@goxtechnologies/connectwise-psa-mcp 1.1.0

package/dist/tools/validation.js

@@ -0,0 +1,705 @@
+// ConnectWise PSA MCP Server — Validation & Approval Tools
+//
+// cw_validate_timesheets: 8-rule validation engine
+// cw_accrual_balance: fetch and format accrual balances for a member
+// cw_approve_timesheets: full approval workflow — validate, reject violations, approve clean sheets
+import { readFileSync, existsSync } from 'fs';
+import { dirname, join } from 'path';
+import { fileURLToPath } from 'url';
+import { getAPI } from '../services/connectwise-api.js';
+const __filename = fileURLToPath(import.meta.url);
+const __dirname = dirname(__filename);
+// ---------------------------------------------------------------------------
+// Tool definitions
+// ---------------------------------------------------------------------------
+export const validationTools = [
+    {
+        name: 'cw_validate_timesheets',
+        description: 'Validate all time entries for a member within a date range against 8 business rules. ' +
+            'Returns a list of violations tagged as either "reject" (must be corrected) or "warn" (advisory). ' +
+            'Rules: 5-minute rounding, deduction rounding, overlap detection, missing notes, department match, overtime flag, pause rules, and charge-code weekly limits.',
+        inputSchema: {
+            type: 'object',
+            properties: {
+                member_identifier: {
+                    type: 'string',
+                    description: 'ConnectWise member identifier (login name)',
+                },
+                start_date: {
+                    type: 'string',
+                    description: 'Period start date in ISO format (YYYY-MM-DD)',
+                },
+                end_date: {
+                    type: 'string',
+                    description: 'Period end date in ISO format (YYYY-MM-DD)',
+                },
+            },
+            required: ['member_identifier', 'start_date', 'end_date'],
+        },
+    },
+    {
+        name: 'cw_accrual_balance',
+        description: 'Retrieve and display the current accrual balances (vacation, sick, PTO, holiday, etc.) for a ConnectWise member.',
+        inputSchema: {
+            type: 'object',
+            properties: {
+                member_identifier: {
+                    type: 'string',
+                    description: 'ConnectWise member identifier (login name)',
+                },
+            },
+            required: ['member_identifier'],
+        },
+    },
+    {
+        name: 'cw_approve_timesheets',
+        description: 'Full timesheet approval workflow. Fetches timesheets for one or all members in a date range, ' +
+            'validates each against 8 business rules, then: rejects entries with REJECT violations (two-step: ' +
+            'reject individual entries first with comments, then reject the timesheet), and approves timesheets ' +
+            'with no REJECT violations. Use dry_run=true to preview without making changes. ' +
+            'Dry-run by default for safety.',
+        inputSchema: {
+            type: 'object',
+            properties: {
+                start_date: {
+                    type: 'string',
+                    description: 'Period start date in YYYY-MM-DD format',
+                },
+                end_date: {
+                    type: 'string',
+                    description: 'Period end date in YYYY-MM-DD format',
+                },
+                member_identifier: {
+                    type: 'string',
+                    description: 'Optional: specific member identifier. If omitted, processes ALL members with timesheets in the period.',
+                },
+                dry_run: {
+                    type: 'boolean',
+                    description: 'If true, validate and report but do NOT approve/reject anything in ConnectWise. Default: true (safe by default).',
+                },
+            },
+            required: ['start_date', 'end_date'],
+        },
+    },
+];
+// ---------------------------------------------------------------------------
+// Validation helpers
+// ---------------------------------------------------------------------------
+// ---------------------------------------------------------------------------
+// Timezone handling
+// ---------------------------------------------------------------------------
+// ConnectWise stores times in UTC but they represent local time (Eastern).
+// All validation (5-min rounding, overtime, overlaps, pauses) must use
+// local time, not UTC. Default: America/Toronto (ET).
+const LOCAL_TZ = process.env.CW_TIMEZONE ?? 'America/Toronto';
+/** Convert a UTC ISO datetime string to local time components. */
+function toLocal(iso) {
+    // Parse the UTC date, then get its representation in local timezone
+    const utc = new Date(iso);
+    // Use Intl to get the local time parts
+    const parts = new Intl.DateTimeFormat('en-CA', {
+        timeZone: LOCAL_TZ,
+        year: 'numeric', month: '2-digit', day: '2-digit',
+        hour: '2-digit', minute: '2-digit', second: '2-digit',
+        hour12: false,
+    }).formatToParts(utc);
+    const get = (type) => {
+        const part = parts.find(p => p.type === type);
+        return part ? parseInt(part.value, 10) : 0;
+    };
+    // Build a Date-like object with local time values
+    const local = new Date(get('year'), get('month') - 1, get('day'), get('hour'), get('minute'), get('second'));
+    return local;
+}
+/** Round a number to 2 decimal places for hour comparisons. */
+function round2(n) {
+    return Math.round(n * 100) / 100;
+}
+/** Parse an ISO datetime string and return local { hours, minutes }. */
+function parseHHMM(iso) {
+    if (!iso)
+        return null;
+    const local = toLocal(iso);
+    return { hours: local.getHours(), minutes: local.getMinutes() };
+}
+/** Return total minutes since midnight in LOCAL time for a time string. */
+function toMinutes(iso) {
+    const t = parseHHMM(iso);
+    if (!t)
+        return null;
+    return t.hours * 60 + t.minutes;
+}
+/** Extract local YYYY-MM-DD from an ISO datetime string (in local timezone). */
+function toDateKey(iso) {
+    const local = toLocal(iso);
+    const y = local.getFullYear();
+    const m = String(local.getMonth() + 1).padStart(2, '0');
+    const d = String(local.getDate()).padStart(2, '0');
+    return `${y}-${m}-${d}`;
+}
+// ---------------------------------------------------------------------------
+// Allowed deduct values (15-second increments expressed as fractions of 1 hour)
+// ---------------------------------------------------------------------------
+const VALID_DEDUCTS = new Set([0, 0.08, 0.17, 0.25, 0.33, 0.42, 0.5, 0.58, 0.67, 0.75, 0.83, 0.92, 1.0]);
+let _chargeCodeRules = null;
+function getChargeCodeRules() {
+    if (_chargeCodeRules)
+        return _chargeCodeRules;
+    try {
+        // Local override takes priority over shipped defaults
+        const pluginRoot = process.env.CLAUDE_PLUGIN_ROOT ?? join(__dirname, '../../../..');
+        const localPath = join(pluginRoot, 'config', 'charge-code-rules.local.json');
+        const defaultPath = join(pluginRoot, 'config', 'charge-code-rules.json');
+        const configPath = existsSync(localPath) ? localPath : defaultPath;
+        _chargeCodeRules = JSON.parse(readFileSync(configPath, 'utf-8'));
+    }
+    catch {
+        _chargeCodeRules = []; // No config file found — no charge code limits enforced
+    }
+    return _chargeCodeRules;
+}
+/** Get the applicable hour limit for a charge code given a role category. */
+function getChargeCodeLimit(codeName, roleCategory) {
+    const rules = getChargeCodeRules();
+    const rule = rules.find(r => r.charge_code_name === codeName && r.enabled);
+    if (!rule)
+        return null;
+    if (roleCategory === 'gestion' && rule.max_hours_gestion !== null)
+        return rule.max_hours_gestion;
+    if (roleCategory === 'dispatch' && rule.max_hours_dispatch !== null)
+        return rule.max_hours_dispatch;
+    return rule.max_hours_regular; // null means no limit
+}
+// ---------------------------------------------------------------------------
+// 8-rule validation engine
+// ---------------------------------------------------------------------------
+function validateEntries(entries, roleCategory = 'regular') {
+    const violations = [];
+    // Group by date for overlap and pause checks
+    const byDate = new Map();
+    for (const e of entries) {
+        const key = toDateKey(e.dateEntered);
+        const bucket = byDate.get(key) ?? [];
+        bucket.push(e);
+        byDate.set(key, bucket);
+    }
+    // Group by ISO-week + charge code for weekly cap checks
+    function isoWeek(dateStr) {
+        const d = new Date(dateStr);
+        const jan1 = new Date(d.getFullYear(), 0, 1);
+        const week = Math.ceil(((d.getTime() - jan1.getTime()) / 86400000 + jan1.getDay() + 1) / 7);
+        return `${d.getFullYear()}-W${String(week).padStart(2, '0')}`;
+    }
+    const weeklyChargeHours = new Map(); // "<week>:<chargeCode>" -> hours
+    // -------------------------------------------------------------------------
+    // Per-entry rules
+    // -------------------------------------------------------------------------
+    for (const entry of entries) {
+        // Rule 1: 5-minute rounding
+        const startT = parseHHMM(entry.timeStart);
+        const endT = parseHHMM(entry.timeEnd);
+        if (startT && startT.minutes % 5 !== 0) {
+            violations.push({
+                rule: '5min_rounding',
+                severity: 'reject',
+                entry_id: entry.id,
+                message: `timeStart ${entry.timeStart} is not on a 5-minute boundary`,
+                details: { timeStart: entry.timeStart, minutes: startT.minutes },
+            });
+        }
+        if (endT && endT.minutes % 5 !== 0) {
+            violations.push({
+                rule: '5min_rounding',
+                severity: 'reject',
+                entry_id: entry.id,
+                message: `timeEnd ${entry.timeEnd} is not on a 5-minute boundary`,
+                details: { timeEnd: entry.timeEnd, minutes: endT.minutes },
+            });
+        }
+        // Rule 2: deduction rounding
+        const deduct = round2(entry.hoursDeduct ?? 0);
+        if (!VALID_DEDUCTS.has(deduct)) {
+            violations.push({
+                rule: 'deduct_rounding',
+                severity: 'reject',
+                entry_id: entry.id,
+                message: `hoursDeduct ${deduct} is not a valid deduction value`,
+                details: { hoursDeduct: deduct, validValues: [...VALID_DEDUCTS] },
+            });
+        }
+        // Rule 4: missing notes
+        if ((entry.actualHours ?? 0) > 0 && !entry.notes?.trim()) {
+            violations.push({
+                rule: 'missing_notes',
+                severity: 'reject',
+                entry_id: entry.id,
+                message: 'Entry has hours but no notes',
+                details: { actualHours: entry.actualHours },
+            });
+        }
+        // Rule 6: overtime flag (warning only)
+        if (startT && endT) {
+            const startMin = startT.hours * 60 + startT.minutes;
+            const endMin = endT.hours * 60 + endT.minutes;
+            const beforeWork = startMin < 8 * 60; // before 08:00
+            const afterWork = endMin > 17 * 60; // after 17:00
+            if (beforeWork || afterWork) {
+                const wt = (entry.workType?.name ?? '').toLowerCase();
+                const isOvertime = wt.includes('overtime') || wt === 'ot' || wt.includes('majoré') || wt.includes('off-hours');
+                if (!isOvertime) {
+                    violations.push({
+                        rule: 'overtime_flag',
+                        severity: 'warn',
+                        entry_id: entry.id,
+                        message: `Entry spans outside 08:00–17:00 but work type is "${wt || 'unset'}" (not overtime)`,
+                        details: { timeStart: entry.timeStart, timeEnd: entry.timeEnd, workType: wt },
+                    });
+                }
+            }
+        }
+        // Rule 8: charge-code weekly limits (loaded from config/charge-code-rules.json)
+        const chargeCodeName = entry.chargeCode?.name;
+        if (chargeCodeName) {
+            const limit = getChargeCodeLimit(chargeCodeName, roleCategory);
+            if (limit !== null) {
+                const weekKey = `${isoWeek(toDateKey(entry.dateEntered))}:${chargeCodeName}`;
+                const accumulated = (weeklyChargeHours.get(weekKey) ?? 0) + (entry.actualHours ?? 0);
+                weeklyChargeHours.set(weekKey, accumulated);
+                if (accumulated > limit) {
+                    violations.push({
+                        rule: 'charge_code_limits',
+                        severity: 'reject',
+                        entry_id: entry.id,
+                        message: `Charge code "${chargeCodeName}" exceeds weekly limit of ${limit}h for role "${roleCategory}" (accumulated: ${round2(accumulated)}h)`,
+                        details: { chargeCode: chargeCodeName, limit, accumulated: round2(accumulated), roleCategory },
+                    });
+                }
+            }
+        }
+    }
+    // -------------------------------------------------------------------------
+    // Per-day rules (overlap detection, pause rules)
+    // -------------------------------------------------------------------------
+    for (const [date, dayEntries] of byDate) {
+        // Rule 3: overlap detection
+        // Sort by timeStart ascending
+        const sorted = [...dayEntries].sort((a, b) => {
+            const am = toMinutes(a.timeStart) ?? 0;
+            const bm = toMinutes(b.timeStart) ?? 0;
+            return am - bm;
+        });
+        for (let i = 0; i < sorted.length - 1; i++) {
+            const current = sorted[i];
+            const next = sorted[i + 1];
+            const currentEnd = toMinutes(current.timeEnd);
+            const nextStart = toMinutes(next.timeStart);
+            if (currentEnd !== null && nextStart !== null && currentEnd > nextStart) {
+                // Check if the overlap is accounted for by a compensatory deduction.
+                // The actual overlap is the time where both entries run simultaneously.
+                // If either entry's deduction covers that overlap, no double-billing.
+                const overlapMin = currentEnd - nextStart;
+                const currentDeductMin = (current.hoursDeduct ?? 0) * 60;
+                const nextDeductMin = (next.hoursDeduct ?? 0) * 60;
+                // If either entry's deduction covers the overlap duration (within
+                // 5-minute tolerance), the overlap is intentionally accounted for
+                const isCompensated = (currentDeductMin > 0 && currentDeductMin >= overlapMin - 5) ||
+                    (nextDeductMin > 0 && nextDeductMin >= overlapMin - 5);
+                if (!isCompensated) {
+                    violations.push({
+                        rule: 'overlap_detection',
+                        severity: 'reject',
+                        entry_id: next.id,
+                        message: `Entry #${next.id} starts at ${next.timeStart} before entry #${current.id} ends at ${current.timeEnd} on ${date}`,
+                        details: {
+                            date,
+                            overlapWithEntryId: current.id,
+                            conflictStart: next.timeStart,
+                            conflictEnd: current.timeEnd,
+                        },
+                    });
+                }
+            }
+        }
+        // Rule 7: pause rules — max 0.25h deduct per AM / PM period per day
+        // Exempt leave/vacation entries — full-day leave uses 08:00-17:00 with 1h
+        // deduct as the standard template; this is not a "pause".
+        const LEAVE_KEYWORDS = ['vacances', 'vacation', 'congé', 'conge', 'sick', 'holiday', 'pto', 'férié', 'ferie', 'leave', 'absence'];
+        const isLeaveEntry = (e) => {
+            const wt = (e.workType?.name ?? '').toLowerCase();
+            return LEAVE_KEYWORDS.some(kw => wt.includes(kw));
+        };
+        // Identify compensatory deductions: if entry A has a deduct and another
+        // entry B is nested inside A's time range with duration ≈ A's deduct,
+        // then A's deduct is compensatory (accounts for B), not a pause.
+        const isCompensatoryDeduct = (entry) => {
+            if ((entry.hoursDeduct ?? 0) <= 0)
+                return false;
+            const entryStart = toMinutes(entry.timeStart);
+            const entryEnd = toMinutes(entry.timeEnd);
+            if (entryStart === null || entryEnd === null)
+                return false;
+            const deductMin = (entry.hoursDeduct ?? 0) * 60;
+            // Check if any other entry on this day is nested inside this entry's range
+            for (const other of dayEntries) {
+                if (other.id === entry.id)
+                    continue;
+                const otherStart = toMinutes(other.timeStart);
+                const otherEnd = toMinutes(other.timeEnd);
+                if (otherStart === null || otherEnd === null)
+                    continue;
+                if (otherStart >= entryStart && otherEnd <= entryEnd) {
+                    const otherDuration = otherEnd - otherStart;
+                    if (Math.abs(deductMin - otherDuration) <= 5)
+                        return true;
+                }
+            }
+            return false;
+        };
+        // Filter out leave entries and compensatory deductions before summing
+        const pauseEntries = dayEntries.filter(e => !isLeaveEntry(e) && !isCompensatoryDeduct(e));
+        const amEntries = pauseEntries.filter((e) => {
+            const t = parseHHMM(e.timeStart);
+            return t !== null && t.hours < 12;
+        });
+        const pmEntries = pauseEntries.filter((e) => {
+            const t = parseHHMM(e.timeStart);
+            return t !== null && t.hours >= 12;
+        });
+        const amDeduct = amEntries.reduce((s, e) => s + (e.hoursDeduct ?? 0), 0);
+        const pmDeduct = pmEntries.reduce((s, e) => s + (e.hoursDeduct ?? 0), 0);
+        if (round2(amDeduct) > 0.25) {
+            // Flag the last AM entry as the carrier of the violation
+            const lastAm = amEntries[amEntries.length - 1];
+            if (lastAm) {
+                violations.push({
+                    rule: 'pause_rules',
+                    severity: 'reject',
+                    entry_id: lastAm.id,
+                    message: `AM deductions for ${date} total ${round2(amDeduct)}h — maximum is 0.25h`,
+                    details: { date, period: 'AM', totalDeduct: round2(amDeduct), limit: 0.25 },
+                });
+            }
+        }
+        if (round2(pmDeduct) > 0.25) {
+            const lastPm = pmEntries[pmEntries.length - 1];
+            if (lastPm) {
+                violations.push({
+                    rule: 'pause_rules',
+                    severity: 'reject',
+                    entry_id: lastPm.id,
+                    message: `PM deductions for ${date} total ${round2(pmDeduct)}h — maximum is 0.25h`,
+                    details: { date, period: 'PM', totalDeduct: round2(pmDeduct), limit: 0.25 },
+                });
+            }
+        }
+    }
+    // Note: Rule 5 (department_match) requires member profile data.
+    // The check is intentionally omitted here to avoid an extra API round-trip
+    // inside the validation loop; it is surfaced as a design-time warning instead.
+    // If the caller provides member department info in a future parameter, add it here.
+    return violations;
+}
+// ---------------------------------------------------------------------------
+// text helper
+// ---------------------------------------------------------------------------
+function text(t) {
+    return { content: [{ type: 'text', text: t }] };
+}
+// ---------------------------------------------------------------------------
+// Handler
+// ---------------------------------------------------------------------------
+export async function handleValidationTool(toolName, args) {
+    const api = getAPI();
+    switch (toolName) {
+        // -----------------------------------------------------------------------
+        case 'cw_validate_timesheets': {
+            const memberIdentifier = String(args['member_identifier'] ?? '').trim();
+            const startDate = String(args['start_date'] ?? '').trim();
+            const endDate = String(args['end_date'] ?? '').trim();
+            if (!memberIdentifier || !startDate || !endDate) {
+                return text('Error: member_identifier, start_date, and end_date are all required.');
+            }
+            // Basic ISO date format check
+            const isoDateRe = /^\d{4}-\d{2}-\d{2}$/;
+            if (!isoDateRe.test(startDate) || !isoDateRe.test(endDate)) {
+                return text('Error: start_date and end_date must be in YYYY-MM-DD format.');
+            }
+            // Fetch time entries
+            let entries;
+            try {
+                const conditions = `member/identifier='${memberIdentifier}' AND dateEntered>=[${startDate}] AND dateEntered<=[${endDate}]`;
+                const rawEntries = await api.paginatedFetch('/time/entries', conditions, undefined, 1000);
+                entries = rawEntries.items;
+            }
+            catch (err) {
+                const msg = err instanceof Error ? err.message : String(err);
+                return text(`Error fetching time entries: ${msg}`);
+            }
+            if (entries.length === 0) {
+                return text(`No time entries found for member "${memberIdentifier}" between ${startDate} and ${endDate}.`);
+            }
+            const violations = validateEntries(entries);
+            const rejects = violations.filter((v) => v.severity === 'reject');
+            const warns = violations.filter((v) => v.severity === 'warn');
+            const passed = rejects.length === 0;
+            const result = {
+                member: memberIdentifier,
+                period: `${startDate} to ${endDate}`,
+                totalEntries: entries.length,
+                violations,
+                passed,
+            };
+            // Build human-readable summary
+            const lines = [
+                `Validation result for ${memberIdentifier} (${startDate} to ${endDate})`,
+                `Total entries : ${entries.length}`,
+                `Status        : ${passed ? 'PASSED' : 'FAILED'}`,
+                `Violations    : ${rejects.length} reject${rejects.length !== 1 ? 's' : ''}, ${warns.length} warning${warns.length !== 1 ? 's' : ''}`,
+                '',
+            ];
+            if (violations.length === 0) {
+                lines.push('All entries passed validation.');
+            }
+            else {
+                if (rejects.length > 0) {
+                    lines.push('--- REJECTS (must be corrected) ---');
+                    for (const v of rejects) {
+                        lines.push(`  Entry #${v.entry_id} [${v.rule}]: ${v.message}`);
+                    }
+                    lines.push('');
+                }
+                if (warns.length > 0) {
+                    lines.push('--- WARNINGS (advisory) ---');
+                    for (const v of warns) {
+                        lines.push(`  Entry #${v.entry_id} [${v.rule}]: ${v.message}`);
+                    }
+                }
+            }
+            lines.push('');
+            lines.push('--- Full JSON result ---');
+            lines.push(JSON.stringify(result, null, 2));
+            return text(lines.join('\n'));
+        }
+        // -----------------------------------------------------------------------
+        case 'cw_accrual_balance': {
+            const memberIdentifier = String(args['member_identifier'] ?? '').trim();
+            if (!memberIdentifier) {
+                return text('Error: member_identifier is required.');
+            }
+            let accruals;
+            try {
+                const raw = await api.request({
+                    path: '/time/accruals',
+                    method: 'GET',
+                    params: { conditions: `member/identifier='${memberIdentifier}'` },
+                });
+                accruals = Array.isArray(raw) ? raw : [];
+            }
+            catch (err) {
+                const msg = err instanceof Error ? err.message : String(err);
+                return text(`Error fetching accruals: ${msg}`);
+            }
+            if (accruals.length === 0) {
+                return text(`No accrual records found for member "${memberIdentifier}".`);
+            }
+            const lines = [
+                `Accrual balances for ${memberIdentifier}`,
+                '',
+                `${'Type'.padEnd(22)} ${'Current Bal'.padStart(12)} ${'YTD Hours'.padStart(12)} ${'Available'.padStart(12)}`,
+                `${'-'.repeat(22)} ${'-'.repeat(12)} ${'-'.repeat(12)} ${'-'.repeat(12)}`,
+            ];
+            for (const raw of accruals) {
+                const record = raw;
+                const typeName = record.accrualType?.name ?? 'Unknown';
+                const current = round2(record.currentBalance ?? 0);
+                const ytd = round2(record.ytdHours ?? 0);
+                const available = round2(record.availableHours ?? record.currentBalance ?? 0);
+                lines.push(`${typeName.padEnd(22)} ${String(current).padStart(12)} ${String(ytd).padStart(12)} ${String(available).padStart(12)}`);
+            }
+            lines.push('');
+            lines.push('--- Raw JSON ---');
+            lines.push(JSON.stringify(accruals, null, 2));
+            return text(lines.join('\n'));
+        }
+        // -----------------------------------------------------------------------
+        case 'cw_approve_timesheets': {
+            return await approveTimesheets(args, api);
+        }
+        // -----------------------------------------------------------------------
+        default:
+            return text(`Unknown validation tool: ${toolName}`);
+    }
+}
+async function approveTimesheets(args, api) {
+    const startDate = String(args['start_date'] ?? '').trim();
+    const endDate = String(args['end_date'] ?? '').trim();
+    const memberFilter = args['member_identifier'] ? String(args['member_identifier']).trim() : null;
+    const dryRun = args['dry_run'] !== false; // Default true — safe by default
+    if (!startDate || !endDate) {
+        return text('Error: start_date and end_date are required (YYYY-MM-DD).');
+    }
+    const lines = [];
+    lines.push(`## Timesheet Approval Workflow`);
+    lines.push(`Period: ${startDate} to ${endDate}`);
+    lines.push(`Mode: ${dryRun ? 'DRY RUN (no changes will be made)' : 'LIVE — will approve/reject in ConnectWise'}`);
+    if (memberFilter)
+        lines.push(`Member filter: ${memberFilter}`);
+    lines.push('');
+    // Step 1: Fetch timesheets in the period
+    let timesheetConditions = `dateStart>=[${startDate}] AND dateStart<=[${endDate}]`;
+    if (memberFilter) {
+        timesheetConditions += ` AND member/identifier='${memberFilter}'`;
+    }
+    // Only process Open or PendingApproval timesheets
+    // Note: CW timesheet `status` is a flat string, not an object — no /name accessor
+    timesheetConditions += ` AND (status='Open' OR status='PendingApproval')`;
+    let timesheets;
+    try {
+        const raw = await api.paginatedFetch('/time/sheets', timesheetConditions, undefined, 500);
+        timesheets = raw.items;
+    }
+    catch (err) {
+        const msg = err instanceof Error ? err.message : String(err);
+        return text(`Error fetching timesheets: ${msg}`);
+    }
+    if (timesheets.length === 0) {
+        return text(`No Open or PendingApproval timesheets found for ${memberFilter ?? 'any member'} between ${startDate} and ${endDate}.`);
+    }
+    lines.push(`Found ${timesheets.length} timesheet(s) to process.`);
+    lines.push('');
+    const fetchResults = await Promise.all(timesheets.map(async (ts) => {
+        const memberId = ts.member?.identifier ?? 'unknown';
+        try {
+            const entryConds = `member/identifier='${memberId}' AND dateEntered>=[${ts.dateStart}] AND dateEntered<=[${ts.dateEnd}]`;
+            const raw = await api.paginatedFetch('/time/entries', entryConds, undefined, 1000);
+            return { ts, entries: raw.items, error: null };
+        }
+        catch (err) {
+            const msg = err instanceof Error ? err.message : String(err);
+            return { ts, entries: null, error: msg };
+        }
+    }));
+    const validated = fetchResults.map(fr => {
+        if (!fr.entries || fr.entries.length === 0) {
+            return { ...fr, violations: [], rejects: [], warns: [] };
+        }
+        const violations = validateEntries(fr.entries);
+        return {
+            ...fr,
+            violations,
+            rejects: violations.filter(v => v.severity === 'reject'),
+            warns: violations.filter(v => v.severity === 'warn'),
+        };
+    });
+    lines.push(`Fetched & validated ${timesheets.length} timesheets in parallel.`);
+    lines.push('');
+    // Step 4: PARALLEL APPROVE/REJECT — execute actions for all timesheets at once
+    const results = await Promise.all(validated.map(async (v) => {
+        const memberId = v.ts.member?.identifier ?? 'unknown';
+        const memberName = v.ts.member?.name ?? memberId;
+        const tsId = v.ts.id;
+        // Error during fetch
+        if (v.error) {
+            return { member: memberId, timesheetId: tsId, action: 'ERROR', rejectCount: 0, warnCount: 0, entryCount: 0, rejectedEntryIds: [], message: v.error };
+        }
+        // No entries
+        if (!v.entries || v.entries.length === 0) {
+            return { member: memberId, timesheetId: tsId, action: 'SKIPPED', rejectCount: 0, warnCount: 0, entryCount: 0, rejectedEntryIds: [], message: 'No entries' };
+        }
+        const entryCount = v.entries.length;
+        if (v.rejects.length > 0) {
+            // REJECT path
+            const entryIdsToReject = [...new Set(v.rejects.map(viol => viol.entry_id))];
+            if (!dryRun) {
+                // Reject individual entries IN PARALLEL
+                const rejectionResults = await Promise.all(entryIdsToReject.map(async (entryId) => {
+                    const entryViolations = v.rejects.filter(viol => viol.entry_id === entryId);
+                    const comment = 'Automated rejection: ' + entryViolations.map(viol => `[${viol.rule}] ${viol.message}`).join('; ');
+                    try {
+                        await api.requestWithRetry({
+                            path: `/time/entries/${entryId}/reject`,
+                            method: 'POST',
+                            body: { approvalType: 'Tier1Update', comment },
+                        });
+                        return { entryId, success: true };
+                    }
+                    catch (err) {
+                        return { entryId, success: false };
+                    }
+                }));
+                const rejectedIds = rejectionResults.filter(r => r.success).map(r => r.entryId);
+                // Then reject the timesheet (must come AFTER entries)
+                try {
+                    await api.requestWithRetry({
+                        path: `/time/sheets/${tsId}/reject`,
+                        method: 'POST',
+                        body: { approvalType: 'Tier1Update' },
+                    });
+                }
+                catch { /* logged in summary */ }
+                return { member: memberId, timesheetId: tsId, action: 'REJECTED', rejectCount: v.rejects.length, warnCount: v.warns.length, entryCount, rejectedEntryIds: rejectedIds, message: `${rejectedIds.length} entries rejected` };
+            }
+            else {
+                return { member: memberId, timesheetId: tsId, action: 'REJECTED', rejectCount: v.rejects.length, warnCount: v.warns.length, entryCount, rejectedEntryIds: entryIdsToReject, message: 'DRY RUN' };
+            }
+        }
+        else {
+            // APPROVE path
+            if (!dryRun) {
+                try {
+                    await api.requestWithRetry({
+                        path: `/time/sheets/${tsId}/approve`,
+                        method: 'POST',
+                        body: { approvalType: 'Tier1Update' },
+                    });
+                }
+                catch { /* logged in summary */ }
+                return { member: memberId, timesheetId: tsId, action: 'APPROVED', rejectCount: 0, warnCount: v.warns.length, entryCount, rejectedEntryIds: [], message: v.warns.length > 0 ? `Approved with ${v.warns.length} warnings` : 'Clean approval' };
+            }
+            else {
+                return { member: memberId, timesheetId: tsId, action: 'APPROVED', rejectCount: 0, warnCount: v.warns.length, entryCount, rejectedEntryIds: [], message: 'DRY RUN' };
+            }
+        }
+    }));
+    // Step 5: Build human-readable output from results
+    for (const r of results) {
+        const memberName = timesheets.find(ts => ts.id === r.timesheetId)?.member?.name ?? r.member;
+        lines.push(`### ${memberName} (timesheet #${r.timesheetId})`);
+        lines.push(`  Entries: ${r.entryCount} | Rejects: ${r.rejectCount} | Warnings: ${r.warnCount}`);
+        lines.push(`  Decision: **${r.action}** — ${r.message}`);
+        // Show violation details
+        const v = validated.find(v => v.ts.id === r.timesheetId);
+        if (v && v.rejects.length > 0) {
+            for (const viol of v.rejects) {
+                lines.push(`    - Entry #${viol.entry_id} [${viol.rule}]: ${viol.message}`);
+            }
+        }
+        if (v && v.warns.length > 0) {
+            for (const viol of v.warns) {
+                lines.push(`    ⚠ Entry #${viol.entry_id} [${viol.rule}]: ${viol.message}`);
+            }
+        }
+        lines.push('');
+    }
+    // Summary
+    const approved = results.filter(r => r.action === 'APPROVED').length;
+    const rejected = results.filter(r => r.action === 'REJECTED').length;
+    const skipped = results.filter(r => r.action === 'SKIPPED').length;
+    const errors = results.filter(r => r.action === 'ERROR').length;
+    lines.push('---');
+    lines.push('## Summary');
+    lines.push(`| Status | Count |`);
+    lines.push(`|--------|-------|`);
+    lines.push(`| Approved | ${approved} |`);
+    lines.push(`| Rejected | ${rejected} |`);
+    lines.push(`| Skipped | ${skipped} |`);
+    lines.push(`| Errors | ${errors} |`);
+    lines.push(`| **Total** | **${results.length}** |`);
+    if (dryRun) {
+        lines.push('');
+        lines.push('> **This was a DRY RUN.** No changes were made in ConnectWise.');
+        lines.push('> To execute for real, run again with `dry_run: false`.');
+    }
+    return text(lines.join('\n'));
+}
+//# sourceMappingURL=validation.js.map