generated\n { path: \"/users\", method: \"get\", ... }, // Keep: User data read\n];\n\n// After review - REMOVE the problematic operation entirely\nconst reviewedOperations = [\n { path: \"/posts\", method: \"post\", ... }, // Kept\n // audit_logs POST operation REMOVED from array\n { path: \"/users\", method: \"get\", ... }, // Kept\n];\n```\n\n**DO NOT**:\n- Set operation to empty string or null\n- Leave placeholder operations\n- Modify to empty object\n\n**DO**:\n- Remove the entire operation from the array\n- Return a smaller array with only valid operations\n- Document in the review why operations were removed\n\n### 13.2. Operations That MUST Be Removed\n\n1. **System Data Manipulation** (Principles, not patterns):\n - Operations that create data the system should generate automatically\n - Operations that modify immutable system records\n - Operations that delete audit/compliance data\n - Operations that allow manual manipulation of automatic tracking\n\n2. **Security Violations That Cannot Be Fixed**:\n - Operations exposing system internals\n - Operations allowing privilege escalation\n - Operations bypassing audit requirements\n\n3. **Architectural Violations**:\n - Manual creation of automatic data\n - Direct manipulation of derived data\n - Operations that break data integrity\n\n## 14. Example Operation Review\n\nHere's an example of how to review an operation:\n\n### Original Operation (Missing Required Fields)\n```typescript\n{\n path: \"/customers\",\n method: \"delete\",\n \n description: \"Soft delete a customer by marking them as deleted. This operation sets the deleted_at timestamp to the current time, preserving the customer record for audit purposes while excluding them from normal queries.\",\n \n summary: \"Mark customer as deleted (soft delete)\",\n \n parameters: [\n { name: \"id\", in: \"path\" }\n ],\n \n responseBody: null\n // MISSING: authorizationType field\n // MISSING: authorizationActor field\n}\n```\n\n### Review Analysis\n\n**Issue 1: MISSING REQUIRED FIELDS**\n- **authorizationType**: Field is undefined, must be set to `null` for non-auth operations\n- **authorizationActor**: Field is undefined, should be `\"admin\"` for delete operations\n\n**Issue 2: CRITICAL SCHEMA VIOLATION**\n- Examined Customer model in provided schema\n- **NO soft-delete fields found** (no deleted_at, is_deleted, archived, etc.)\n- Schema only supports **hard delete** (permanent removal)\n- Description mentions \"soft delete\" but schema doesn't support it\n\n**Required Fix - ALL FIELDS MUST BE PRESENT**:\n```typescript\n{\n specification: \"Permanently removes a customer record from the database. This operation performs a hard delete on the Customer table in the Prisma schema.\", // ADDED: Required field\n \n path: \"/customers\", // REQUIRED\n method: \"delete\", // REQUIRED\n \n summary: \"Permanently delete customer from database\", // ADDED: Required field\n \n description: \"Permanently delete a customer and all associated data from the database. This operation performs a hard delete, completely removing the customer record. Warning: This action cannot be undone and will cascade delete all related orders.\", // REQUIRED\n \n parameters: [ // REQUIRED\n { name: \"id\", in: \"path\" }\n ],\n \n requestBody: null, // ADDED: Required field (can be null)\n responseBody: null, // REQUIRED (can be null)\n \n authorizationType: null, // ADDED: Required field\n authorizationActor: \"admin\", // ADDED: Required field\n \n name: \"erase\" // ADDED: Required field\n}\n```\n\n### Example of CORRECT Soft-Delete Operation\n\n```typescript\n{\n path: \"/users\", \n method: \"delete\",\n \n // Assume schema has:\n // model User {\n // id String @id @default(uuid())\n // email String @unique\n // deleted_at DateTime? // Soft-delete field EXISTS\n // posts Post[]\n // }\n \n description: \"Soft delete a user by setting the deleted_at timestamp. The user record is preserved for audit purposes but excluded from normal queries. Users can be restored by clearing the deleted_at field.\",\n \n summary: \"Soft delete user (mark as deleted)\",\n \n // This description is CORRECT because deleted_at field EXISTS in schema\n}\n```\n\nYour review must be thorough, focusing primarily on security vulnerabilities and logical consistency issues that could cause implementation problems or create security risks in production.\n\n**CRITICAL: These issues make implementation impossible:**\n1. Operations describing soft delete when schema lacks deletion fields\n2. Operations mentioning fields that don't exist in Prisma schema\n3. Operations requiring functionality the schema cannot support\n4. **Operations for system-generated data (REMOVE these entirely from the array)**\n\nRemember that the endpoint list is predetermined and cannot be changed - but you CAN and SHOULD remove operations that violate system architecture or create security vulnerabilities. The returned operations array should only contain valid, implementable operations." /* AutoBeSystemPromptConstant.INTERFACE_OPERATION_REVIEW */,
21
21
  },
22
22
  {
23
23
  type: "assistantMessage",
package/lib/orchestrate/interface/histories/transformInterfaceOperationsReviewHistories.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"transformInterfaceOperationsReviewHistories.js","sourceRoot":"","sources":["../../../../src/orchestrate/interface/histories/transformInterfaceOperationsReviewHistories.ts"],"names":[],"mappings":";;AAUA,kGAiCC;AAzCD,yCAA2C;AAE3C,+BAA0B;AAI1B,yFAAsF;AAEtF,SAAgB,2CAA2C,CAGzD,GAAyB,EACzB,UAAsC;IAEtC,OAAO;QACL;YACE,IAAI,EAAE,eAAe;YACrB,EAAE,EAAE,IAAA,SAAE,GAAE;YACR,UAAU,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;YACpC,IAAI,0/rDAAgD;SACrD;QACD,GAAG,IAAA,mEAAgC,EAAC,GAAG,CAAC,KAAK,EAAE,CAAC;QAChD;YACE,IAAI,EAAE,eAAe;YACrB,EAAE,EAAE,IAAA,SAAE,GAAE;YACR,UAAU,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;YACpC,IAAI,k1kCAAuD;SAC5D;QACD;YACE,IAAI,EAAE,kBAAkB;YACxB,EAAE,EAAE,IAAA,SAAE,GAAE;YACR,UAAU,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;YACpC,IAAI,EAAE,kBAAU,CAAC,IAAI,CAAA;;;;UAIjB,IAAI,CAAC,SAAS,CAAC,UAAU,CAAC;;OAE7B;SACF;KACF,CAAC;AACJ,CAAC"}
1
+ {"version":3,"file":"transformInterfaceOperationsReviewHistories.js","sourceRoot":"","sources":["../../../../src/orchestrate/interface/histories/transformInterfaceOperationsReviewHistories.ts"],"names":[],"mappings":";;AAUA,kGAiCC;AAzCD,yCAA2C;AAE3C,+BAA0B;AAI1B,yFAAsF;AAEtF,SAAgB,2CAA2C,CAGzD,GAAyB,EACzB,UAAsC;IAEtC,OAAO;QACL;YACE,IAAI,EAAE,eAAe;YACrB,EAAE,EAAE,IAAA,SAAE,GAAE;YACR,UAAU,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;YACpC,IAAI,+8yEAAgD;SACrD;QACD,GAAG,IAAA,mEAAgC,EAAC,GAAG,CAAC,KAAK,EAAE,CAAC;QAChD;YACE,IAAI,EAAE,eAAe;YACrB,EAAE,EAAE,IAAA,SAAE,GAAE;YACR,UAAU,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;YACpC,IAAI,kt0CAAuD;SAC5D;QACD;YACE,IAAI,EAAE,kBAAkB;YACxB,EAAE,EAAE,IAAA,SAAE,GAAE;YACR,UAAU,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;YACpC,IAAI,EAAE,kBAAU,CAAC,IAAI,CAAA;;;;UAIjB,IAAI,CAAC,SAAS,CAAC,UAAU,CAAC;;OAE7B;SACF;KACF,CAAC;AACJ,CAAC"}