@xano/xanoscript-language-server 11.6.1 → 11.6.2

package/.claude/settings.local.json

@@ -6,7 +6,8 @@
       "Bash(node --input-type=module -e:*)",
       "Bash(git checkout:*)",
       "Bash(ls:*)",
-      "Bash(npm run lint:*)"
+      "Bash(npm run lint:*)",
+      "Bash(grep:*)"
     ]
   }
 }

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@xano/xanoscript-language-server",
-  "version": "11.6.1",
+  "version": "11.6.2",
   "description": "Language Server Protocol implementation for XanoScript",
   "type": "module",
   "main": "server.js",

package/parser/functions/controls/switchCaseFn.js

@@ -11,6 +11,7 @@ import {
 export function switchCaseFn($) {
   return () => {
     $.sectionStack.push("switchCaseFn");
+    $.SUBRULE($.optionalCommentBlockFn);
     $.CONSUME(CaseToken); // "case"
     $.CONSUME(LParent); // "("
     $.SUBRULE($.expressionFn);

package/parser/functions/controls/switchFn.spec.js

@@ -101,4 +101,18 @@ describe("switchFn", () => {
     }`);
     expect(parser.errors).to.not.be.empty;
   });
+
+  it("switchFn accepts comments on case", () => {
+    const parser = parse(`switch ("myvar") {
+          // a comment for this case
+          case (1) break
+        
+          default {
+            debug.stop {
+              value = "do something"
+            }
+          }
+        }`);
+    expect(parser.errors).to.be.empty;
+  });
 });

package/parser/functions/varFn.js

@@ -18,6 +18,7 @@ import {
   TenantVariable,
   WebflowVariable,
 } from "../../lexer/variables.js";
+import { isBlacklistedVariableName } from "../generic/assignableVariableProperty.js";
 
 /**
  * represent $var.x or $x, the only format accepting an assigment
@@ -54,6 +55,16 @@ export function varFn($) {
             { ALT: () => $.CONSUME(WebflowVariable) },
           ]);
           if (variable.image) {
+            // Check for blacklisted variable names
+            const nameWithoutPrefix = variable.image.startsWith("$")
+              ? variable.image.slice(1)
+              : variable.image;
+            if (isBlacklistedVariableName(nameWithoutPrefix)) {
+              $.addInvalidValueError(
+                variable,
+                `'${variable.image}' is a reserved variable name and should not be used as a variable.`,
+              );
+            }
             // we can directly add the variable here but
             // not necessary for the `assignableVariableProperty` below
             // which will add it on its own

package/parser/functions/varFn.spec.js

@@ -191,4 +191,105 @@ describe("varFn", () => {
     }`);
     expect(parser.errors).to.be.empty;
   });
+
+  // Blacklisted variable names - these conflict with built-in variables
+  // Some are blocked at lexer level (separate tokens), others at parser level
+  describe("blacklisted variable names", () => {
+    // These are lexed as ShortFormVariable and need explicit blacklisting
+    const shortFormBlacklisted = ["output", "db", "toolset"];
+
+    for (const name of shortFormBlacklisted) {
+      it(`rejects var $${name} as variable name (short form)`, () => {
+        const parser = parse(`var $${name} {
+          value = "test"
+        }`);
+        expect(parser.errors).to.not.be.empty;
+        expect(parser.errors[0].message).to.include("reserved");
+      });
+
+      it(`rejects var.update $${name} as variable name (short form)`, () => {
+        const parser = parse(`var.update $${name} {
+          value = "test"
+        }`);
+        expect(parser.errors).to.not.be.empty;
+        expect(parser.errors[0].message).to.include("reserved");
+      });
+    }
+
+    // These are separate tokens and already rejected by the parser
+    const separateTokenBlacklisted = [
+      "auth",
+      "input",
+      "env",
+      "response",
+      "error",
+      "this",
+    ];
+
+    for (const name of separateTokenBlacklisted) {
+      it(`rejects var $${name} as variable name (separate token)`, () => {
+        const parser = parse(`var $${name} {
+          value = "test"
+        }`);
+        if (parser.errors.length === 0) {
+          console.log(parser.errors, name);
+        }
+        expect(parser.errors).to.not.be.empty;
+      });
+
+      it(`rejects var.update $${name} as variable name (separate token)`, () => {
+        const parser = parse(`var.update $${name} {
+          value = "test"
+        }`);
+        expect(parser.errors).to.not.be.empty;
+      });
+    }
+
+    // $var is the LongFormVariable prefix, parser expects a dot after it
+    it("rejects var $var as variable name (long form prefix)", () => {
+      const parser = parse(`var $var {
+        value = "test"
+      }`);
+      expect(parser.errors).to.not.be.empty;
+    });
+
+    // All blacklisted names should be rejected in long form via var.update
+    const allBlacklisted = [
+      "auth",
+      "input",
+      "env",
+      "response",
+      "output",
+      "var",
+      "db",
+      "error",
+      "toolset",
+      "this",
+    ];
+
+    for (const name of allBlacklisted) {
+      it(`rejects var.update $var.${name} as variable name (long form)`, () => {
+        const parser = parse(`var.update $var.${name} {
+          value = "test"
+        }`);
+        expect(parser.errors).to.not.be.empty;
+        expect(parser.errors[0].message).to.include("reserved");
+      });
+    }
+
+    // Ensure valid names still work
+    it("accepts var $user as variable name", () => {
+      const parser = parse(`var $user {
+        value = "test"
+      }`);
+      expect(parser.errors).to.be.empty;
+    });
+
+    it("accepts var $my_input as variable name", () => {
+      const parser = parse(`var $my_input {
+        value = "test"
+      }`);
+      expect(parser.errors).to.be.empty;
+    });
+  });
 });

package/parser/generic/asVariable.spec.js

@@ -34,4 +34,80 @@ describe("asVariable", () => {
     const parser = parse("as $$clients");
     expect(parser.errors).to.not.be.empty;
   });
+
+  // Blacklisted variable names - these conflict with built-in variables
+  // Some are blocked at lexer level (separate tokens), others at parser level
+  describe("blacklisted variable names", () => {
+    // These are lexed as ShortFormVariable and need explicit blacklisting
+    const shortFormBlacklisted = ["output", "db", "toolset"];
+
+    for (const name of shortFormBlacklisted) {
+      it(`rejects as $${name} (short form)`, () => {
+        const parser = parse(`as $${name}`);
+        expect(parser.errors).to.not.be.empty;
+        expect(parser.errors[0].message).to.include("reserved");
+      });
+    }
+
+    // These are separate tokens and already rejected by the parser
+    const separateTokenBlacklisted = [
+      "auth",
+      "input",
+      "env",
+      "response",
+      "error",
+      "this",
+    ];
+
+    for (const name of separateTokenBlacklisted) {
+      it(`rejects as $${name} (separate token)`, () => {
+        const parser = parse(`as $${name}`);
+        expect(parser.errors).to.not.be.empty;
+      });
+    }
+
+    // $var is the LongFormVariable prefix, parser expects a dot after it
+    it("rejects as $var (long form prefix)", () => {
+      const parser = parse("as $var");
+      expect(parser.errors).to.not.be.empty;
+    });
+
+    // All blacklisted names should be rejected in long form ($var.name)
+    const allBlacklisted = [
+      "auth",
+      "input",
+      "env",
+      "response",
+      "output",
+      "var",
+      "db",
+      "error",
+      "toolset",
+      "this",
+    ];
+
+    for (const name of allBlacklisted) {
+      it(`rejects as $var.${name} (long form)`, () => {
+        const parser = parse(`as $var.${name}`);
+        expect(parser.errors).to.not.be.empty;
+        expect(parser.errors[0].message).to.include("reserved");
+      });
+    }
+
+    // Ensure valid names still work
+    it("accepts as $user", () => {
+      const parser = parse("as $user");
+      expect(parser.errors).to.be.empty;
+    });
+
+    it("accepts as $my_input", () => {
+      const parser = parse("as $my_input");
+      expect(parser.errors).to.be.empty;
+    });
+
+    it("accepts as $var.my_var", () => {
+      const parser = parse("as $var.my_var");
+      expect(parser.errors).to.be.empty;
+    });
+  });
 });

package/parser/generic/assignableVariableAs.js

@@ -1,5 +1,7 @@
+import { MismatchedTokenException } from "chevrotain";
 import { DotToken, Identifier } from "../../lexer/tokens.js";
-import { LongFormVariable,ShortFormVariable } from "../../lexer/variables.js";
+import { LongFormVariable, ShortFormVariable } from "../../lexer/variables.js";
+import { isBlacklistedVariableName } from "./assignableVariableProperty.js";
 
 /**
  * represent $var.x or $x, the only format accepting an assigment
@@ -7,11 +9,15 @@ import { LongFormVariable,ShortFormVariable } from "../../lexer/variables.js";
  */
 export function assignableVariableAs($) {
   return () => {
+    let variableName = "";
+    let variableToken = null;
     $.OR([
       // "$users"
       {
         ALT: () => {
-          $.CONSUME(ShortFormVariable);
+          const variable = $.CONSUME(ShortFormVariable);
+          variableName = variable.image;
+          variableToken = variable;
         },
       },
       // "$var.users"
@@ -19,9 +25,26 @@ export function assignableVariableAs($) {
         ALT: () => {
           $.CONSUME(LongFormVariable);
           $.CONSUME(DotToken);
-          $.CONSUME(Identifier);
+          const variable = $.CONSUME(Identifier);
+          variableName = `$${variable.image}`;
+          variableToken = variable;
         },
       },
     ]);
+
+    // Check for blacklisted variable names
+    if (variableName && variableToken) {
+      const nameWithoutPrefix = variableName.startsWith("$")
+        ? variableName.slice(1)
+        : variableName;
+      if (isBlacklistedVariableName(nameWithoutPrefix)) {
+        $.SAVE_ERROR(
+          new MismatchedTokenException(
+            `'${variableName}' is a reserved variable name and cannot be used`,
+            variableToken
+          )
+        );
+      }
+    }
   };
 }

package/parser/generic/assignableVariableAs.spec.js

@@ -49,4 +49,56 @@ describe("assignableVariableAs", () => {
     const parser = parse(`"someting"`);
     expect(parser.errors).to.not.be.empty;
   });
+
+  // Blacklisted variable names - used in loop contexts (each as $variable)
+  describe("blacklisted variable names", () => {
+    // These are lexed as ShortFormVariable and need explicit blacklisting
+    const shortFormBlacklisted = ["output", "db", "toolset"];
+
+    for (const name of shortFormBlacklisted) {
+      it(`rejects $${name} (short form)`, () => {
+        const parser = parse(`$${name}`);
+        expect(parser.errors).to.not.be.empty;
+        expect(parser.errors[0].message).to.include("reserved");
+      });
+    }
+
+    // All blacklisted names should be rejected in long form ($var.name)
+    const allBlacklisted = [
+      "auth",
+      "input",
+      "env",
+      "response",
+      "output",
+      "var",
+      "db",
+      "error",
+      "toolset",
+      "this",
+    ];
+
+    for (const name of allBlacklisted) {
+      it(`rejects $var.${name} (long form)`, () => {
+        const parser = parse(`$var.${name}`);
+        expect(parser.errors).to.not.be.empty;
+        expect(parser.errors[0].message).to.include("reserved");
+      });
+    }
+
+    // Ensure valid names still work
+    it("accepts $item", () => {
+      const parser = parse("$item");
+      expect(parser.errors).to.be.empty;
+    });
+
+    it("accepts $i", () => {
+      const parser = parse("$i");
+      expect(parser.errors).to.be.empty;
+    });
+
+    it("accepts $var.my_var", () => {
+      const parser = parse("$var.my_var");
+      expect(parser.errors).to.be.empty;
+    });
+  });
 });

package/parser/generic/assignableVariableProperty.js

@@ -1,3 +1,4 @@
+import { MismatchedTokenException } from "chevrotain";
 import { PipeToken } from "../../lexer/control.js";
 import { DotToken, Identifier, NewlineToken } from "../../lexer/tokens.js";
 import {
@@ -20,6 +21,31 @@ import {
   WebflowVariable,
 } from "../../lexer/variables.js";
 
+// Blacklisted variable names that conflict with built-in variables
+// These names cannot be used for user-defined variables because they
+// would conflict with their shorthand form (e.g., $var.input -> $input)
+export const BLACKLISTED_VARIABLE_NAMES = [
+  "auth",
+  "input",
+  "env",
+  "response",
+  "output",
+  "var",
+  "db",
+  "error",
+  "toolset",
+  "this",
+];
+
+/**
+ * Check if a variable name is blacklisted
+ * @param {string} name - Variable name without $ prefix
+ * @returns {boolean}
+ */
+export function isBlacklistedVariableName(name) {
+  return BLACKLISTED_VARIABLE_NAMES.includes(name);
+}
+
 /**
  * represent $var.x or $x, the only format accepting an assigment
  * @param {import('../base_parser.js').XanoBaseParser} $
@@ -27,6 +53,7 @@ import {
 export function assignableVariableProperty($) {
   return () => {
     let variableName = "";
+    let variableToken = null;
     $.OR({
       DEF: [
         // "$users" or env property tokens like "$http_headers"
@@ -53,6 +80,7 @@ export function assignableVariableProperty($) {
               { ALT: () => $.CONSUME(WebflowVariable) },
             ]);
             variableName = variable.image;
+            variableToken = variable;
           },
         },
         // "$var.users"
@@ -62,11 +90,29 @@ export function assignableVariableProperty($) {
             $.CONSUME(DotToken);
             const variable = $.CONSUME(Identifier);
             variableName = `$${variable.image}`;
+            variableToken = variable;
           },
         },
       ],
       ERR_MSG: "expecting variable (e.g. $variable or $var.variable)",
     });
+
+    // Check for blacklisted variable names
+    if (variableName && variableToken) {
+      // Extract the name without $ prefix for checking
+      const nameWithoutPrefix = variableName.startsWith("$")
+        ? variableName.slice(1)
+        : variableName;
+      if (isBlacklistedVariableName(nameWithoutPrefix)) {
+        $.SAVE_ERROR(
+          new MismatchedTokenException(
+            `'${variableName}' is a reserved variable name and cannot be used`,
+            variableToken
+          )
+        );
+      }
+    }
+
     $.SUBRULE($.chainedIdentifier);
 
     $.MANY({

package/parser/generic/assignableVariableProperty.spec.js

@@ -49,4 +49,81 @@ describe("assignableVariableProperty", () => {
     const parser = parse(`$users|trim`);
     expect(parser.errors).to.be.empty;
   });
+
+  // Blacklisted variable names - these conflict with built-in variables
+  // Some are blocked at lexer level (separate tokens), others at parser level
+  describe("blacklisted variable names", () => {
+    // These are lexed as ShortFormVariable and need explicit blacklisting
+    const shortFormBlacklisted = ["output", "db", "toolset"];
+
+    for (const name of shortFormBlacklisted) {
+      it(`rejects $${name} as assignable variable (short form)`, () => {
+        const parser = parse(`$${name}`);
+        expect(parser.errors).to.not.be.empty;
+        expect(parser.errors[0].message).to.include("reserved");
+      });
+    }
+
+    // These are separate tokens and already rejected by the parser
+    // (not in the OR alternatives of assignableVariableProperty)
+    const separateTokenBlacklisted = [
+      "auth",
+      "input",
+      "env",
+      "response",
+      "error",
+      "this",
+    ];
+
+    for (const name of separateTokenBlacklisted) {
+      it(`rejects $${name} as assignable variable (separate token)`, () => {
+        const parser = parse(`$${name}`);
+        expect(parser.errors).to.not.be.empty;
+      });
+    }
+
+    // $var is the LongFormVariable prefix, parser expects a dot after it
+    it("rejects $var as assignable variable (long form prefix)", () => {
+      const parser = parse("$var");
+      expect(parser.errors).to.not.be.empty;
+    });
+
+    // All blacklisted names should be rejected in long form ($var.name)
+    const allBlacklisted = [
+      "auth",
+      "input",
+      "env",
+      "response",
+      "output",
+      "var",
+      "db",
+      "error",
+      "toolset",
+      "this",
+    ];
+
+    for (const name of allBlacklisted) {
+      it(`rejects $var.${name} as assignable variable (long form)`, () => {
+        const parser = parse(`$var.${name}`);
+        expect(parser.errors).to.not.be.empty;
+        expect(parser.errors[0].message).to.include("reserved");
+      });
+    }
+
+    // Ensure valid names still work
+    it("accepts $user as assignable variable", () => {
+      const parser = parse("$user");
+      expect(parser.errors).to.be.empty;
+    });
+
+    it("accepts $my_input as assignable variable", () => {
+      const parser = parse("$my_input");
+      expect(parser.errors).to.be.empty;
+    });
+
+    it("accepts $var.my_var as assignable variable", () => {
+      const parser = parse("$var.my_var");
+      expect(parser.errors).to.be.empty;
+    });
+  });
 });

package/parser/tests/function/valid_sources/ledash_ends_with.xs

@@ -75,7 +75,7 @@ function "ledash/ends_with" {
       each as $index {
         conditional {
           description = "compare every element using position as an offset on the string"
-        
+
           if (($text|get:$position - $index - 1:null) !== ($target|get:($target|count) - $index - 1:null)) {
             return {
               value = false

package/parser/tests/query/valid_sources/all_zip.xs

@@ -27,7 +27,7 @@ query all_zip verb=GET {
     zip.extract {
       zip = $zip_file
       password = ""
-    } as $output
+    } as $extracted_output
   
     zip.view_contents {
       zip = $input.file