@linkup-ai/abap-ai 0.1.1 → 0.2.0

package/dist/sap-policy-loader.js

@@ -0,0 +1,255 @@
+"use strict";
+/**
+ * SAP Policy Loader — lê a security policy de dentro do SAP (ABAP Security Agent).
+ *
+ * Tenta ler a tabela ZLKP_AI_CONFIG via SQL Console (ADT datapreview/freestyle).
+ * Se a tabela existe, usa como fonte de verdade da policy.
+ * Se não existe (agente não instalado), retorna null e o fallback local é usado.
+ *
+ * Integração por plano:
+ * - Pro: lê via SQL Console (Opção A)
+ * - Enterprise/Corporate: lê via SQL Console no startup, valida via ICF em runtime (Opção B)
+ */
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.loadPolicyFromSap = loadPolicyFromSap;
+exports.isSecurityAgentInstalled = isSecurityAgentInstalled;
+exports.checkAndAuditViaSap = checkAndAuditViaSap;
+exports.isIcfHandlerAvailable = isIcfHandlerAvailable;
+const adt_client_js_1 = require("./adt-client.js");
+const data_format_js_1 = require("./tools/shared/data-format.js");
+/**
+ * Tenta carregar a policy do SAP via SQL Console.
+ * Retorna null se a tabela ZLKP_AI_CONFIG não existe (agente não instalado).
+ */
+async function loadPolicyFromSap(userName) {
+    try {
+        await (0, adt_client_js_1.ensureSession)();
+        // Ler toda a config do ambiente para o usuário atual
+        const sql = `SELECT env_role, user_group, tool_name, allowed, max_rows `
+            + `FROM zlkp_ai_config `
+            + `ORDER BY env_role, user_group, tool_name`;
+        const { data, status } = await (0, adt_client_js_1.adtPostText)("/datapreview/freestyle", sql, { rowNumber: "500" }, "application/vnd.sap.adt.datapreview.table.v1+xml");
+        // 404 ou erro = tabela não existe = agente não instalado
+        if (status >= 400)
+            return null;
+        const result = (0, data_format_js_1.parseDataPreview)(data);
+        if (result.rows.length === 0)
+            return null;
+        // Parsear as rows em SapPolicyConfig[]
+        const configs = parseConfigRows(result.columns.map((c) => c.name), result.rows);
+        // Determinar env_role (pegar o primeiro que aparecer — assumindo sistema single-env)
+        const envRoles = [...new Set(configs.map((c) => c.env_role))];
+        const envRole = envRoles[0] || "DEVELOPMENT";
+        // Filtrar configs para o env_role + resolver prioridade user > grupo > wildcard
+        const relevantConfigs = resolveUserConfigs(configs, envRole, userName.toUpperCase());
+        // Montar SecurityPolicy — usar always_blocked para tools EXPLICITAMENTE bloqueadas
+        // e allowed_levels amplos (o bloqueio individual é feito via always_blocked)
+        const blockedTools = [];
+        let maxRows = 0;
+        let allBlocked = false;
+        for (const cfg of relevantConfigs) {
+            if (cfg.tool_name === "*") {
+                if (!cfg.allowed)
+                    allBlocked = true;
+                if (cfg.max_rows > 0)
+                    maxRows = cfg.max_rows;
+            }
+            else {
+                if (!cfg.allowed) {
+                    blockedTools.push(cfg.tool_name);
+                }
+                if (cfg.max_rows > 0 && (maxRows === 0 || cfg.max_rows < maxRows)) {
+                    maxRows = cfg.max_rows;
+                }
+            }
+        }
+        // Allowed levels: amplos para DEV, restrito para QAS/PRD
+        // O bloqueio granular é feito via always_blocked (tool por tool)
+        const allowedLevels = allBlocked
+            ? ["READ"]
+            : envRole === "DEVELOPMENT"
+                ? ["READ", "WRITE", "CREATE"]
+                : ["READ"];
+        const policy = {
+            environment_role: envRole,
+            allowed_levels: allowedLevels,
+            always_blocked: blockedTools,
+            require_transport: envRole !== "DEVELOPMENT",
+            max_preview_rows: maxRows || 0,
+        };
+        return policy;
+    }
+    catch {
+        // Qualquer erro = fallback para policy local (silencioso)
+        return null;
+    }
+}
+/**
+ * Verifica se o ABAP Security Agent está instalado (tabela existe).
+ */
+async function isSecurityAgentInstalled() {
+    try {
+        await (0, adt_client_js_1.ensureSession)();
+        const { status } = await (0, adt_client_js_1.adtPostText)("/datapreview/freestyle", "SELECT COUNT(*) AS cnt FROM zlkp_ai_config", { rowNumber: "1" }, "application/vnd.sap.adt.datapreview.table.v1+xml");
+        return status >= 200 && status < 300;
+    }
+    catch {
+        return false;
+    }
+}
+/**
+ * Chama o ICF handler do Security Agent para validar + gravar audit no SAP.
+ * Usado por Enterprise/Corporate (Opção B — ICF Handler).
+ *
+ * O handler /sap/z/lkpai/guard/check faz:
+ * 1. AUTHORITY-CHECK no ABAP
+ * 2. Grava ZLKP_AI_AUDIT automaticamente
+ * 3. Retorna { allowed: true/false, reason?, policy? }
+ *
+ * Para Pro (Opção A), o audit é gravado localmente (JSONL) — o SAP não tem
+ * o ICF handler instalado. O audit SAP-side fica apenas para Enterprise/Corporate.
+ */
+async function checkAndAuditViaSap(toolName, objType, objName) {
+    try {
+        const csrf = await (0, adt_client_js_1.ensureSession)();
+        const sapUrl = process.env.SAP_URL || "";
+        const sapClient = process.env.SAP_CLIENT || "100";
+        // Chamar ICF handler diretamente (fora do baseURL /sap/bc/adt)
+        const { default: axios } = await Promise.resolve().then(() => __importStar(require("axios")));
+        const response = await axios.post(`${sapUrl}/sap/z/lkpai/guard/check?sap-client=${sapClient}`, JSON.stringify({
+            tool: toolName,
+            obj_type: objType || "",
+            obj_name: objName || "",
+        }), {
+            headers: {
+                "Content-Type": "application/json",
+                "X-CSRF-Token": csrf,
+            },
+            auth: {
+                username: process.env.SAP_USER || "",
+                password: process.env.SAP_PASS || "",
+            },
+            validateStatus: (s) => s < 500,
+            timeout: 10000,
+        });
+        if (response.status === 200) {
+            return { allowed: true };
+        }
+        if (response.status === 403) {
+            const data = typeof response.data === "string" ? JSON.parse(response.data) : response.data;
+            return { allowed: false, reason: data?.reason || "Bloqueado pela policy SAP" };
+        }
+        // 404 = ICF handler não instalado → fallback
+        return null;
+    }
+    catch {
+        // ICF não disponível → fallback para policy local
+        return null;
+    }
+}
+/** Cache: se o ICF handler está disponível (checado 1x no startup) */
+let icfAvailable = null;
+/**
+ * Verifica se o ICF handler /sap/z/lkpai/guard está ativo.
+ */
+async function isIcfHandlerAvailable() {
+    if (icfAvailable !== null)
+        return icfAvailable;
+    try {
+        const result = await checkAndAuditViaSap("_probe_");
+        // Se retornou algo (mesmo denied), o handler existe
+        icfAvailable = result !== null;
+    }
+    catch {
+        icfAvailable = false;
+    }
+    return icfAvailable;
+}
+// ─── Helpers ──────────────────────────────────────────────────────
+function parseConfigRows(columnNames, rows) {
+    const idxEnv = columnNames.indexOf("ENV_ROLE");
+    const idxGroup = columnNames.indexOf("USER_GROUP");
+    const idxTool = columnNames.indexOf("TOOL_NAME");
+    const idxAllowed = columnNames.indexOf("ALLOWED");
+    const idxMaxRows = columnNames.indexOf("MAX_ROWS");
+    return rows.map((row) => ({
+        env_role: (row[idxEnv] || "").trim(),
+        user_group: (row[idxGroup] || "*").trim(),
+        tool_name: (row[idxTool] || "*").trim(),
+        allowed: (row[idxAllowed] || "").trim() === "X",
+        max_rows: parseInt(row[idxMaxRows] || "0", 10) || 0,
+    }));
+}
+/**
+ * Resolve prioridade de configs: usuário individual > grupo SU01 > wildcard '*'.
+ */
+function resolveUserConfigs(configs, envRole, userName) {
+    const envConfigs = configs.filter((c) => c.env_role === envRole);
+    // Agrupar por tool_name e resolver prioridade
+    const toolMap = new Map();
+    for (const cfg of envConfigs) {
+        const existing = toolMap.get(cfg.tool_name);
+        const priority = getUserGroupPriority(cfg.user_group, userName);
+        if (priority < 0)
+            continue; // Não se aplica a este usuário
+        if (!existing || priority > getUserGroupPriority(existing.user_group, userName)) {
+            toolMap.set(cfg.tool_name, cfg);
+        }
+    }
+    return Array.from(toolMap.values());
+}
+/**
+ * Retorna a prioridade do user_group para o usuário (maior = mais específico).
+ * -1 = não se aplica, 0 = wildcard, 2 = usuário individual.
+ *
+ * Nota: lookup de grupo SU01 (USR02-CLASS) não implementado no TypeScript.
+ * Entradas com user_group diferente de '*' e do userName são ignoradas (-1).
+ * O lookup de grupo é feito pelo ZCL_LKP_AI_GUARD no ABAP-side (Enterprise/Corporate).
+ */
+function getUserGroupPriority(userGroup, userName) {
+    if (userGroup === "*")
+        return 0;
+    if (userGroup.toUpperCase() === userName.toUpperCase())
+        return 2;
+    // Entradas para outros usuários/grupos não se aplicam a este user
+    return -1;
+}
+function generateSimpleGuid() {
+    return "xxxxxxxxxxxx4xxxyxxxxxxxxxxxxxxx".replace(/[xy]/g, (c) => {
+        const r = (Math.random() * 16) | 0;
+        return (c === "x" ? r : (r & 0x3) | 0x8).toString(16);
+    });
+}

package/dist/security-policy.js

@@ -22,6 +22,30 @@ exports.getDefaultPolicy = getDefaultPolicy;
 exports.listEnvironmentRoles = listEnvironmentRoles;
 const fs_1 = require("fs");
 const path_1 = require("path");
+const zod_1 = require("zod");
+// ─── Schema Zod para validação de policy carregada ───────────────
+const SecurityPolicySchema = zod_1.z.object({
+    environment_role: zod_1.z.enum(["DEVELOPMENT", "QUALITY", "PRODUCTION"]).optional(),
+    allowed_levels: zod_1.z.array(zod_1.z.enum(["READ", "WRITE", "CREATE", "DESTRUCTIVE", "ADMIN"])).optional(),
+    always_blocked: zod_1.z.array(zod_1.z.string()).optional(),
+    require_transport: zod_1.z.boolean().optional(),
+    max_preview_rows: zod_1.z.number().int().min(0).optional(),
+}).strict();
+/**
+ * Valida e parseia um objeto parcial de policy.
+ * Lança erro descritivo se o JSON não bate com o schema esperado.
+ */
+function validatePolicyInput(input, source) {
+    const result = SecurityPolicySchema.safeParse(input);
+    if (!result.success) {
+        const issues = result.error.issues
+            .map((i) => `  - ${i.path.join(".")}: ${i.message}`)
+            .join("\n");
+        throw new Error(`[SECURITY] Policy inválida (${source}):\n${issues}\n` +
+            `Corrija o arquivo/variável ou remova para usar o default (DEVELOPMENT).`);
+    }
+    return result.data;
+}
 /**
  * Mapa de cada tool para seu nível de risco.
  * TODA tool registrada DEVE estar neste mapa — tools não classificadas causam erro no startup.
@@ -83,9 +107,10 @@ const TOOL_RISK = {
     abap_create_dcl: "CREATE",
     abap_create_amdp: "CREATE",
     abap_scaffold_rap: "CREATE",
-    // WRITE — delete segue a mesma regra de escrita (permitido em DEV, bloqueado em QAS/PRD)
-    abap_delete: "WRITE",
-    // ADMIN — operações administrativas de alto impacto (sempre bloqueado)
+    // WRITE — execução de programas (requer ICF handler)
+    abap_execute: "WRITE",
+    // ADMIN — operações de alto impacto (sempre bloqueadas pelo MCP server)
+    abap_delete: "ADMIN",
     abap_release_transport: "ADMIN",
 };
 /**
@@ -126,7 +151,6 @@ const POLICY_QUALITY = {
     allowed_levels: ["READ"],
     always_blocked: [
         "abap_release_transport",
-        "abap_delete",
         "abap_scaffold_rap",
         "abap_create",
         "abap_create_dcl",
@@ -148,7 +172,6 @@ const POLICY_PRODUCTION = {
     allowed_levels: ["READ"],
     always_blocked: [
         "abap_release_transport",
-        "abap_delete",
         "abap_scaffold_rap",
         "abap_create",
         "abap_create_dcl",
@@ -191,22 +214,28 @@ function loadPolicy() {
     const policyJson = process.env.ABAP_AI_SECURITY_POLICY;
     if (policyJson) {
         try {
-            const parsed = JSON.parse(policyJson);
+            const raw = JSON.parse(policyJson);
+            const parsed = validatePolicyInput(raw, "env ABAP_AI_SECURITY_POLICY");
             return mergeWithDefault(parsed);
         }
-        catch {
-            // fallthrough
+        catch (e) {
+            // Se é erro de validação Zod, propagar (não silenciar)
+            if (e instanceof Error && e.message.includes("[SECURITY]"))
+                throw e;
+            // JSON parse error — fallthrough
         }
     }
     // 2. Arquivo central (gestores Enterprise/Corporate)
     if ((0, fs_1.existsSync)(CENTRAL_POLICY_PATH)) {
         try {
-            const raw = (0, fs_1.readFileSync)(CENTRAL_POLICY_PATH, "utf-8");
-            const parsed = JSON.parse(raw);
+            const raw = JSON.parse((0, fs_1.readFileSync)(CENTRAL_POLICY_PATH, "utf-8"));
+            const parsed = validatePolicyInput(raw, CENTRAL_POLICY_PATH);
             return mergeWithDefault(parsed);
         }
-        catch {
-            // fallthrough
+        catch (e) {
+            if (e instanceof Error && e.message.includes("[SECURITY]"))
+                throw e;
+            // JSON parse error — fallthrough
         }
     }
     // 3. Env role simples

package/dist/tests/create-payload.test.js

@@ -0,0 +1,213 @@
+"use strict";
+/**
+ * Testes unitários para buildPayload() — geração de XML ADT para criação de objetos ABAP.
+ *
+ * Testa os 15 tipos de objeto suportados por abap_create:
+ * PROG/P, CLAS/OC, INTF/OI, FUGR/F, DOMA/D, DTEL/D, TABL/DT, TABL/DS,
+ * TTYP/TT, MSAG/N, DDLS/DF, DDLX/MX, SRVD/SRV, BDEF/BDO, SRVB/SVB
+ */
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+Object.defineProperty(exports, "__esModule", { value: true });
+const vitest_1 = require("vitest");
+// Setar env vars antes de importar (adt-client.ts lê no import time)
+(0, vitest_1.beforeAll)(() => {
+    process.env.SAP_URL = "https://test.sap.local:8443";
+    process.env.SAP_USER = "TESTUSER";
+    process.env.SAP_PASS = "testpass";
+    process.env.SAP_CLIENT = "100";
+    process.env.SAP_LANGUAGE = "EN";
+});
+// Import dinâmico para garantir que env vars estão setadas
+async function getBuildPayload() {
+    const mod = await Promise.resolve().then(() => __importStar(require("../tools/create.js")));
+    return mod.buildPayload;
+}
+// ─── Helpers ──────────────────────────────────────────────────────
+function assertValidXml(xml) {
+    (0, vitest_1.expect)(xml).toMatch(/^<\?xml version="1\.0" encoding="UTF-8"\?>/);
+    // Verifica que tem pelo menos uma tag com namespace
+    (0, vitest_1.expect)(xml).toMatch(/<[a-zA-Z]+:[a-zA-Z]+/);
+    // Verifica que tem tag de fechamento ou é self-closing
+    (0, vitest_1.expect)(xml).toMatch(/<\/[a-zA-Z]+:[a-zA-Z]+>|\/>/);
+}
+function assertHasAttr(xml, attr, value) {
+    const regex = new RegExp(`${attr}="${value}"`, "i");
+    (0, vitest_1.expect)(xml).toMatch(regex);
+}
+function assertHasPackage(xml, pkg) {
+    (0, vitest_1.expect)(xml).toContain(`adtcore:name="${pkg}"`);
+}
+// ─── Tests ────────────────────────────────────────────────────────
+(0, vitest_1.describe)("buildPayload", () => {
+    const baseInput = {
+        object_name: "ztest_object",
+        description: "Test object description",
+        package: "ZTEST_PKG",
+    };
+    (0, vitest_1.describe)("campos comuns em todos os tipos", () => {
+        vitest_1.it.each([
+            "PROG/P", "CLAS/OC", "INTF/OI", "FUGR/F", "DOMA/D", "DTEL/D",
+            "TABL/DT", "TABL/DS", "TTYP/TT", "MSAG/N", "DDLS/DF", "DDLX/MX",
+            "SRVD/SRV", "BDEF/BDO",
+        ])("%s — gera XML válido com name, description e package", async (type) => {
+            const buildPayload = await getBuildPayload();
+            const xml = buildPayload({ ...baseInput, object_type: type });
+            assertValidXml(xml);
+            assertHasAttr(xml, "adtcore:name", "ZTEST_OBJECT");
+            assertHasAttr(xml, "adtcore:description", "Test object description");
+            assertHasPackage(xml, "ZTEST_PKG");
+            assertHasAttr(xml, "adtcore:language", "EN");
+            assertHasAttr(xml, "adtcore:responsible", "TESTUSER");
+        });
+    });
+    (0, vitest_1.describe)("PROG/P — Report", () => {
+        (0, vitest_1.it)("inclui programType executableProgram", async () => {
+            const buildPayload = await getBuildPayload();
+            const xml = buildPayload({ ...baseInput, object_type: "PROG/P" });
+            (0, vitest_1.expect)(xml).toContain("program:programType=\"executableProgram\"");
+            (0, vitest_1.expect)(xml).toContain("xmlns:program=");
+        });
+    });
+    (0, vitest_1.describe)("CLAS/OC — Classe", () => {
+        (0, vitest_1.it)("usa namespace class", async () => {
+            const buildPayload = await getBuildPayload();
+            const xml = buildPayload({ ...baseInput, object_type: "CLAS/OC" });
+            (0, vitest_1.expect)(xml).toContain("xmlns:class=");
+            (0, vitest_1.expect)(xml).toContain("class:abapClass");
+        });
+    });
+    (0, vitest_1.describe)("INTF/OI — Interface", () => {
+        (0, vitest_1.it)("usa namespace intf", async () => {
+            const buildPayload = await getBuildPayload();
+            const xml = buildPayload({ ...baseInput, object_type: "INTF/OI" });
+            (0, vitest_1.expect)(xml).toContain("xmlns:intf=");
+            (0, vitest_1.expect)(xml).toContain("intf:abapInterface");
+        });
+    });
+    (0, vitest_1.describe)("FUGR/F — Function Group", () => {
+        (0, vitest_1.it)("usa namespace group", async () => {
+            const buildPayload = await getBuildPayload();
+            const xml = buildPayload({ ...baseInput, object_type: "FUGR/F" });
+            (0, vitest_1.expect)(xml).toContain("xmlns:group=");
+            (0, vitest_1.expect)(xml).toContain("group:abapFunctionGroup");
+        });
+    });
+    (0, vitest_1.describe)("DDLS/DF — CDS View", () => {
+        (0, vitest_1.it)("usa namespace ddlSource", async () => {
+            const buildPayload = await getBuildPayload();
+            const xml = buildPayload({ ...baseInput, object_type: "DDLS/DF" });
+            (0, vitest_1.expect)(xml).toContain("xmlns:ddlSource=");
+            (0, vitest_1.expect)(xml).toContain("ddlSource:ddlSource");
+        });
+    });
+    (0, vitest_1.describe)("SRVD/SRV — Service Definition", () => {
+        (0, vitest_1.it)("inclui srvdSourceType S", async () => {
+            const buildPayload = await getBuildPayload();
+            const xml = buildPayload({ ...baseInput, object_type: "SRVD/SRV" });
+            (0, vitest_1.expect)(xml).toContain("srvdSource:srvdSourceType=\"S\"");
+        });
+    });
+    (0, vitest_1.describe)("SRVB/SVB — Service Binding", () => {
+        (0, vitest_1.it)("exige srvd_name", async () => {
+            const buildPayload = await getBuildPayload();
+            (0, vitest_1.expect)(() => buildPayload({ ...baseInput, object_type: "SRVB/SVB" }))
+                .toThrow("srvd_name é obrigatório");
+        });
+        (0, vitest_1.it)("gera XML com service definition e binding type padrão (ODATA V4 UI)", async () => {
+            const buildPayload = await getBuildPayload();
+            const xml = buildPayload({
+                ...baseInput,
+                object_type: "SRVB/SVB",
+                srvd_name: "ZSD_PEDIDOS",
+            });
+            assertValidXml(xml);
+            (0, vitest_1.expect)(xml).toContain("adtcore:name=\"ZSD_PEDIDOS\"");
+            (0, vitest_1.expect)(xml).toContain("adtcore:type=\"SRVD/SRV\"");
+            (0, vitest_1.expect)(xml).toContain("srvb:type=\"ODATA\"");
+            (0, vitest_1.expect)(xml).toContain("srvb:version=\"V4\"");
+            (0, vitest_1.expect)(xml).toContain("srvb:category=\"0\""); // UI = category 0
+        });
+        (0, vitest_1.it)("suporta binding_type WEB_API", async () => {
+            const buildPayload = await getBuildPayload();
+            const xml = buildPayload({
+                ...baseInput,
+                object_type: "SRVB/SVB",
+                srvd_name: "ZSD_PEDIDOS",
+                binding_type: "ODATA;V4;WEB_API",
+            });
+            (0, vitest_1.expect)(xml).toContain("srvb:category=\"1\""); // WEB_API = category 1
+        });
+        (0, vitest_1.it)("suporta binding_type V2", async () => {
+            const buildPayload = await getBuildPayload();
+            const xml = buildPayload({
+                ...baseInput,
+                object_type: "SRVB/SVB",
+                srvd_name: "ZSD_PEDIDOS",
+                binding_type: "ODATA;V2;UI",
+            });
+            (0, vitest_1.expect)(xml).toContain("srvb:version=\"V2\"");
+        });
+    });
+    (0, vitest_1.describe)("nome em uppercase", () => {
+        (0, vitest_1.it)("converte object_name para maiúsculas", async () => {
+            const buildPayload = await getBuildPayload();
+            const xml = buildPayload({
+                ...baseInput,
+                object_type: "PROG/P",
+                object_name: "ztest_lowercase",
+            });
+            assertHasAttr(xml, "adtcore:name", "ZTEST_LOWERCASE");
+            (0, vitest_1.expect)(xml).not.toContain("ztest_lowercase");
+        });
+    });
+    (0, vitest_1.describe)("package padrão $TMP", () => {
+        (0, vitest_1.it)("usa $TMP quando package não informado", async () => {
+            const buildPayload = await getBuildPayload();
+            const xml = buildPayload({
+                object_type: "PROG/P",
+                object_name: "ZTEST",
+                description: "Test",
+            });
+            assertHasPackage(xml, "$TMP");
+        });
+    });
+    (0, vitest_1.describe)("tipo não suportado", () => {
+        (0, vitest_1.it)("lança erro para tipo desconhecido", async () => {
+            const buildPayload = await getBuildPayload();
+            (0, vitest_1.expect)(() => buildPayload({ ...baseInput, object_type: "FAKE/XX" }))
+                .toThrow("não suportada");
+        });
+    });
+});