@linkup-ai/abap-ai 0.1.1 → 0.2.0

package/dist/tests/security-policy.test.js

@@ -0,0 +1,167 @@
+"use strict";
+/**
+ * Testes unitários para security-policy.ts — classificação de risco,
+ * validação de tools e enforcement de policy por ambiente.
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+const vitest_1 = require("vitest");
+const security_policy_js_1 = require("../security-policy.js");
+(0, vitest_1.describe)("getToolRisk", () => {
+    (0, vitest_1.it)("retorna READ para tools de leitura", () => {
+        (0, vitest_1.expect)((0, security_policy_js_1.getToolRisk)("abap_read")).toBe("READ");
+        (0, vitest_1.expect)((0, security_policy_js_1.getToolRisk)("abap_search")).toBe("READ");
+        (0, vitest_1.expect)((0, security_policy_js_1.getToolRisk)("abap_knowledge")).toBe("READ");
+    });
+    (0, vitest_1.it)("retorna WRITE para tools de escrita", () => {
+        (0, vitest_1.expect)((0, security_policy_js_1.getToolRisk)("abap_write")).toBe("WRITE");
+        (0, vitest_1.expect)((0, security_policy_js_1.getToolRisk)("abap_activate")).toBe("WRITE");
+        (0, vitest_1.expect)((0, security_policy_js_1.getToolRisk)("abap_git_pull")).toBe("WRITE");
+        (0, vitest_1.expect)((0, security_policy_js_1.getToolRisk)("abap_git_stage")).toBe("WRITE");
+    });
+    (0, vitest_1.it)("retorna CREATE para tools de criação", () => {
+        (0, vitest_1.expect)((0, security_policy_js_1.getToolRisk)("abap_create")).toBe("CREATE");
+        (0, vitest_1.expect)((0, security_policy_js_1.getToolRisk)("abap_scaffold_rap")).toBe("CREATE");
+        (0, vitest_1.expect)((0, security_policy_js_1.getToolRisk)("abap_create_dcl")).toBe("CREATE");
+    });
+    (0, vitest_1.it)("retorna ADMIN para operações bloqueadas permanentemente", () => {
+        (0, vitest_1.expect)((0, security_policy_js_1.getToolRisk)("abap_release_transport")).toBe("ADMIN");
+        (0, vitest_1.expect)((0, security_policy_js_1.getToolRisk)("abap_delete")).toBe("ADMIN");
+    });
+    (0, vitest_1.it)("lança erro para tool não classificada", () => {
+        (0, vitest_1.expect)(() => (0, security_policy_js_1.getToolRisk)("abap_inexistente_xyz"))
+            .toThrow("[SECURITY]");
+    });
+});
+(0, vitest_1.describe)("validateToolRiskMap", () => {
+    (0, vitest_1.it)("passa quando todas as tools estão classificadas", () => {
+        (0, vitest_1.expect)(() => (0, security_policy_js_1.validateToolRiskMap)(["abap_read", "abap_write", "abap_create"]))
+            .not.toThrow();
+    });
+    (0, vitest_1.it)("falha listando tools não classificadas", () => {
+        (0, vitest_1.expect)(() => (0, security_policy_js_1.validateToolRiskMap)(["abap_read", "tool_fake_1", "tool_fake_2"]))
+            .toThrow("2 tool(s)");
+    });
+    (0, vitest_1.it)("inclui nome da tool faltante na mensagem", () => {
+        (0, vitest_1.expect)(() => (0, security_policy_js_1.validateToolRiskMap)(["abap_read", "minha_tool_nova"]))
+            .toThrow("minha_tool_nova");
+    });
+});
+(0, vitest_1.describe)("checkToolAccess", () => {
+    (0, vitest_1.describe)("ambiente DEVELOPMENT", () => {
+        const policy = (0, security_policy_js_1.getDefaultPolicy)("DEVELOPMENT");
+        (0, vitest_1.it)("permite READ, WRITE, CREATE", () => {
+            (0, vitest_1.expect)((0, security_policy_js_1.checkToolAccess)("abap_read", policy).allowed).toBe(true);
+            (0, vitest_1.expect)((0, security_policy_js_1.checkToolAccess)("abap_write", policy).allowed).toBe(true);
+            (0, vitest_1.expect)((0, security_policy_js_1.checkToolAccess)("abap_create", policy).allowed).toBe(true);
+        });
+        (0, vitest_1.it)("bloqueia abap_release_transport SEMPRE", () => {
+            const result = (0, security_policy_js_1.checkToolAccess)("abap_release_transport", policy);
+            (0, vitest_1.expect)(result.allowed).toBe(false);
+            (0, vitest_1.expect)(result.reason).toContain("sempre bloqueado");
+        });
+        (0, vitest_1.it)("bloqueia abap_delete SEMPRE (mesmo em DEV)", () => {
+            const result = (0, security_policy_js_1.checkToolAccess)("abap_delete", policy);
+            (0, vitest_1.expect)(result.allowed).toBe(false);
+        });
+    });
+    (0, vitest_1.describe)("ambiente QUALITY", () => {
+        const policy = (0, security_policy_js_1.getDefaultPolicy)("QUALITY");
+        (0, vitest_1.it)("permite READ", () => {
+            (0, vitest_1.expect)((0, security_policy_js_1.checkToolAccess)("abap_read", policy).allowed).toBe(true);
+            (0, vitest_1.expect)((0, security_policy_js_1.checkToolAccess)("abap_search", policy).allowed).toBe(true);
+        });
+        (0, vitest_1.it)("bloqueia WRITE", () => {
+            const result = (0, security_policy_js_1.checkToolAccess)("abap_write", policy);
+            (0, vitest_1.expect)(result.allowed).toBe(false);
+            (0, vitest_1.expect)(result.reason).toContain("QUALITY");
+        });
+        (0, vitest_1.it)("bloqueia CREATE", () => {
+            (0, vitest_1.expect)((0, security_policy_js_1.checkToolAccess)("abap_create", policy).allowed).toBe(false);
+        });
+        (0, vitest_1.it)("bloqueia delete (ADMIN — bloqueado em TODOS os ambientes)", () => {
+            (0, vitest_1.expect)((0, security_policy_js_1.checkToolAccess)("abap_delete", policy).allowed).toBe(false);
+        });
+    });
+    (0, vitest_1.describe)("ambiente PRODUCTION", () => {
+        const policy = (0, security_policy_js_1.getDefaultPolicy)("PRODUCTION");
+        (0, vitest_1.it)("permite apenas READ", () => {
+            (0, vitest_1.expect)((0, security_policy_js_1.checkToolAccess)("abap_read", policy).allowed).toBe(true);
+        });
+        (0, vitest_1.it)("bloqueia tudo que não é READ", () => {
+            (0, vitest_1.expect)((0, security_policy_js_1.checkToolAccess)("abap_write", policy).allowed).toBe(false);
+            (0, vitest_1.expect)((0, security_policy_js_1.checkToolAccess)("abap_create", policy).allowed).toBe(false);
+            (0, vitest_1.expect)((0, security_policy_js_1.checkToolAccess)("abap_delete", policy).allowed).toBe(false);
+            (0, vitest_1.expect)((0, security_policy_js_1.checkToolAccess)("abap_git_stage", policy).allowed).toBe(false);
+            (0, vitest_1.expect)((0, security_policy_js_1.checkToolAccess)("abap_assign_transport", policy).allowed).toBe(false);
+        });
+        (0, vitest_1.it)("mensagem de bloqueio menciona PRODUTIVOS", () => {
+            const result = (0, security_policy_js_1.checkToolAccess)("abap_write", policy);
+            (0, vitest_1.expect)(result.reason).toContain("PRODUTIVO");
+        });
+    });
+});
+(0, vitest_1.describe)("checkTransportRequired", () => {
+    (0, vitest_1.it)("em DEV sem require_transport, não exige", () => {
+        const policy = (0, security_policy_js_1.getDefaultPolicy)("DEVELOPMENT");
+        (0, vitest_1.expect)((0, security_policy_js_1.checkTransportRequired)("abap_write", undefined, policy).allowed).toBe(true);
+    });
+    (0, vitest_1.it)("em QAS com require_transport, exige para WRITE", () => {
+        const policy = (0, security_policy_js_1.getDefaultPolicy)("QUALITY");
+        const result = (0, security_policy_js_1.checkTransportRequired)("abap_write", undefined, policy);
+        (0, vitest_1.expect)(result.allowed).toBe(false);
+        (0, vitest_1.expect)(result.reason).toContain("transport request");
+    });
+    (0, vitest_1.it)("em QAS com transport fornecido, permite", () => {
+        const policy = (0, security_policy_js_1.getDefaultPolicy)("QUALITY");
+        (0, vitest_1.expect)((0, security_policy_js_1.checkTransportRequired)("abap_write", "DEVK900123", policy).allowed).toBe(true);
+    });
+    (0, vitest_1.it)("READ nunca exige transport", () => {
+        const policy = (0, security_policy_js_1.getDefaultPolicy)("PRODUCTION");
+        (0, vitest_1.expect)((0, security_policy_js_1.checkTransportRequired)("abap_read", undefined, policy).allowed).toBe(true);
+    });
+});
+(0, vitest_1.describe)("loadPolicy — validação Zod", () => {
+    const originalEnv = { ...process.env };
+    (0, vitest_1.afterEach)(() => {
+        // Restaurar env
+        delete process.env.ABAP_AI_SECURITY_POLICY;
+        delete process.env.ABAP_AI_ENV_ROLE;
+    });
+    (0, vitest_1.it)("aceita policy válida via env var", () => {
+        process.env.ABAP_AI_SECURITY_POLICY = JSON.stringify({
+            environment_role: "PRODUCTION",
+        });
+        const policy = (0, security_policy_js_1.loadPolicy)();
+        (0, vitest_1.expect)(policy.environment_role).toBe("PRODUCTION");
+    });
+    (0, vitest_1.it)("rejeita environment_role com typo", () => {
+        process.env.ABAP_AI_SECURITY_POLICY = JSON.stringify({
+            environment_role: "PRODUCTON",
+        });
+        (0, vitest_1.expect)(() => (0, security_policy_js_1.loadPolicy)()).toThrow("[SECURITY]");
+        (0, vitest_1.expect)(() => (0, security_policy_js_1.loadPolicy)()).toThrow("environment_role");
+    });
+    (0, vitest_1.it)("rejeita campo desconhecido (strict mode)", () => {
+        process.env.ABAP_AI_SECURITY_POLICY = JSON.stringify({
+            environment_role: "DEVELOPMENT",
+            campo_invalido: true,
+        });
+        (0, vitest_1.expect)(() => (0, security_policy_js_1.loadPolicy)()).toThrow("[SECURITY]");
+    });
+    (0, vitest_1.it)("rejeita max_preview_rows negativo", () => {
+        process.env.ABAP_AI_SECURITY_POLICY = JSON.stringify({
+            max_preview_rows: -5,
+        });
+        (0, vitest_1.expect)(() => (0, security_policy_js_1.loadPolicy)()).toThrow("[SECURITY]");
+    });
+    (0, vitest_1.it)("rejeita allowed_levels com valor inválido", () => {
+        process.env.ABAP_AI_SECURITY_POLICY = JSON.stringify({
+            allowed_levels: ["READ", "SUPER_ADMIN"],
+        });
+        (0, vitest_1.expect)(() => (0, security_policy_js_1.loadPolicy)()).toThrow("[SECURITY]");
+    });
+    (0, vitest_1.it)("usa default DEVELOPMENT quando nenhuma config existe", () => {
+        const policy = (0, security_policy_js_1.loadPolicy)();
+        (0, vitest_1.expect)(policy.environment_role).toBe("DEVELOPMENT");
+    });
+});

package/dist/tool-handler.js

@@ -0,0 +1,80 @@
+"use strict";
+/**
+ * Tool handler wrapper — elimina boilerplate de try/catch + securityGuard
+ * em todas as 55 tool registrations.
+ *
+ * Uso:
+ *   server.tool("abap_read", description, schema, toolHandler("abap_read", async (args) => {
+ *     return await abapRead(args);
+ *   }));
+ *
+ * O wrapper automaticamente:
+ * 1. Chama securityGuard() e retorna erro se bloqueado
+ * 2. Executa o handler
+ * 3. Wrapa o resultado em { content: [{ type: "text", text }] }
+ * 4. Captura erros e retorna mensagem amigável
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.securityGuard = securityGuard;
+exports.toolHandler = toolHandler;
+const security_policy_js_1 = require("./security-policy.js");
+const security_audit_js_1 = require("./security-audit.js");
+/**
+ * Verifica se uma tool pode ser executada sob a security policy atual.
+ * Retorna null se permitido, ou uma resposta de erro MCP se bloqueado.
+ */
+function securityGuard(toolName, transportRequest) {
+    const policy = (0, security_policy_js_1.getPolicy)();
+    const riskLevel = (0, security_policy_js_1.getToolRisk)(toolName);
+    const accessCheck = (0, security_policy_js_1.checkToolAccess)(toolName, policy);
+    if (!accessCheck.allowed) {
+        (0, security_audit_js_1.auditBlocked)(toolName, riskLevel, policy.environment_role, accessCheck.reason || "policy");
+        return {
+            content: [{ type: "text", text: accessCheck.reason || `Tool ${toolName} bloqueada.` }],
+            isError: true,
+        };
+    }
+    const transportCheck = (0, security_policy_js_1.checkTransportRequired)(toolName, transportRequest, policy);
+    if (!transportCheck.allowed) {
+        (0, security_audit_js_1.auditBlocked)(toolName, riskLevel, policy.environment_role, transportCheck.reason || "transport required");
+        return {
+            content: [{ type: "text", text: transportCheck.reason || `Transport request obrigatório.` }],
+            isError: true,
+        };
+    }
+    (0, security_audit_js_1.auditAllowed)(toolName, riskLevel, policy.environment_role);
+    return null;
+}
+/**
+ * Wrapper para tool handlers.
+ *
+ * @param toolName — nome da tool para securityGuard
+ * @param fn — handler que recebe args e retorna string (resultado) ou McpResult
+ * @param opts — opções: transportField = nome do campo com transport_request nos args
+ */
+function toolHandler(toolName, fn, opts) {
+    return async (args) => {
+        // Security guard
+        const transportRequest = opts?.transportField
+            ? args[opts.transportField]
+            : undefined;
+        const blocked = securityGuard(toolName, transportRequest);
+        if (blocked)
+            return blocked;
+        // Execute handler
+        try {
+            const result = await fn(args);
+            if (typeof result === "string") {
+                return { content: [{ type: "text", text: result }] };
+            }
+            return result;
+        }
+        catch (error) {
+            const message = error instanceof Error ? error.message : String(error);
+            return {
+                content: [{ type: "text", text: `Erro em ${toolName}: ${message}` }],
+                isError: true,
+            };
+        }
+    };
+}

package/dist/tools/activate.js

@@ -7,11 +7,33 @@ function parseActivationResponse(xml) {
     const executed = /activationExecuted="true"/.test(xml);
     const checked = /checkExecuted="true"/.test(xml);
     const messages = [];
+    // Formato 1: <chkl:message type="E"><chkl:shortText>...</chkl:shortText>
     const msgRegex = /<chkl:message[^>]*type="([^"]*)"[^>]*>[\s\S]*?<chkl:shortText[^>]*>([\s\S]*?)<\/chkl:shortText>[\s\S]*?(?:<chkl:uri[^>]*line="(\d+)")?/g;
     let match;
     while ((match = msgRegex.exec(xml)) !== null) {
         messages.push({ type: match[1], text: match[2].trim(), line: match[3] });
     }
+    // Formato 2: <msg type="E" line="1"><shortText><txt>...</txt></shortText></msg>
+    if (messages.length === 0) {
+        const msgAltRegex = /<msg[^>]*type="([^"]*)"[^>]*line="(\d+)"[^>]*>[\s\S]*?<txt>([^<]+)<\/txt>/g;
+        while ((match = msgAltRegex.exec(xml)) !== null) {
+            messages.push({ type: match[1], text: match[3].trim(), line: match[2] });
+        }
+    }
+    // Formato 3: <message>...</message> (exception genérica SAP)
+    if (messages.length === 0) {
+        const excRegex = /<(?:exc:)?message[^>]*>([^<]+)<\/(?:exc:)?message>/gi;
+        while ((match = excRegex.exec(xml)) !== null) {
+            messages.push({ type: "E", text: match[1].trim() });
+        }
+    }
+    // Formato 4: <shortText>...</shortText> sem <msg> wrapper
+    if (messages.length === 0) {
+        const shortRegex = /<shortText>(?:<txt>)?([^<]+)(?:<\/txt>)?<\/shortText>/gi;
+        while ((match = shortRegex.exec(xml)) !== null) {
+            messages.push({ type: "E", text: match[1].trim() });
+        }
+    }
     // Se não executou check nem ativação e não há erros → objeto já estava ativo
     const alreadyActive = !executed && !checked && messages.length === 0;
     return { success: executed || alreadyActive, alreadyActive, messages };
@@ -32,14 +54,15 @@ async function abapActivate(input) {
         },
         params: { method: "activate", preauditRequested: "true" },
         responseType: "text",
-        // Aceita 200 (ativação OK) e 400 (erros de sintaxe) — sem isso, axios rejeita non-2xx
-        // e o erro pode não ser propagado corretamente pelo MCP SDK
-        validateStatus: (status) => status === 200 || status === 400,
+        // Aceita qualquer status < 500 para parsear mensagens de erro do SAP
+        validateStatus: (status) => status < 500,
     });
     const { success, alreadyActive, messages } = parseActivationResponse(response.data);
     if (!success) {
         const errors = messages.map((m) => `[${m.type}]${m.line ? ` linha ${m.line}` : ""}: ${m.text}`).join("\n");
-        throw new Error(`Ativação falhou:\n${errors || "Erro desconhecido — verifique o código"}`);
+        const rawBody = typeof response.data === "string" ? response.data.substring(0, 500) : "";
+        const fallback = rawBody ? `\nResposta SAP (HTTP ${response.status}):\n${rawBody}` : "";
+        throw new Error(`Ativação falhou:\n${errors || `Erro desconhecido (HTTP ${response.status})${fallback}`}`);
     }
     if (alreadyActive) {
         return `Objeto ${object_name.toUpperCase()} já estava ativo — nenhuma ação necessária.`;

package/dist/tools/create.js

@@ -1,6 +1,7 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.abapCreateTool = void 0;
+exports.buildPayload = buildPayload;
 exports.abapCreate = abapCreate;
 const adt_client_js_1 = require("../adt-client.js");
 // Content-Types para criação — S/4HANA (v2/v3) com fallback para ECC (v1)
@@ -24,6 +25,7 @@ const CONTENT_TYPE = {
 const PROGRAM_TYPE = {
     "PROG/P": "executableProgram",
 };
+/** @internal Exported for testing */
 function buildPayload(input) {
     const { object_type, object_name, description, package: pkg = "$TMP", srvd_name, binding_type = "ODATA;V4;UI" } = input;
     const name = object_name.toUpperCase();

package/dist/tools/delete.js

@@ -1,12 +1,16 @@
 "use strict";
+/**
+ * abap_delete — BLOQUEADO permanentemente.
+ *
+ * Decisão de produto: exclusão de objetos ABAP não é suportada pelo LKPABAP.ia.
+ * Operação destrutiva demais para ser executada via IA.
+ * Use SE80 (SAP GUI) ou Eclipse ADT para excluir objetos.
+ *
+ * Este arquivo é mantido apenas para evitar erros de import em código legado.
+ */
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.abapDeleteObject = abapDeleteObject;
-const adt_client_js_1 = require("../adt-client.js");
-async function abapDeleteObject(input) {
-    const { object_type, object_name, transport_request } = input;
-    const name = object_name.toUpperCase();
-    const adtPath = (0, adt_client_js_1.resolveAdtPath)(object_type);
-    const objectPath = `/${adtPath}/${name}`;
-    await (0, adt_client_js_1.adtLockAndDelete)(objectPath, transport_request);
-    return `Objeto ${name} (${object_type}) excluído com sucesso.`;
+async function abapDeleteObject() {
+    throw new Error("abap_delete está permanentemente bloqueado no LKPABAP.ia. "
+        + "Use SE80 no SAP GUI ou Eclipse ADT para excluir objetos.");
 }

package/dist/tools/execute.js

@@ -0,0 +1,112 @@
+"use strict";
+/**
+ * abap_execute — executa um programa ABAP via ICF handler do Security Agent.
+ *
+ * Chama POST /sap/z/lkpai/guard/exec com o nome do programa.
+ * O handler ABAP faz SUBMIT ... EXPORTING LIST TO MEMORY, captura o output
+ * e retorna como texto.
+ *
+ * Requer: ICF handler /sap/z/lkpai/guard ativado no SICF.
+ * Restrição: apenas programas Z* e Y* (namespace cliente).
+ */
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.abapExecute = abapExecute;
+const adt_client_js_1 = require("../adt-client.js");
+const SAP_URL = process.env.SAP_URL ?? "";
+const SAP_USER = process.env.SAP_USER ?? "";
+const SAP_PASS = process.env.SAP_PASS ?? "";
+const SAP_CLIENT = process.env.SAP_CLIENT ?? "100";
+async function abapExecute(input) {
+    const { program_name, variant } = input;
+    // Garantir sessão ADT ativa (para CSRF se necessário)
+    await (0, adt_client_js_1.ensureSession)();
+    const nativeHttps = await Promise.resolve().then(() => __importStar(require("https")));
+    const nativeHttp = await Promise.resolve().then(() => __importStar(require("http")));
+    const url = new URL(`${SAP_URL}/sap/z/lkpai/guard/exec`);
+    url.searchParams.set("sap-client", SAP_CLIENT);
+    const body = JSON.stringify({
+        program: program_name.toUpperCase(),
+        variant: variant || "",
+    });
+    const transport = url.protocol === "https:" ? nativeHttps : nativeHttp;
+    const response = await new Promise((resolve, reject) => {
+        const req = transport.request({
+            hostname: url.hostname,
+            port: url.port || (url.protocol === "https:" ? 443 : 80),
+            path: url.pathname + url.search,
+            method: "POST",
+            headers: {
+                Authorization: "Basic " + Buffer.from(`${SAP_USER}:${SAP_PASS}`).toString("base64"),
+                "Content-Type": "application/json",
+                Accept: "application/json",
+            },
+            rejectUnauthorized: false,
+            timeout: 60000, // programas podem demorar
+        }, (res) => {
+            let data = "";
+            res.on("data", (chunk) => (data += chunk));
+            res.on("end", () => resolve({ status: res.statusCode || 0, body: data }));
+        });
+        req.on("error", reject);
+        req.on("timeout", () => { req.destroy(); reject(new Error("Timeout (60s)")); });
+        req.write(body);
+        req.end();
+    });
+    if (response.status === 404) {
+        throw new Error("ICF handler /sap/z/lkpai/guard não está ativado neste sistema.\n"
+            + "Peça ao BASIS para ativar o serviço no SICF:\n"
+            + "  SICF → /sap/z/lkpai/guard → Ativar\n"
+            + "  Handler: ZCL_LKP_AI_ICF_HANDLER");
+    }
+    // Parsear resposta JSON
+    try {
+        const result = JSON.parse(response.body);
+        if (result.error) {
+            throw new Error(result.error);
+        }
+        if (result.success) {
+            const output = (result.output || "").replace(/\\n/g, "\n");
+            return `Programa ${result.program} executado com sucesso.\n\n--- Output ---\n${output}`;
+        }
+        throw new Error(`Resposta inesperada (HTTP ${response.status}): ${response.body.substring(0, 300)}`);
+    }
+    catch (e) {
+        if (e instanceof SyntaxError) {
+            throw new Error(`Resposta não-JSON do SAP (HTTP ${response.status}): ${response.body.substring(0, 300)}`);
+        }
+        throw e;
+    }
+}

package/dist/tools/transports.js

@@ -43,7 +43,8 @@ async function abapListTransports(input) {
 async function abapAssignTransport(input) {
     const { transport_request, object_type, object_name } = input;
     const adtPath = (0, adt_client_js_1.resolveAdtPath)(object_type);
-    const objectUri = `/sap/bc/adt/${adtPath}/${object_name.toUpperCase()}`;
+    const objectPath = `/${adtPath}/${object_name.toUpperCase()}`; // relativo ao baseURL (para http.post)
+    const objectUri = `/sap/bc/adt/${adtPath}/${object_name.toUpperCase()}`; // absoluto (para XML refs)
     const csrf = await (0, adt_client_js_1.ensureSession)();
     // Endpoint correto: POST /cts/transportchecks com o URI do objeto
     // Retorna os transportes candidatos. Se transport_request é fornecido,
@@ -75,14 +76,14 @@ async function abapAssignTransport(input) {
     // Fallback: se transportchecks não aceita corrNr, tentar via lock com corrNr
     // (padrão ADT — lock do objeto atribui ao transporte automaticamente)
     if (response.status === 404 || response.status === 400) {
-        const lockResp = await adt_client_js_1.http.post(objectUri, null, {
+        const lockResp = await adt_client_js_1.http.post(objectPath, null, {
             headers: { "X-CSRF-Token": csrf },
             params: { _action: "LOCK", accessMode: "MODIFY", corrNr: transport_request },
             validateStatus: (s) => s >= 200 && s < 500,
         });
         if (lockResp.status >= 200 && lockResp.status < 300) {
             // Unlock imediatamente — o lock já atribuiu o objeto ao transporte
-            await adt_client_js_1.http.post(objectUri, null, {
+            await adt_client_js_1.http.post(objectPath, null, {
                 headers: { "X-CSRF-Token": csrf },
                 params: { _action: "UNLOCK" },
                 validateStatus: () => true,

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@linkup-ai/abap-ai",
-  "version": "0.1.1",
+  "version": "0.2.0",
   "description": "LKPABAP.ai — AI-powered ABAP development tools for SAP S/4HANA via ADT REST API",
   "main": "dist/index.js",
   "bin": {
@@ -28,7 +28,7 @@
     "copilot"
   ],
   "scripts": {
-    "build": "tsc && rm -rf dist/knowledge && cp -r src/knowledge dist/knowledge",
+    "build": "tsc && rm -rf dist/knowledge && cp -r src/knowledge dist/knowledge && rm -rf dist/abap && cp -r src/abap dist/abap",
     "start": "node dist/index.js",
     "dev": "tsc --watch",
     "prepublishOnly": "npm run build",
@@ -36,7 +36,9 @@
     "release:patch": "npm version patch && npm publish",
     "release:minor": "npm version minor && npm publish",
     "release:next": "npm version prerelease --preid=next && npm publish --tag next",
-    "promote:next": "npm dist-tag add @linkup-ai/abap-ai@$(node -p \"require('./package.json').version\") latest"
+    "promote:next": "npm dist-tag add @linkup-ai/abap-ai@$(node -p \"require('./package.json').version\") latest",
+    "test": "vitest run",
+    "test:watch": "vitest"
   },
   "dependencies": {
     "@modelcontextprotocol/sdk": "^1.0.0",
@@ -49,6 +51,7 @@
     "@types/node": "^22.0.0",
     "@types/prompts": "^2.4.9",
     "@types/tough-cookie": "^4.0.5",
-    "typescript": "^5.7.0"
+    "typescript": "^5.7.0",
+    "vitest": "^3.2.4"
   }
 }