@xano/xanoscript-language-server 11.8.4 → 11.9.0

package/parser/functions/middlewareCallFn.js

@@ -2,6 +2,7 @@ import { CallToken } from "../../lexer/action.js";
 import { StringLiteral } from "../../lexer/literal.js";
 import { MiddlewareToken } from "../../lexer/middleware.js";
 import { DotToken, Identifier } from "../../lexer/tokens.js";
+import { getVarName } from "../generic/utils.js";
 
 /**
  *
@@ -15,10 +16,11 @@ export function middlewareCallFn($) {
     $.CONSUME(DotToken); // "."
     const fnToken = $.CONSUME(CallToken); // "call"
 
-    $.OR([
+    const nameToken = $.OR([
       { ALT: () => $.CONSUME(Identifier) }, // user
       { ALT: () => $.CONSUME1(StringLiteral) }, // "user auth"
     ]);
+    $.addReference("middleware", getVarName(nameToken), nameToken);
 
     $.OPTION(() => {
       $.SUBRULE($.schemaParseAttributeFn, {

package/parser/functions/security/register.js

@@ -8,7 +8,9 @@ import { securityCreateUuidFn } from "./securityCreateUuidFn.js";
 import { securityDecryptFn } from "./securityDecryptFn.js";
 import { securityEncryptFn } from "./securityEncryptFn.js";
 import { securityJweDecodeFn } from "./securityJweDecodeFn.js";
+import { securityJweDecodeLegacyFn } from "./securityJweDecodeLegacyFn.js";
 import { securityJweEncodeFn } from "./securityJweEncodeFn.js";
+import { securityJweEncodeLegacyFn } from "./securityJweEncodeLegacyFn.js";
 import { securityJwsDecodeFn } from "./securityJwsDecodeFn.js";
 import { securityJwsEncodeFn } from "./securityJwsEncodeFn.js";
 import { securityRandomBytesFn } from "./securityRandomBytesFn.js";
@@ -21,44 +23,52 @@ import { securityRandomNumberFn } from "./securityRandomNumberFn.js";
 export const register = ($) => {
   $.securityCheckPasswordFn = $.RULE(
     "securityCheckPasswordFn",
-    securityCheckPasswordFn($)
+    securityCheckPasswordFn($),
   );
   $.securityCreateAuthTokenFn = $.RULE(
     "securityCreateAuthTokenFn",
-    securityCreateAuthTokenFn($)
+    securityCreateAuthTokenFn($),
   );
   $.securityCreateCurveKeyFn = $.RULE(
     "securityCreateCurveKeyFn",
-    securityCreateCurveKeyFn($)
+    securityCreateCurveKeyFn($),
   );
   $.securityCreatePasswordFn = $.RULE(
     "securityCreatePasswordFn",
-    securityCreatePasswordFn($)
+    securityCreatePasswordFn($),
   );
   $.securityCreateRsaKeyFn = $.RULE(
     "securityCreateRsaKeyFn",
-    securityCreateRsaKeyFn($)
+    securityCreateRsaKeyFn($),
   );
   $.securityCreateSecretKeyFn = $.RULE(
     "securityCreateSecretKeyFn",
-    securityCreateSecretKeyFn($)
+    securityCreateSecretKeyFn($),
   );
   $.securityCreateUuidFn = $.RULE(
     "securityCreateUuidFn",
-    securityCreateUuidFn($)
+    securityCreateUuidFn($),
   );
   $.securityDecryptFn = $.RULE("securityDecryptFn", securityDecryptFn($));
   $.securityEncryptFn = $.RULE("securityEncryptFn", securityEncryptFn($));
   $.securityJweDecodeFn = $.RULE("securityJweDecodeFn", securityJweDecodeFn($));
   $.securityJweEncodeFn = $.RULE("securityJweEncodeFn", securityJweEncodeFn($));
+  $.securityJweDecodeLegacyFn = $.RULE(
+    "securityJweDecodeLegacyFn",
+    securityJweDecodeLegacyFn($),
+  );
+  $.securityJweEncodeLegacyFn = $.RULE(
+    "securityJweEncodeLegacyFn",
+    securityJweEncodeLegacyFn($),
+  );
   $.securityJwsDecodeFn = $.RULE("securityJwsDecodeFn", securityJwsDecodeFn($));
   $.securityJwsEncodeFn = $.RULE("securityJwsEncodeFn", securityJwsEncodeFn($));
   $.securityRandomBytesFn = $.RULE(
     "securityRandomBytesFn",
-    securityRandomBytesFn($)
+    securityRandomBytesFn($),
   );
   $.securityRandomNumberFn = $.RULE(
     "securityRandomNumberFn",
-    securityRandomNumberFn($)
+    securityRandomNumberFn($),
   );
 };

package/parser/functions/security/securityCreateAuthTokenFn.js

@@ -1,4 +1,8 @@
+import { SingleQuotedStringLiteral,StringLiteral } from "../../../lexer/literal.js";
 import { CreateAuthTokenToken } from "../../../lexer/security.js";
+import { getVarName } from "../../generic/utils.js";
+
+const stringTokens = new Set([StringLiteral.name, SingleQuotedStringLiteral.name]);
 
 /**
  * @param {import('../../base_parser.js').XanoBaseParser} $
@@ -8,6 +12,7 @@ export function securityCreateAuthTokenFn($) {
     $.sectionStack.push("securityCreateAuthTokenFn");
     const fnToken = $.CONSUME(CreateAuthTokenToken); // "create_auth_token"
 
+    const captured = {};
     $.SUBRULE($.schemaParseAttributeFn, {
       ARGS: [
         fnToken,
@@ -19,9 +24,26 @@ export function securityCreateAuthTokenFn($) {
           "description?": "[string]",
           "disabled?": "[boolean]",
         },
+        captured,
       ],
     });
 
+    $.ACTION(() => {
+      if (!captured.table) return;
+      const keyOffset = captured.table.key?.startOffset;
+      if (keyOffset == null) return;
+      const tokens = $.input;
+      for (let i = 0; i < tokens.length - 2; i++) {
+        if (tokens[i].startOffset === keyOffset) {
+          const valueToken = tokens[i + 2];
+          if (valueToken && stringTokens.has(valueToken.tokenType.name)) {
+            $.addReference("table", getVarName(valueToken), valueToken);
+          }
+          break;
+        }
+      }
+    });
+
     $.SUBRULE($.asVariable, { ARGS: [fnToken] });
     $.sectionStack.pop();
   };

package/parser/functions/security/securityJweDecodeLegacyFn.js

@@ -0,0 +1,24 @@
+import { EqualToken, LCurly, RCurly } from "../../../lexer/control.js";
+import { JweDecodeLegacyToken } from "../../../lexer/security.js";
+import { Identifier, NewlineToken } from "../../../lexer/tokens.js";
+
+/**
+ * @param {import('../../base_parser.js').XanoBaseParser} $
+ */
+export function securityJweDecodeLegacyFn($) {
+  return () => {
+    $.sectionStack.push("securityJweDecodeLegacyFn");
+    const fnToken = $.CONSUME(JweDecodeLegacyToken); // "jwe_decode_legacy"
+    $.CONSUME(LCurly); // "{"
+    $.MANY(() => {
+      $.AT_LEAST_ONE(() => $.CONSUME(NewlineToken));
+      $.CONSUME1(Identifier); // "field_name"
+      $.CONSUME(EqualToken); // "="
+      $.SUBRULE($.expressionFn);
+    });
+    $.MANY1(() => $.CONSUME1(NewlineToken));
+    $.CONSUME(RCurly); // "}"
+    $.SUBRULE($.asVariable, { ARGS: [fnToken] });
+    $.sectionStack.pop();
+  };
+}

package/parser/functions/security/securityJweDecodeLegacyFn.spec.js

@@ -0,0 +1,26 @@
+import { expect } from "chai";
+import { describe, it } from "mocha";
+import { lexDocument } from "../../../lexer/lexer.js";
+import { parser } from "../../test_parser.js";
+
+function parse(inputText) {
+  parser.reset();
+  const lexResult = lexDocument(inputText);
+  parser.input = lexResult.tokens;
+  parser.securityJweDecodeLegacyFn();
+  return parser;
+}
+
+describe("securityJweDecodeLegacyFn", () => {
+  it("securityJweDecodeLegacyFn accepts attributes and store value in a variable", () => {
+    const parser = parse(`jwe_decode_legacy {
+      token = $input.magic_token
+      key = $env.magic_jwt_secret
+      audience = "Xano"
+      key_algorithm = "A256KW"
+      content_algorithm = "A256CBC-HS512"
+    } as $decoded_magic_token`);
+    console.log(parser.errors);
+    expect(parser.errors).to.be.empty;
+  });
+});

package/parser/functions/security/securityJweEncodeLegacyFn.js

@@ -0,0 +1,24 @@
+import { EqualToken, LCurly, RCurly } from "../../../lexer/control.js";
+import { JweEncodeLegacyToken } from "../../../lexer/security.js";
+import { Identifier, NewlineToken } from "../../../lexer/tokens.js";
+
+/**
+ * @param {import('../../base_parser.js').XanoBaseParser} $
+ */
+export function securityJweEncodeLegacyFn($) {
+  return () => {
+    $.sectionStack.push("securityJweEncodeLegacyFn");
+    const fnToken = $.CONSUME(JweEncodeLegacyToken); // "jwe_encode_legacy"
+    $.CONSUME(LCurly); // "{"
+    $.MANY(() => {
+      $.AT_LEAST_ONE(() => $.CONSUME(NewlineToken));
+      $.CONSUME1(Identifier); // "field_name"
+      $.CONSUME(EqualToken); // "="
+      $.SUBRULE($.expressionFn);
+    });
+    $.MANY1(() => $.CONSUME1(NewlineToken));
+    $.CONSUME(RCurly); // "}"
+    $.SUBRULE($.asVariable, { ARGS: [fnToken] });
+    $.sectionStack.pop();
+  };
+}

package/parser/functions/security/securityJweEncodeLegacyFn.spec.js

@@ -0,0 +1,25 @@
+import { expect } from "chai";
+import { describe, it } from "mocha";
+import { lexDocument } from "../../../lexer/lexer.js";
+import { parser } from "../../test_parser.js";
+
+function parse(inputText) {
+  parser.reset();
+  const lexResult = lexDocument(inputText);
+  parser.input = lexResult.tokens;
+  parser.securityJweEncodeLegacyFn();
+  return parser;
+}
+
+describe("securityJweEncodeLegacyFn", () => {
+  it("securityJweEncodeLegacyFn accepts attributes and store value in a variable", () => {
+    const parser = parse(`jwe_encode_legacy {
+      payload = $jwt_payload
+      audience = "Xano"
+      key = $env.magic_jwt_secret
+      key_algorithm = "A256KW"
+      content_algorithm = "A256CBC-HS512"
+    } as $jwt`);
+    expect(parser.errors).to.be.empty;
+  });
+});

package/parser/functions/securityFn.js

@@ -20,6 +20,8 @@ export function securityFn($) {
       { ALT: () => $.SUBRULE($.securityEncryptFn) }, // security.encrypt
       { ALT: () => $.SUBRULE($.securityJweDecodeFn) }, // security.jwe_decode
       { ALT: () => $.SUBRULE($.securityJweEncodeFn) }, // security.jwe_encode
+      { ALT: () => $.SUBRULE($.securityJweDecodeLegacyFn) }, // security.jwe_decode_legacy
+      { ALT: () => $.SUBRULE($.securityJweEncodeLegacyFn) }, // security.jwe_encode_legacy
       { ALT: () => $.SUBRULE($.securityJwsDecodeFn) }, // security.jws_decode
       { ALT: () => $.SUBRULE($.securityJwsEncodeFn) }, // security.jws_encode
       { ALT: () => $.SUBRULE($.securityRandomBytesFn) }, // security.random_bytes

package/parser/functions/varFn.js

@@ -68,7 +68,7 @@ export function varFn($) {
             // we can directly add the variable here but
             // not necessary for the `assignableVariableProperty` below
             // which will add it on its own
-            $.addVariable(variable.image, "unknown");
+            $.addVariable(variable.image, "unknown", variable);
           }
         },
       },

package/parser/generic/asVariable.js

@@ -13,7 +13,9 @@ export function asVariable($) {
     $.OPTION(() => {
       hasAs = true;
       $.CONSUME(AsToken); // "as"
+      $.__assignableIsDeclaration = true;
       $.SUBRULE($.assignableVariableProperty);
+      $.__assignableIsDeclaration = false;
     });
 
     if (!hasAs && parent) {

package/parser/generic/assignableVariableAs.js

@@ -45,6 +45,7 @@ export function assignableVariableAs($) {
           )
         );
       }
+      $.addVariable(variableName, "unknown", variableToken);
     }
   };
 }

package/parser/generic/assignableVariableProperty.js

@@ -128,8 +128,11 @@ export function assignableVariableProperty($) {
       },
     });
 
-    if (variableName) {
-      $.addVariable(variableName, "unknown");
+    // Only register as a declaration when used in an "as $var" context.
+    // Other callers (var.update, math.*, text.*) are usages, not declarations,
+    // and the token scanner will pick them up automatically.
+    if (variableName && $.__assignableIsDeclaration) {
+      $.addVariable(variableName, "unknown", variableToken);
     }
   };
 }

package/parser/task_parser.js

@@ -1,4 +1,5 @@
 import { ActiveToken } from "../lexer/api_group.js";
+import { CommentToken } from "../lexer/comment.js";
 import { EqualToken, LCurly, RCurly } from "../lexer/control.js";
 import { StringLiteral } from "../lexer/literal.js";
 import { DataSourceToken, TaskToken } from "../lexer/task.js";
@@ -32,7 +33,7 @@ export function taskDeclaration($) {
     $.MANY(() => {
       $.AT_LEAST_ONE(() => $.CONSUME(NewlineToken)); // at least one new line
       $.OR2([
-        { ALT: () => $.SUBRULE($.commentBlockFn) },
+        { ALT: () => $.CONSUME(CommentToken) },
         {
           GATE: () => !hasActive,
           ALT: () => {

package/parser/tests/task/valid_sources/create_leak.xs

@@ -0,0 +1,165 @@
+task claim_reminders {
+  description = "Runs every 6 hours to send reminders for claims stalled at the assessment, review, or approval workflow stages."
+
+  stack {
+    debug.log {
+      value = "Claim reminders task started"
+    }
+
+    // --- Cutoff timestamps ---
+
+    var $forty_eight_hours_ago {
+      value = now|transform_timestamp:"-48 hours"
+    }
+
+    var $twenty_four_hours_ago {
+      value = now|transform_timestamp:"-24 hours"
+    }
+
+    var $twelve_hours_ago {
+      value = now|transform_timestamp:"-12 hours"
+    }
+
+    var $assessment_reminder_count {
+      value = 0
+    }
+
+    var $review_reminder_count {
+      value = 0
+    }
+
+    var $approval_reminder_count {
+      value = 0
+    }
+
+    // === Step 1: Garage Assessment Reminders (stalled > 48h) ===
+
+    db.query claim {
+      where = ($db.claim.workflow_status == "assessment" && $db.claim.updated_at < $forty_eight_hours_ago)
+    } as $assessment_claims
+
+    foreach ($assessment_claims) {
+      each as $claim {
+        try_catch {
+          try {
+            function.run "communication/send_notification" {
+              input = {
+                user_id : $claim.garage_id
+                claim_id: $claim.id
+                message : "Reminder: Vehicle assessment for claim " ~ $claim.claim_number ~ " is awaiting your action. Please complete the assessment report at your earliest convenience."
+                subject : "Assessment Reminder - Claim " ~ $claim.claim_number
+              }
+            }
+
+            var.update $assessment_reminder_count {
+              value = $assessment_reminder_count + 1
+            }
+          }
+          catch {
+            debug.log {
+              value = {
+                error       : "Failed to send assessment reminder"
+                claim_number: $claim.claim_number
+              }
+            }
+          }
+        }
+      }
+    }
+
+    debug.log {
+      value = "Assessment reminders sent: " ~ $assessment_reminder_count
+    }
+
+    // === Step 2: Agent Review Reminders (stalled > 24h) ===
+
+    db.query claim {
+      where = ($db.claim.workflow_status == "review" && $db.claim.updated_at < $twenty_four_hours_ago)
+    } as $review_claims
+
+    foreach ($review_claims) {
+      each as $claim {
+        try_catch {
+          try {
+            function.run "communication/send_notification" {
+              input = {
+                user_id : $claim.assigned_agent_id
+                claim_id: $claim.id
+                message : "Reminder: Claim " ~ $claim.claim_number ~ " is awaiting your review. Please complete your review to keep the claim moving forward."
+                subject : "Review Reminder - Claim " ~ $claim.claim_number
+              }
+            }
+
+            var.update $review_reminder_count {
+              value = $review_reminder_count + 1
+            }
+          }
+          catch {
+            debug.log {
+              value = {
+                error       : "Failed to send review reminder"
+                claim_number: $claim.claim_number
+              }
+            }
+          }
+        }
+      }
+    }
+
+    debug.log {
+      value = "Review reminders sent: " ~ $review_reminder_count
+    }
+
+    // === Step 3: Agent Approval Reminders - URGENT (stalled > 12h) ===
+
+    db.query claim {
+      where = ($db.claim.workflow_status == "approval" && $db.claim.updated_at < $twelve_hours_ago)
+    } as $approval_claims
+
+    foreach ($approval_claims) {
+      each as $claim {
+        try_catch {
+          try {
+            function.run "communication/send_notification" {
+              input = {
+                user_id : $claim.assigned_agent_id
+                claim_id: $claim.id
+                message : "URGENT: Claim " ~ $claim.claim_number ~ " requires your immediate approval. This claim has been pending approval for over 12 hours. Please review and take action as soon as possible."
+                subject : "URGENT: Approval Required - Claim " ~ $claim.claim_number
+              }
+            }
+
+            var.update $approval_reminder_count {
+              value = $approval_reminder_count + 1
+            }
+          }
+          catch {
+            debug.log {
+              value = {
+                error       : "Failed to send approval reminder"
+                claim_number: $claim.claim_number
+              }
+            }
+          }
+        }
+      }
+    }
+
+    debug.log {
+      value = "Approval reminders sent: " ~ $approval_reminder_count
+    }
+
+    // === Step 4: Final summary ===
+
+    debug.log {
+      value = {
+        assessment_reminders_sent: $assessment_reminder_count
+        review_reminders_sent    : $review_reminder_count
+        approval_reminders_sent  : $approval_reminder_count
+        total_reminders_sent     : ($assessment_reminder_count + $review_reminder_count + $approval_reminder_count)
+      }
+    }
+  }
+
+  schedule = [{starts_on: 2026-01-01 00:00:00+0000, freq: 21600}]
+}