@mcpher/gas-fakes 2.1.1 → 2.2.1

package/.claspignore

@@ -3,4 +3,4 @@ run.js
 node_modules/
 package.json
 package-lock.json
-.gemini/
+.gemini/gasmess/

package/README.md

@@ -1,8 +1,10 @@
 # <img src="./logo.png" alt="gas-fakes logo" width="50" align="top"> Run Native Apps Script code anywhere with gas-fakes
 
-I use clasp/antigravity to develop Google Apps Script (GAS) applications, but when using GAS native services, there's way too much back and forwards to the GAS IDE going while testing. I set myself the ambition of implementing a fake version of the GAS runtime environment on Node so I could at least do some testing and debugging of Apps Scripts locally on Node.
+## Google Apps Script, meet Local Development. 
 
-This is a proof of concept so I've implemented a growing subset of number of services and methods. There are a rigorous set of tests for all emulated classes and methods to make sure the same code produces the same result on both Node and Apps Script. Please report any inconsistencies in the issues of this repo.
+gas-fakes is a powerful emulation layer that lets you run Apps Script projects on Node.js as if they were native. By translating GAS service calls into granular Google API requests, it provides a secure, high-speed sandbox for local debugging and automated testing.
+
+Built for the modern stack, it features plug-and-play containerization—allowing you to package your scripts as portable microservices or isolated workers. Coupled with automated identity management, gas-fakes handles the heavy lifting of OAuth and credential cycling, enabling your scripts to act on behalf of users or service accounts without manual intervention. It’s the missing link for building robust, scalable Google Workspace automations and AI-driven workflows.
 
 
 ## Getting started as a package user
@@ -30,44 +32,24 @@ gas-fakes  -s "const files=DriveApp.getRootFolder().searchFiles('title contains
 
 For details see [gas fakes cli](gas-fakes-cli.md)
 
-### Settings
-
-The optional `gasfakes.json` file holds various location and behavior parameters for your local Node environment. It is not required on GAS, as you can't change anything over there. If you don't provide this file, `gas-fakes` will create one for you with sensible defaults.
-
-```json
-{
-  "manifest": "./appsscript.json",
-  "clasp": "./.clasp.json",
-  "documentId": null,
-  "cache": "/tmp/gas-fakes/cache",
-  "properties": "/tmp/gas-fakes/properties",
-  "scriptId": "a-unique-id-for-your-local-project"
-}
-```
-
-| property   | type   | default                          | description                                                                                                                                                                                                                                                                              |
-| ---------- | ------ | -------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
-| manifest   | string | ./appsscript.json                | the manifest path and name relative to your main module                                                                                                                                                                                                                                  |
-| clasp      | string | ./clasp.json                     | where to look for an optional clasp file                                                                                                                                                                                                                                                 |
-| documentId | string | null                             | a bound document id. This will allow testing of container bound script. The documentId will become your activeDocument (for the appropriate service)                                                                                                                                     |
-| cache      | string | /tmp/gas-fakes/cache             | gas-fakes uses a local file to emulate apps script's CacheService. This is where it should put the files                                                                                                                                                                                 |
-| properties | string | /tmp/gas-fakes/properties        | gas-fakes uses a local file to emulate apps script's PropertiesService. This is where it should put the files. You may want to put it somewhere other than /tmp to avoid accidental deletion, but don't put it in a place that'll get commited to public git repo                        |
-| scriptId   | string | from clasp, or some random value | If you have a clasp file, it'll pick up the scriptId from there. If not you can enter your scriptId manually, or just leave it to create a fake one. It's use for the moment is to return something useful from ScriptApp.getScriptId() and to partition the cache and properties stores |
-
-### Troubleshooting: Missing Environment Tags
+### Configuration
 
-If you see a warning or error like `Project '...' lacks an 'environment' tag`, it means your Google Cloud Organization has a policy requiring projects to be designated with an environment tag (e.g., `Development`, `Production`).
+Configuration for your local Node environment is handled via environment variables, typically stored in a `.env` file and managed by the `gas-fakes init` process.
 
-To resolve this, you need to bind an environment tag to your project. Replace `YOUR_ORG_ID` and `YOUR_PROJECT_ID` with your actual identifiers:
+| Environment Variable | Default | Description |
+|---|---|---|
+| `GF_MANIFEST_PATH` | `./appsscript.json` | Path to the `appsscript.json` manifest file. |
+| `GF_CLASP_PATH` | `./.clasp.json` | Path to the `.clasp.json` file. |
+| `GF_SCRIPT_ID` | from clasp, or random | Discovered from `.clasp.json` or generated as a random UUID during `gas-fakes init`. Used for `ScriptApp.getScriptId()` and partitioning stores. |
+| `GF_DOCUMENT_ID` | `null` | A bound document ID for testing container-bound scripts. |
+| `GF_CACHE_PATH` | `/tmp/gas-fakes/cache` | Path for `CacheService` local file emulation. |
+| `GF_PROPERTIES_PATH` | `/tmp/gas-fakes/properties` | Path for `PropertiesService` local file emulation. |
+| `GF_PLATFORM_AUTH` | `google` | Comma-separated list of backends to initialize (`google`, `ksuite`). |
+| `AUTH_TYPE` | `dwd` | Google auth type: `dwd` (Domain-Wide Delegation) or `adc` (Application Default Credentials). |
+| `LOG_DESTINATION` | `CONSOLE` | Logging destination: `CONSOLE`, `CLOUD`, `BOTH`, or `NONE`. |
+| `STORE_TYPE` | `FILE` | Internal storage type for properties/cache: `FILE` (local) or `UPSTASH` (Redis). |
 
-```bash
-# Bind the 'Development' environment tag to your project
-gcloud resource-manager tags bindings create \
-  --tag-value=YOUR_ORG_ID/environment/Development \
-  --parent=//cloudresourcemanager.googleapis.com/projects/YOUR_PROJECT_ID
-```
 
-*Note: The tag key `environment` and the value `Development` must already exist at the organization level. If they don't, you (or your admin) will need to create them first using `gcloud resource-manager tags keys create` and `gcloud resource-manager tags values create`.*
 
 ### Cloud Logging Integration
 
@@ -123,7 +105,7 @@ If you have used Logging to cloud, you can get a link to the log data like this.
 console.log ('....example cloud log link for this session',Logger.__cloudLogLink)
 ```
 
-It contains a cloud logging query that will display any logging done in this session - the filter is based on the scriptId (from gasfakes.json), the projectId and userId (from Auth), as well as the start and end time of the session. 
+It contains a cloud logging query that will display any logging done in this session - the filter is based on the scriptId (from the environment), the projectId and userId (from Auth), as well as the start and end time of the session. 
 
 #### A note on .env location
 
@@ -147,6 +129,20 @@ Logger.__logDestination="BOTH"
 
 Do whichever one suits you best.
 
+### Troubleshooting: Missing Environment Tags
+
+If you see a warning or error like `Project '...' lacks an 'environment' tag`, it means your Google Cloud Organization has a policy requiring projects to be designated with an environment tag (e.g., `Development`, `Production`). 
+
+You can ignore this, but you can resolve it if you want to keep things tidy.  You need to bind an environment tag to your project. Replace `YOUR_ORG_ID` and `YOUR_PROJECT_ID` with your actual identifiers:
+```bash
+# Bind the 'Development' environment tag to your project
+gcloud resource-manager tags bindings create \
+  --tag-value=YOUR_ORG_ID/environment/Development \
+  --parent=//cloudresourcemanager.googleapis.com/projects/YOUR_PROJECT_ID
+```
+
+*Note: The tag key `environment` and the value `Development` must already exist at the organization level. If they don't, you (or your admin) will need to create them first using `gcloud resource-manager tags keys create` and `gcloud resource-manager tags values create`.*
+
 ### Pushing files to GAS
 
 There are a couple of syntactical differences between Node and Apps Script. Not in the body of the code but in how the IDE executes. The 2 main ones are
@@ -170,9 +166,12 @@ As I mentioned earlier, to take this further, I'm going to need a lot of help to
 - [gas fakes cli](gas-fakes-cli.md)
 - [ksuite poc](ksuite_poc.md)
 - [apps script - a lingua franca for workspace platforms](https://ramblings.mcpher.com/apps-script-a-lingua-franca/)
+- [Apps Script: A ‘Lingua Franca’ for the Multi-Cloud Era](https://ramblings.mcpher.com/apps-script-with-ksuite/)
 - [running gas-fakes on google cloud run](https://github.com/brucemcpherson/gas-fakes-containers)
 - [running gas-fakes on google kubernetes engine](https://github.com/brucemcpherson/gas-fakes-containers)
 - [running gas-fakes on Amazon AWS lambda](https://github.com/brucemcpherson/gas-fakes-containers)
+- [running gas-fakes on Azure ACA](https://github.com/brucemcpherson/gas-fakes-containers)
+- [Yes – you can run native apps script code on Azure ACA as well!](https://ramblings.mcpher.com/yes-you-can-run-native-apps-script-code-on-azure-aca-as-well/)
 - [Yes – you can run native apps script code on AWS Lambda!](https://ramblings.mcpher.com/apps-script-on-aws-lambda/)
 - [initial idea and thoughts](https://ramblings.mcpher.com/a-proof-of-concept-implementation-of-apps-script-environment-on-node/)
 - [Inside the volatile world of a Google Document](https://ramblings.mcpher.com/inside-the-volatile-world-of-a-google-document/)

package/package.json

@@ -3,8 +3,10 @@
     "node": ">=20.11.0"
   },
   "dependencies": {
+    "@azure/identity": "^4.13.0",
     "@mcpher/fake-gasenum": "^1.0.6",
     "@mcpher/gas-flex-cache": "^1.1.5",
+    "@microsoft/microsoft-graph-client": "^3.0.7",
     "@modelcontextprotocol/sdk": "^1.26.0",
     "@sindresorhus/is": "^7.2.0",
     "acorn": "^8.15.0",
@@ -39,7 +41,7 @@
   },
   "name": "@mcpher/gas-fakes",
   "author": "bruce mcpherson",
-  "version": "2.1.1",
+  "version": "2.2.1",
   "license": "MIT",
   "main": "main.js",
   "description": "An implementation of the Google Workspace Apps Script runtime: Run native App Script Code on Node and Cloud Run",

package/src/cli/app.js

@@ -32,11 +32,6 @@ export async function main() {
       "A string containing the Google Apps Script."
     )
     .option("-e, --env <path>", "Path to a custom .env file.", "./.env")
-    .option(
-      "-g, --gfsettings <path>",
-      "Path to a gasfakes.json settings file.",
-      "./gasfakes.json"
-    )
     .option("-x, --sandbox", "Run the script in a basic sandbox.")
     .option(
       "-w, --whitelistRead <string>",
@@ -70,7 +65,7 @@ export async function main() {
       null
     )
     .action(async (options) => {
-      const { filename, script, env, gfsettings } = options;
+      const { filename, script, env } = options;
 
       // If no script provided and no sub-command matched, show help
       if (!filename && !script) {
@@ -94,10 +89,6 @@ export async function main() {
         dotenv.config({ path: envPath, quiet: true });
       }
 
-      const settingsPath = path.resolve(process.cwd(), gfsettings);
-      console.log(`...using gasfakes settings file in ${settingsPath}`);
-      process.env.GF_SETTINGS_PATH = settingsPath;
-
       const sandboxConfig = buildSandboxConfig(options);
       const useSandbox = !!options.sandbox || !!sandboxConfig;
 
@@ -124,7 +115,6 @@ export async function main() {
         display: options.display,
         useSandbox,
         sandboxConfig,
-        gfSettings: settingsPath,
         args,
         gas_library,
       });

package/src/cli/executor.js

@@ -156,7 +156,6 @@ export async function executeGasScript(options) {
     filename,
     script,
     display,
-    gfSettings,
     useSandbox,
     sandboxConfig,
     args,
@@ -181,12 +180,6 @@ export async function executeGasScript(options) {
     );
   }
 
-  Object.defineProperty(globalThis, "settingsPath", {
-    value: gfSettings,
-    writable: true,
-    configurable: true,
-  });
-
   if (gas_library && gas_library.length > 0) {
     const libs = gas_library.reduce((ar, { identifier, libScript }) => {
       if (mainScript.includes(identifier)) {

package/src/cli/setup.js

@@ -3,11 +3,36 @@ import dotenv from "dotenv";
 import fs from "fs";
 import path from "path";
 import os from "os";
+import { randomUUID } from "node:crypto";
 import { execSync } from "child_process";
 import { checkForGcloudCli, runCommandSync } from "./utils.js";
 
 // --- Utility Functions ---
 
+/**
+ * Retrieves the scriptId and its source.
+ * @returns {{scriptId: string, source: string}}
+ */
+function getScriptIdInfo() {
+  if (process.env.GF_SCRIPT_ID) {
+    return { scriptId: process.env.GF_SCRIPT_ID, source: "env (GF_SCRIPT_ID)" };
+  }
+
+  const claspPath = process.env.GF_CLASP_PATH || "./.clasp.json";
+  if (fs.existsSync(claspPath)) {
+    try {
+      const clasp = JSON.parse(fs.readFileSync(claspPath, "utf8"));
+      if (clasp.scriptId) {
+        return { scriptId: clasp.scriptId, source: `clasp (${claspPath})` };
+      }
+    } catch (e) {
+      // Ignore parsing errors
+    }
+  }
+
+  return { scriptId: "not set (will be random at runtime)", source: "none" };
+}
+
 /**
  * Recursively searches for .env files starting from a directory.
  * @param {string} dir - Start directory
@@ -118,7 +143,80 @@ export async function initializeConfiguration(options = {}) {
   if (typeof platforms === "string") platforms = platforms.split(",");
   responses.GF_PLATFORM_AUTH = platforms.join(",");
 
-  // --- Step 2: Google Workspace Configuration ---
+  // --- Step 2: Gas-Fakes Behavior Configuration ---
+  console.log("\n--- Configuring Gas-Fakes paths and behavior ---");
+  const gasFakesQuestions = [
+    {
+      type: "text",
+      name: "GF_MANIFEST_PATH",
+      message: "Path to appsscript.json",
+      initial: existingConfig.GF_MANIFEST_PATH || "./appsscript.json",
+    },
+    {
+      type: "text",
+      name: "GF_CLASP_PATH",
+      message: "Path to .clasp.json",
+      initial: existingConfig.GF_CLASP_PATH || "./.clasp.json",
+    },
+    {
+      type: "text",
+      name: "GF_SCRIPT_ID",
+      message: (prev, values) => {
+        const claspPath = values.GF_CLASP_PATH || "./.clasp.json";
+        let hint = "";
+        if (fs.existsSync(claspPath)) {
+          try {
+            const clasp = JSON.parse(fs.readFileSync(claspPath, "utf8"));
+            if (clasp.scriptId) {
+              hint = ` (found in ${claspPath}: ${clasp.scriptId})`;
+            }
+          } catch (e) {}
+        }
+        if (!hint && !existingConfig.GF_SCRIPT_ID) {
+          hint = " (no ID found; a random one will be generated)";
+        }
+        return `Script ID (optional, overrides .clasp.json)${hint}`;
+      },
+      initial: (prev, values) => {
+        if (existingConfig.GF_SCRIPT_ID) return existingConfig.GF_SCRIPT_ID;
+        const claspPath = values.GF_CLASP_PATH || "./.clasp.json";
+        if (fs.existsSync(claspPath)) {
+          try {
+            const clasp = JSON.parse(fs.readFileSync(claspPath, "utf8"));
+            if (clasp.scriptId) return clasp.scriptId;
+          } catch (e) {}
+        }
+        return randomUUID();
+      },
+    },
+    {
+      type: "text",
+      name: "GF_DOCUMENT_ID",
+      message: "Document ID (optional, for container-bound scripts)",
+      initial: existingConfig.GF_DOCUMENT_ID || "",
+    },
+    {
+      type: "text",
+      name: "GF_CACHE_PATH",
+      message: "Cache storage path",
+      initial: existingConfig.GF_CACHE_PATH || "/tmp/gas-fakes/cache",
+    },
+    {
+      type: "text",
+      name: "GF_PROPERTIES_PATH",
+      message: "Properties storage path",
+      initial: existingConfig.GF_PROPERTIES_PATH || "/tmp/gas-fakes/properties",
+    }
+  ];
+
+  const gasFakesResponses = await prompts(gasFakesQuestions);
+  if (typeof gasFakesResponses.GF_MANIFEST_PATH === "undefined") {
+    console.log("Initialization cancelled.");
+    return;
+  }
+  Object.assign(responses, gasFakesResponses);
+
+  // --- Step 3: Google Workspace Configuration ---
   if (platforms.includes("google")) {
     console.log("\n--- Configuring Google Workspace backend ---");
 
@@ -146,18 +244,18 @@ export async function initializeConfiguration(options = {}) {
     }
 
     // Discover Scopes from appsscript.json
-    const manifestPath = path.resolve(process.cwd(), "appsscript.json");
+    const manifestPath = path.resolve(process.cwd(), responses.GF_MANIFEST_PATH);
     let manifestScopes = [];
     if (fs.existsSync(manifestPath)) {
       try {
         const manifest = JSON.parse(fs.readFileSync(manifestPath, "utf8"));
         manifestScopes = manifest.oauthScopes || [];
-        console.log(`...discovered ${manifestScopes.length} scopes in appsscript.json`);
+        console.log(`...discovered ${manifestScopes.length} scopes in ${responses.GF_MANIFEST_PATH}`);
       } catch (err) {
-        console.warn("...warning: failed to parse appsscript.json. Using default scopes only.");
+        console.warn(`...warning: failed to parse ${responses.GF_MANIFEST_PATH}. Using default scopes only.`);
       }
     } else {
-      console.log("...appsscript.json not found. Using default scopes only.");
+      console.log(`${responses.GF_MANIFEST_PATH} not found. Using default scopes only.`);
     }
 
     const DEFAULT_SCOPES_VALUES = [
@@ -184,9 +282,9 @@ export async function initializeConfiguration(options = {}) {
         initial: existingConfig.GOOGLE_SERVICE_ACCOUNT_NAME || "gas-fakes-sa",
       },
       {
-        type: responses.AUTH_TYPE === "adc" ? "text" : null,
+        type: "text",
         name: "CLIENT_CREDENTIAL_FILE",
-        message: "Enter path to OAuth client credentials JSON (optional, required for restricted scopes)",
+        message: "Enter path to OAuth client credentials JSON (optional, required for restricted scopes with ADC)",
         initial: existingConfig.CLIENT_CREDENTIAL_FILE || "",
       }
     ];
@@ -199,7 +297,7 @@ export async function initializeConfiguration(options = {}) {
     Object.assign(responses, googleResponses);
   }
 
-  // --- Step 3: Infomaniak KSuite Configuration ---
+  // --- Step 4: Infomaniak KSuite Configuration ---
   if (platforms.includes("ksuite")) {
     console.log("\n--- Configuring Infomaniak KSuite backend ---");
     const ksuiteQuestions = [
@@ -224,7 +322,7 @@ export async function initializeConfiguration(options = {}) {
     Object.assign(responses, ksuiteResponses);
   }
 
-  // --- Step 4: Shared Remaining Config ---
+  // --- Step 5: Shared Remaining Config ---
   const remainingQuestions = [
     {
       type: "toggle",
@@ -335,6 +433,9 @@ export async function authenticateUser(options = {}) {
   }
   dotenv.config({ path: envPath, quiet: true });
 
+  const { scriptId, source } = getScriptIdInfo();
+  console.log(`...using scriptId: ${scriptId} (source: ${source})`);
+
   let platforms = (process.env.GF_PLATFORM_AUTH || "google").split(",");
   
   // If specific backend requested via CLI, only auth that one
@@ -363,6 +464,7 @@ export async function authenticateUser(options = {}) {
       
       const {
         GOOGLE_CLOUD_PROJECT,
+        GCP_PROJECT_ID,
         DEFAULT_SCOPES,
         EXTRA_SCOPES,
         CLIENT_CREDENTIAL_FILE,
@@ -371,9 +473,9 @@ export async function authenticateUser(options = {}) {
         GOOGLE_SERVICE_ACCOUNT_NAME
       } = process.env;
 
-      const projectId = GOOGLE_CLOUD_PROJECT;
+      const projectId = GOOGLE_CLOUD_PROJECT || GCP_PROJECT_ID;
       if (!projectId) {
-        console.error("Error: GOOGLE_CLOUD_PROJECT is not set.");
+        console.error("Error: Project ID not set. Please run 'gas-fakes init' first.");
         continue;
       }
 
@@ -387,33 +489,38 @@ export async function authenticateUser(options = {}) {
       const driveAccessFlag = "--enable-gdrive-access";
       const activeConfig = AC || "default";
 
-      if (AUTH_TYPE === "adc") {
-        let clientFlag = "";
-        if (CLIENT_CREDENTIAL_FILE) {
-          const clientPath = path.resolve(process.cwd(), CLIENT_CREDENTIAL_FILE);
-          if (fs.existsSync(clientPath)) clientFlag = `--client-id-file="${clientPath}"`;
-        }
-
-        console.log("Revoking previous ADC credentials...");
-        try { execSync("gcloud auth application-default revoke --quiet", { stdio: "ignore", shell: true }); } catch (e) {}
+      // --- Common Google Login (Normal Auth Dialog) ---
+      console.log("Revoking previous user credentials...");
+      try { execSync("gcloud auth revoke --quiet", { stdio: "ignore", shell: true }); } catch (e) {}
+      try { execSync("gcloud auth application-default revoke --quiet", { stdio: "ignore", shell: true }); } catch (e) {}
 
-        console.log(`Setting up gcloud config: ${activeConfig}`);
-        try { execSync(`gcloud config configurations describe "${activeConfig}"`, { stdio: "ignore", shell: true }); } 
-        catch (e) { runCommandSync(`gcloud config configurations create "${activeConfig}"`); }
-        runCommandSync(`gcloud config configurations activate "${activeConfig}"`);
-        
-        runCommandSync(`gcloud config set project ${projectId}`);
-        runCommandSync(`gcloud config set billing/quota_project ${projectId}`);
-        
-        console.log("Logging in...");
-        runCommandSync(`gcloud auth login ${driveAccessFlag}`);
-        
-        console.log("Setting up ADC...");
-        runCommandSync(`gcloud auth application-default login --scopes="${scopes}" ${clientFlag}`);
-        runCommandSync(`gcloud auth application-default set-quota-project ${projectId}`);
+      console.log(`Setting up gcloud config: ${activeConfig}`);
+      try { execSync(`gcloud config configurations describe "${activeConfig}"`, { stdio: "ignore", shell: true }); } 
+      catch (e) { runCommandSync(`gcloud config configurations create "${activeConfig}"`); }
+      runCommandSync(`gcloud config configurations activate "${activeConfig}"`);
+      
+      runCommandSync(`gcloud config set project ${projectId}`);
+      runCommandSync(`gcloud config set billing/quota_project ${projectId}`);
+      
+      console.log("Initiating user login...");
+      runCommandSync(`gcloud auth login ${driveAccessFlag}`);
+      
+      let clientFlag = "";
+      if (CLIENT_CREDENTIAL_FILE) {
+        const clientPath = path.resolve(process.cwd(), CLIENT_CREDENTIAL_FILE);
+        if (fs.existsSync(clientPath)) {
+          console.log(`...using client credentials from ${clientPath}`);
+          clientFlag = `--client-id-file="${clientPath}"`;
+        }
       }
 
+      console.log("Setting up Application Default Credentials (ADC)...");
+      runCommandSync(`gcloud auth application-default login --scopes="${scopes}" ${clientFlag}`);
+      runCommandSync(`gcloud auth application-default set-quota-project ${projectId}`);
+
+      // --- DWD Specific Setup (if configured) ---
       if (AUTH_TYPE === "dwd") {
+        console.log("\n--- Performing Domain-Wide Delegation (DWD) Setup ---");
         const current_user = execSync("gcloud config get-value account", { shell: true }).toString().trim();
         const sa_email = `${GOOGLE_SERVICE_ACCOUNT_NAME}@${projectId}.iam.gserviceaccount.com`;
         
@@ -446,7 +553,7 @@ export async function authenticateUser(options = {}) {
 }
 
 /**
- * Handles the 'enableAPIs' command to enable or disable necessary Google Cloud services based on options.
+ * Handles the 'enableAPIs' command to enable or disable required Google Cloud services based on options.
  * @param {object} options Options object provided by commander.js.
  */
 export function enableGoogleAPIs(options) {

package/src/index.js

@@ -1,4 +1,5 @@
 import './support/env-loader.js';
+import './services/stores/app.js'
 import './services/scriptapp/app.js'
 import './services/driveapp/app.js'
 import './services/logger/app.js'
@@ -27,5 +28,3 @@ import './services/slidesapp/app.js'
 import './services/mimetype/app.js'
 import './services/lock/app.js'
 import './services/libhandlerapp/app.js'
-// should be last
-import './services/stores/app.js'

package/src/services/documentapp/fakedocumentapp.js

@@ -74,7 +74,7 @@ class FakeDocumentApp {
     return this.openById(match[1]);
   }
   /**
-   * note that this in gas-fakes uses the documentId from gasfakes.json config file
+   * note that this in gas-fakes uses the GF_DOCUMENT_ID from the environment
    * Returns the document to which the script is container-bound. To interact with document to which the script is not container-bound, use openById(id) or openByUrl(url) instead.
    * @returns {Document}
    */

package/src/services/documentapp/nrhelpers.js

@@ -25,11 +25,13 @@ export const getCurrentNr = (data) => {
     .filter(key => key.startsWith(shadowPrefix))
     .reduce((p, c) => {
       // strangly there's another level of .namedRanges property
-      if (data.namedRanges[c].namedRanges.length !== 1) {
-        // TODO I dont know if this true yet we'll need to investigate
-        throw new Error(`expected only 1 nr match but got ${data.namedRanges[c].namedRanges.length}`)
+      const nrs = data.namedRanges[c].namedRanges;
+      if (nrs.length > 1) {
+        // This can happen if a batchUpdate retries due to timeout but the first attempt actually succeeded.
+        // The duplicates will be automatically cleaned up by the caller (makeElementMap).
+        process.stderr.write(`...warning: found ${nrs.length} named ranges for ${c} - duplicates will be cleaned up\n`);
       }
-      data.namedRanges[c].namedRanges.forEach(r => {
+      nrs.forEach(r => {
         p.push(r)
       })
       return p

package/src/services/formapp/fakeformitem.js

@@ -114,9 +114,7 @@ export class FakeFormItem {
   }
 
   getId() {
-    const resource = this.__resource;
-    const hexId = resource.questionItem?.question?.questionId || this.__itemId;
-    return Utils.fromHex(hexId);
+    return Utils.fromHex(this.__itemId);
   }
 
   getIndex() {

package/src/services/scriptapp/app.js

@@ -59,7 +59,7 @@ const limitMode = (mode) => {
 const requireAllScopes = (mode) => {
   limitMode(mode)
   ensureInit()
-  return checkScopesMatch(Array.from(Auth.getAuthedScopes().keys()))
+  return checkScopesMatch(Array.from(Auth.getAuthedScopes()))
 }
 
 /**
@@ -86,11 +86,28 @@ const checkScopesMatch = (required) => {
   ensureInit()
   const scopes = Auth.getTokenScopes()
 
+  // console.log('...DEBUG: scopes type:', typeof scopes, 'content:', scopes);
+
   // now we're syncronous all the way
-  const tokened = new Set((typeof scopes === 'string' ? scopes : "").split(" "))
+  // normalize tokened scopes by removing trailing slashes. 
+  // Handle both space and comma separation.
+  let scopeList = [];
+  if (Array.isArray(scopes)) {
+    scopeList = scopes;
+  } else if (typeof scopes === 'string') {
+    scopeList = scopes.split(/[ ,]/);
+  } else if (scopes && typeof scopes === 'object') {
+    // If it's a non-null object, maybe it's serializable but has a toString?
+    scopeList = String(scopes).split(/[ ,]/);
+  }
+
+  const tokened = new Set(scopeList.map(s => s.trim().replace(/\/$/, "")).filter(s => s))
 
   // see which ones are missing
   const missing = required.filter(s => {
+    // normalized required scope
+    const ns = s.trim().replace(/\/$/, "")
+
     // setting this scope causes gcloud to block
     // seem to manage without them anyway
     const ignores = [
@@ -99,13 +116,19 @@ const checkScopesMatch = (required) => {
       "https://www.googleapis.com/auth/presentations",
       "https://www.googleapis.com/auth/forms"
     ]
-    const hasIgnore = ignores.includes(s)
+    const hasIgnore = ignores.some(i => i.replace(/\/$/, "") === ns)
     if (hasIgnore) {
       slogger.warn('...ignoring requested scope for adc as google blocks it outside apps script' + s)
     }
-    // if drive is authorized and drive.readonly is required that's okay too
-    // if drive.readonly is authorized and drive is requested thats not
-    return !(hasIgnore || tokened.has(s.replace(/\.readonly$/, "")))
+    
+    // a scope is satisfied if:
+    // 1. It is explicitly in the tokened set
+    // 2. It is a .readonly scope AND the base scope is in the tokened set (e.g. drive satisfy drive.readonly)
+    
+    const baseNs = ns.replace(/\.readonly$/, "")
+    const isSatisfied = tokened.has(ns) || (ns.endsWith(".readonly") && tokened.has(baseNs))
+    
+    return !(hasIgnore || isSatisfied)
   })
 
   if (missing.length) {
@@ -178,6 +201,9 @@ if (typeof globalThis[name] === typeof undefined) {
         __proxies: Proxies,
         get __registeredServices() {
           return Proxies.getRegisteredServices()
+        },
+        get __loadedServices() {
+          return Proxies.getLoadedServices()
         }
       }
       
@@ -200,6 +226,12 @@ if (typeof globalThis[name] === typeof undefined) {
   const handler = {
     get(_, prop, receiver) {
       if (prop === 'isFake') return true;
+      
+      // BRIDGE: Inform LoadedRegistry about ScriptApp being loaded
+      if (prop !== '__behavior' && prop !== '__proxies') {
+         Proxies.__addLoaded(name);
+      }
+
       const app = getApp(prop);
       return Reflect.get(app, prop, receiver);
     },
@@ -216,4 +248,6 @@ if (typeof globalThis[name] === typeof undefined) {
     writable: false,
   });
 
+  // Manually add ScriptApp to service registry
+  Proxies.__addService(name);
 }

package/src/services/scriptapp/behavior.js

@@ -268,10 +268,38 @@ class FakeBehavior {
     this.__idWhitelist = null
 
     // individually settable services
-    const services = ScriptApp.__registeredServices
-    this.__sandboxService = {}
-    services.forEach(f => this.__sandboxService[f] = newFakeSandboxService(this, f))
-
+    // BRIDGE: Use a Proxy to dynamically handle services, even those registered later
+    this.__sandboxService = new Proxy({}, {
+      get: (target, name) => {
+        if (typeof name !== 'string' || name.startsWith('__')) return target[name]
+        
+        // EXCLUSION: CacheService and PropertiesService are NOT intended to be sandboxed
+        if (name === 'CacheService' || name === 'PropertiesService') return undefined;
+
+        if (!target[name]) {
+          target[name] = newFakeSandboxService(this, name)
+        }
+        return target[name]
+      },
+      ownKeys: (target) => {
+        // When asked for keys, ensure all registered services are present in the target
+        if (globalThis.ScriptApp?.__registeredServices) {
+          globalThis.ScriptApp.__registeredServices.forEach(s => {
+            // EXCLUSION: CacheService and PropertiesService are NOT intended to be sandboxed
+            if (s !== 'CacheService' && s !== 'PropertiesService' && !target[s]) {
+               target[s] = newFakeSandboxService(this, s)
+            }
+          })
+        }
+        return Reflect.ownKeys(target)
+      },
+      getOwnPropertyDescriptor: (target, name) => {
+        if (typeof name === 'string' && !name.startsWith('__') && name !== 'CacheService' && name !== 'PropertiesService' && !target[name]) {
+           target[name] = newFakeSandboxService(this, name)
+        }
+        return Reflect.getOwnPropertyDescriptor(target, name)
+      }
+    })
   }
   newIdWhitelistItem(id) {
     return newFakeIdWhitelistItem(id)
@@ -352,7 +380,7 @@ class FakeBehavior {
   }
   resetGmail() {
     this.__createdGmailIds.clear();
-    this.__allowedGmailIds.clear();
+    this.__allowedIds.clear();
     return this;
   }
   resetCalendar() {

package/src/services/spreadsheetapp/fakespreadsheetapp.js

@@ -35,7 +35,7 @@ export const newFakeSpreadsheetApp = (...args) => {
  */
 export class FakeSpreadsheetApp {
   constructor() {
-    // in the context of gas-fakes we start with the activespreadsheet being the one mentioned in gasfakes.json
+    // in the context of gas-fakes we start with the activespreadsheet being the one mentioned in the environment (GF_DOCUMENT_ID)
     this.__activeSpreadsheet = null
     const enumProps = [
       "AutoFillSeries", //	AutoFillSeries	An enumeration of the types of series used to calculate auto-filled values.

package/src/services/stores/app.js

@@ -19,22 +19,18 @@ let _cacheApp = null
 /**
  * @returns {FakeService}
  */
-const registerApp = (_app, name, kind) => {
-  if (typeof globalThis[name] === typeof undefined) {
-
-
-    const getApp = () => {
-      // if it hasnt been intialized yet then do that
-      if (!_app) {
-        _app = newFakeService(kind)
-      }
-      // this is the actual driveApp we'll return from the proxy
-      return _app
+const registerApp = (name, kind) => {
+  let instance = null;
+  const getApp = () => {
+    // if it hasnt been intialized yet then do that
+    if (!instance) {
+      instance = newFakeService(kind)
     }
-    Proxies.registerProxy(name, getApp)
+    // this is the actual driveApp we'll return from the proxy
+    return instance
   }
+  Proxies.registerProxy(name, getApp)
 }
 
-_propertiesApp = registerApp(_propertiesApp, 'PropertiesService', 'PROPERTIES')
-_cacheApp = registerApp(_cacheApp, 'CacheService', 'CACHE')
-
+registerApp('PropertiesService', 'PROPERTIES')
+registerApp('CacheService', 'CACHE')

package/src/services/xmlservice/app.js

@@ -4,6 +4,7 @@ import { Proxies } from '../../support/proxies.js';
 import { FakeDocument } from './fakedocument.js';
 import { FakeElement } from './fakeelement.js';
 import { FakeNamespace } from './fakenamespace.js';
+import { FakeFormat } from './fakeformat.js';
 
 /**
  * Parses the given XML string and returns a Document object.
@@ -42,6 +43,22 @@ const getNamespace = (prefix, uri) => {
   return new FakeNamespace(prefix, uri);
 };
 
+/**
+ * Returns a Format object for pretty printing.
+ * @return {FakeFormat} The format object.
+ */
+const getPrettyFormat = () => {
+  return new FakeFormat({ pretty: true });
+};
+
+/**
+ * Returns a Format object for raw output.
+ * @return {FakeFormat} The format object.
+ */
+const getRawFormat = () => {
+  return new FakeFormat({ pretty: false });
+};
+
 // Singleton app object
 let _app = null;
 
@@ -52,6 +69,8 @@ if (typeof globalThis[name] === typeof undefined) {
       _app = {
         parse,
         getNamespace,
+        getPrettyFormat,
+        getRawFormat,
         toString: () => name
       };
     }

package/src/services/xmlservice/fakeformat.js

@@ -0,0 +1,53 @@
+import { XMLBuilder } from 'fast-xml-parser';
+
+/**
+ * Fake Format class for XmlService
+ */
+export class FakeFormat {
+  constructor(options = {}) {
+    this._options = options;
+  }
+
+  /**
+   * Formats the given document as an XML string.
+   * @param {FakeDocument} document The document to format.
+   * @return {string} The formatted XML string.
+   */
+  format(document) {
+    if (!document || typeof document.getRootElement !== 'function') {
+      throw new Error("XmlService: Invalid document provided to format().");
+    }
+
+    const root = document.getRootElement();
+    const builderOptions = {
+      ignoreAttributes: false,
+      attributeNamePrefix: "@_",
+      textNodeName: "#text",
+      format: this._options.pretty || false,
+      indentBy: this._options.pretty ? "  " : "",
+      suppressEmptyNode: false // GAS usually outputs <tag></tag> or <tag/>? Actually GAS uses <tag/> for empty elements usually.
+    };
+
+    const builder = new XMLBuilder(builderOptions);
+
+    // Construct the object for building
+    // We access the internal _data property of FakeElement
+    const data = {
+      [root.getQualifiedName()]: root._data
+    };
+
+    let xml = builder.build(data);
+
+    // GAS adds XML declaration followed by a line separator (\r\n)
+    const declaration = '<?xml version="1.0" encoding="UTF-8"?>\r\n';
+
+    if (this._options.pretty) {
+      // GAS pretty format uses \r\n and has a newline after declaration
+      // XMLBuilder uses \n, so we replace it.
+      return declaration + xml.replace(/\n/g, '\r\n') + '\r\n';
+    } else {
+      // Raw format - declaration, compact XML, and trailing newline
+      return declaration + xml + '\r\n';
+    }
+  }
+}

package/src/support/auth.js

@@ -67,13 +67,17 @@ const setTokenScopes = (scopes, platform = _platform) => {
 const getTokenScopes = () => {
   const id = _getIdentity();
   if (id.tokenScopes) return id.tokenScopes;
-  if (_platform === 'ksuite') return ""; // KSuite doesn't use standard OAuth scopes in same way
+  if (_platform === 'ksuite') return ""; 
   
-  // Google fallback
-  return getAccessTokenInfo().then(info => {
-    id.tokenScopes = info.tokenInfo.scope;
-    return id.tokenScopes;
-  });
+  // If we have an authClient, we might be able to discover them
+  if (id.authClient) {
+    return getAccessTokenInfo().then(info => {
+      id.tokenScopes = info.tokenInfo.scope;
+      return id.tokenScopes;
+    });
+  }
+  
+  return "";
 };
 
 const getHashedUserId = () =>
@@ -219,6 +223,12 @@ const setAuth = async (scopes = [], mcpLoading = false) => {
         return { access_token: token };
       };
 
+      dwdClient.invalidateToken = function () {
+        this._token = null;
+        this._expiresAt = 0;
+        this.credentials = { access_token: 'dummy' };
+      };
+
       id.authClient = dwdClient
     }
   } catch (error) {
@@ -290,8 +300,17 @@ export const responseSyncify = (result) => {
 
 // Helper to populate identity from sxInit response
 const setIdentity = (platform, data) => {
+  if (!data) return;
+  // slogger.warn(`...DEBUG: Auth.setIdentity for platform=${platform}. data keys=${Object.keys(data).join(',')}`);
   const id = _getIdentity(platform);
   Object.assign(id, data);
+  // slogger.warn(`...DEBUG: Auth.setIdentity result for platform=${platform}. id.tokenScopes=${id.tokenScopes}`);
+};
+
+const getAuthedScopes = () => {
+  const id = _getIdentity('google');
+  const scopes = id.tokenScopes || "";
+  return new Set((typeof scopes === 'string' ? scopes : "").split(" ").filter(s => s));
 };
 
 export const Auth = {
@@ -305,6 +324,7 @@ export const Auth = {
   getUserId,
   getAccessToken,
   getTokenScopes,
+  getAuthedScopes,
   getScriptId,
   getDocumentId,
   setSettings,

package/src/support/proxies.js

@@ -134,4 +134,7 @@ export const Proxies = {
   guard,
   blanketProxy,
   getRegisteredServices: () => Array.from(serviceRegistry),
-}
+  getLoadedServices: () => Array.from(loadedRegistry),
+  __addService: (name) => serviceRegistry.add(name),
+  __addLoaded: (name) => loadedRegistry.add(name),
+}

package/src/support/sxauth.js

@@ -15,17 +15,16 @@ import { KSuiteDrive } from './ksuite/kdrive.js';
 let _loggedSummary = false;
 
 /**
- * initialize ke stuff at the beginning such as manifest content and settings
+ * initialize key stuff at the beginning such as manifest content and settings
  * @param {object} p pargs
- * @param {string} p.manifestPath where to finfd the manifest by default
- * @param {string} p.authPath import the auth code 
+ * @param {string} p.manifestPath where to find the manifest by default
  * @param {string} p.claspPath where to find the clasp file by default
  * @param {string} p.settingsPath where to find the settings file
  * @param {string} p.cachePath the cache files
  * @param {string} p.propertiesPath the properties file location
  * @param {string} p.fakeId a fake script id to use if one isnt in the settings
  * @param {string[]} [p.platformAuth] list of platforms to authenticate
- * @return {object} the finalized vesions of all the above 
+ * @return {object} the finalized versions of all the above 
  */
 export const sxInit = async ({ manifestPath, claspPath, settingsPath, cachePath, propertiesPath, fakeId, platformAuth }) => {
 
@@ -34,6 +33,7 @@ export const sxInit = async ({ manifestPath, claspPath, settingsPath, cachePath,
 
   // get a file and parse if it exists
   const getIfExists = async (file) => {
+    if (!file) return {};
     try {
       const content = await readFile(file, { encoding: 'utf8' })
       return JSON.parse(content)
@@ -42,30 +42,21 @@ export const sxInit = async ({ manifestPath, claspPath, settingsPath, cachePath,
     }
   }
 
-  const settingsDir = path.dirname(settingsPath)
-  const _settings = await getIfExists(settingsPath)
-  const settings = { ..._settings }
+  const manifestFile = process.env.GF_MANIFEST_PATH || manifestPath;
+  const claspFile = process.env.GF_CLASP_PATH || claspPath;
 
-  settings.manifest = settings.manifest || manifestPath
-  settings.clasp = settings.clasp || claspPath
   const [manifest, clasp] = await Promise.all([
-    getIfExists(path.resolve(settingsDir, settings.manifest)),
-    getIfExists(path.resolve(settingsDir, settings.clasp))
+    getIfExists(manifestFile),
+    getIfExists(claspFile)
   ])
 
-  settings.scriptId = settings.scriptId || clasp.scriptId || fakeId
-  settings.documentId = settings.documentId || null
-  settings.cache = settings.cache || cachePath
-  settings.properties = settings.properties || propertiesPath
-
-  const strSet = JSON.stringify(settings, null, 2)
-  if (JSON.stringify(_settings, null, 2) !== strSet) {
-    try {
-      await mkdir(settingsDir, { recursive: true })
-      await writeFile(settingsPath, strSet, { flag: 'w' })
-    } catch (err) {
-      syncWarn(`...unable to write settings file: ${err}`)
-    }
+  const settings = {
+    manifest: manifestFile,
+    clasp: claspFile,
+    scriptId: process.env.GF_SCRIPT_ID || clasp.scriptId || fakeId,
+    documentId: process.env.GF_DOCUMENT_ID || null,
+    cache: process.env.GF_CACHE_PATH || cachePath,
+    properties: process.env.GF_PROPERTIES_PATH || propertiesPath
   }
 
   const identities = {};
@@ -73,6 +64,9 @@ export const sxInit = async ({ manifestPath, claspPath, settingsPath, cachePath,
   // --- Google Auth Block ---
   if (platforms.includes('google') || platforms.includes('workspace')) {
     try {
+      // Ensure platform is set for info discovery
+      Auth.setPlatform('google');
+
       const scopes = manifest.oauthScopes || []
       const mandatoryScopes = [
         "openid",
@@ -105,7 +99,7 @@ export const sxInit = async ({ manifestPath, claspPath, settingsPath, cachePath,
         activeUser,
         effectiveUser,
         projectId: Auth.getProjectId(),
-        tokenScopes: effectiveInfo.tokenInfo.scopes,
+        tokenScopes: effectiveInfo.tokenInfo.scopes || effectiveInfo.tokenInfo.scope,
         authMethod: Auth.getAuthMethod('google')
       };
 
@@ -125,6 +119,7 @@ export const sxInit = async ({ manifestPath, claspPath, settingsPath, cachePath,
       syncWarn("ksuite requested in platformAuth but KSUITE_TOKEN is missing from environment.");
     } else {
       try {
+        Auth.setPlatform('ksuite');
         const kDrive = new KSuiteDrive(kToken);
         const accountId = await kDrive.getAccountId();
         
@@ -152,6 +147,10 @@ export const sxInit = async ({ manifestPath, claspPath, settingsPath, cachePath,
     }
   }
 
+  // Restore default platform context based on authorized backends
+  const defaultPlatform = platforms[0] === 'google' ? 'workspace' : platforms[0];
+  Auth.setPlatform(defaultPlatform);
+
   // Final Summary Report (Concise, single instance)
   if (!_loggedSummary) {
     const summary = Object.keys(identities).map(p => {
@@ -166,7 +165,9 @@ export const sxInit = async ({ manifestPath, claspPath, settingsPath, cachePath,
     }).join(', ');
     
     if (summary) {
+      const scriptIdSource = process.env.GF_SCRIPT_ID ? 'env' : (clasp.scriptId ? 'clasp' : 'random');
       syncLog(`...authorized backends: ${summary}`);
+      syncLog(`...using scriptId: ${settings.scriptId} (source: ${scriptIdSource})`);
       _loggedSummary = true;
     }
   }

package/src/support/sxretry.js

@@ -36,7 +36,7 @@ export const sxRetry = async (Auth, tag, func, options = {}) => {
       response = err.response;
     }
 
-    const redoCodes = [429, 500, 503, 408, 401];
+    const redoCodes = [429, 500, 502, 503, 408, 401];
     const networkErrorCodes = [
       'ETIMEDOUT',
       'ECONNRESET',

package/src/support/syncit.js

@@ -23,7 +23,6 @@ import { callSync } from "./workersync/synchronizer.js";
 
 const manifestDefaultPath = "./appsscript.json";
 const claspDefaultPath = "./.clasp.json";
-const settingsDefaultPath = process.env.GF_SETTINGS_PATH || "./gasfakes.json";
 const propertiesDefaultPath = "/tmp/gas-fakes/properties";
 const cacheDefaultPath = "/tmp/gas-fakes/cache";
 
@@ -271,18 +270,16 @@ const fxUnzipper = ({ blob }) => {
  * initialize all the stuff at the beginning such as manifest content and settings
  * and register them all in Auth object for future reference
  * @param {object} p pargs
- * @param {string} p.manifestPath where to finfd the manifest by default
+ * @param {string} p.manifestPath where to find the manifest by default
  * @param {string} p.claspPath where to find the clasp file by default
- * @param {string} p.settingsPath where to find the settings file
  * @param {string} p.cachePath the cache files
  * @param {string} p.propertiesPath the properties file location
  * @param {string[]} [p.platformAuth] list of platforms to authenticate
- * @return {object} the finalized vesions of all the above
+ * @return {object} the finalized versions of all the above
  */
 export const fxInit = ({
   manifestPath = manifestDefaultPath,
   claspPath = claspDefaultPath,
-  settingsPath = settingsDefaultPath,
   cachePath = cacheDefaultPath,
   propertiesPath = propertiesDefaultPath,
   platformAuth
@@ -296,7 +293,6 @@ export const fxInit = ({
   // because this is all run in a synced subprocess it's not an async result
   const synced = callSync("sxInit", {
     claspPath: resolve(claspPath),
-    settingsPath: resolve(settingsPath),
     manifestPath: resolve(manifestPath),
     mainDir,
     cachePath,
@@ -317,9 +313,12 @@ export const fxInit = ({
   Auth.setClasp(clasp);
   Auth.setManifest(manifest);
   
+  // console.log(`...DEBUG: fxInit identities received keys=${Object.keys(identities || {}).join(',')}`);
+
   // Populate all identities
   if (identities) {
     Object.keys(identities).forEach(p => {
+      // console.log(`...DEBUG: fxInit populating identity for ${p}. scopes=${identities[p].tokenScopes}`);
       Auth.setIdentity(p, identities[p]);
     });
   }

package/gasfakes.json

@@ -1,8 +0,0 @@
-{
-  "manifest": "./appsscript.json",
-  "clasp": "./.clasp.json",
-  "scriptId": "28780abe-aaec-4526-a0bf-9d5c104c68b8",
-  "documentId": "1h9IGIShgVBVUrUjjawk5MaCEQte_7t32XeEP1Z5jXKQ",
-  "cache": "/tmp/gas-fakes/cache",
-  "properties": "/tmp/gas-fakes/properties"
-}