abapgit-agent 1.8.9 → 1.10.0

package/src/commands/dump.js

@@ -0,0 +1,327 @@
+'use strict';
+
+/**
+ * Dump command - Query short dumps (ST22) from ABAP system
+ */
+
+// Convert a local date/time in the given IANA timezone to a UTC Date.
+// Uses an iterative approach to reliably handle DST transitions.
+function localToUTC(dateStr, timeStr, timezone) {
+  const iso = `${dateStr.slice(0,4)}-${dateStr.slice(4,6)}-${dateStr.slice(6,8)}` +
+              `T${timeStr.slice(0,2)}:${timeStr.slice(2,4)}:${timeStr.slice(4,6)}`;
+  let candidate = new Date(iso + 'Z');
+  for (let i = 0; i < 3; i++) {
+    const localStr = candidate.toLocaleString('sv-SE', { timeZone: timezone }).replace(' ', 'T');
+    const diff = new Date(iso + 'Z').getTime() - new Date(localStr + 'Z').getTime();
+    candidate = new Date(candidate.getTime() + diff);
+  }
+  return candidate;
+}
+
+// Format a UTC Date as a local date/time in the given IANA timezone.
+// Returns { date: 'YYYY-MM-DD', time: 'HH:MM:SS' }.
+function utcToLocal(utcDate, timezone) {
+  const local = utcDate.toLocaleString('sv-SE', { timeZone: timezone });
+  const [date, time] = local.split(' ');
+  return { date, time };
+}
+
+// Parse a 14-char UTC timestamp string (YYYYMMDDhhmmss) to a Date.
+function parseUTCTimestamp(ts) {
+  const s = String(ts).padStart(14, '0');
+  return new Date(`${s.slice(0,4)}-${s.slice(4,6)}-${s.slice(6,8)}T${s.slice(8,10)}:${s.slice(10,12)}:${s.slice(12,14)}Z`);
+}
+
+// Format a UTC Date as a 14-char timestamp string (YYYYMMDDhhmmss).
+function toTimestampStr(date) {
+  return date.toISOString().replace(/[-T:Z]/g, '').slice(0, 14);
+}
+
+// Parse the user's --date argument into { from, to } as YYYYMMDD strings,
+// respecting the given timezone for TODAY/YESTERDAY keywords.
+function parseDateArg(dateStr, timezone) {
+  const nowLocal = utcToLocal(new Date(), timezone);
+  const todayStr = nowLocal.date.replace(/-/g, '');
+
+  const upper = dateStr.toUpperCase();
+  if (upper === 'TODAY') {
+    return { from: todayStr, to: todayStr };
+  }
+  if (upper === 'YESTERDAY') {
+    const d = new Date(nowLocal.date + 'T00:00:00Z');
+    d.setUTCDate(d.getUTCDate() - 1);
+    const yStr = d.toISOString().slice(0, 10).replace(/-/g, '');
+    return { from: yStr, to: yStr };
+  }
+  if (dateStr.includes('..')) {
+    const [a, b] = dateStr.split('..');
+    return { from: a.replace(/-/g, ''), to: b.replace(/-/g, '') };
+  }
+  const d = dateStr.replace(/-/g, '');
+  return { from: d, to: d };
+}
+
+function parseTimeArg(timeStr) {
+  const padTime = (t) => (t.replace(/:/g, '') + '000000').substring(0, 6);
+  if (timeStr.includes('..')) {
+    const [a, b] = timeStr.split('..');
+    return { from: padTime(a), to: padTime(b) };
+  }
+  const t = padTime(timeStr);
+  return { from: t, to: t };
+}
+
+// Resolve display date/time for a dump entry, using utc_timestamp when available.
+function resolveDateTime(dump, timezone) {
+  const ts = dump.UTC_TIMESTAMP || dump.utc_timestamp;
+  if (ts && timezone) {
+    const utcDate = parseUTCTimestamp(ts);
+    return utcToLocal(utcDate, timezone);
+  }
+  return {
+    date: dump.DATE || dump.date || '',
+    time: dump.TIME || dump.time || '',
+  };
+}
+
+function renderList(dumps, total, limit, timezone) {
+  const totalNum = Number(total) || dumps.length;
+  const tzLabel  = timezone ? ` [${timezone}]` : '';
+  console.log(`\n  Short Dumps (${totalNum} found)${tzLabel}\n`);
+
+  if (dumps.length === 0) {
+    console.log('  No short dumps found for the given filters.\n');
+    return;
+  }
+
+  const W = { num: 3, date: 10, time: 8, user: 12, prog: 30, err: 40 };
+  const hdr = `  ${'#'.padStart(W.num)}  ${'Date'.padEnd(W.date)}  ${'Time'.padEnd(W.time)}  ${'User'.padEnd(W.user)}  ${'Program'.padEnd(W.prog)}  Error`;
+  const sep = '  ' + '-'.repeat(W.num + 2 + W.date + 2 + W.time + 2 + W.user + 2 + W.prog + 2 + W.err);
+  console.log(hdr);
+  console.log(sep);
+
+  dumps.forEach((d, i) => {
+    const { date, time } = resolveDateTime(d, timezone);
+    const user = (d.USER || d.user || '').substring(0, W.user);
+    const prog = (d.PROGRAM || d.program || '').substring(0, W.prog);
+    const err  = (d.ERROR || d.error || '');
+    console.log(`  ${String(i + 1).padStart(W.num)}  ${date.padEnd(W.date)}  ${time.padEnd(W.time)}  ${user.padEnd(W.user)}  ${prog.padEnd(W.prog)}  ${err}`);
+  });
+
+  console.log('');
+  if (totalNum > limit) {
+    console.log(`  Showing ${dumps.length} of ${totalNum} dumps. Use --limit to see more.`);
+  }
+  console.log('  Use --detail <number> to see full dump details\n');
+}
+
+function renderDetail(dump, timezone) {
+  console.log('\n  Short Dump Detail\n');
+
+  const { date, time } = resolveDateTime(dump, timezone);
+  const tzLabel = timezone ? ` (${timezone})` : '';
+
+  const fields = [
+    ['Error',     dump.ERROR     || dump.error     || ''],
+    ['Date',      date + tzLabel],
+    ['Time',      time],
+    ['User',      dump.USER      || dump.user      || ''],
+    ['Program',   dump.PROGRAM   || dump.program   || ''],
+    ['Object',    dump.OBJECT    || dump.object    || ''],
+    ['Package',   dump.PACKAGE   || dump.package   || ''],
+    ['Exception', dump.EXCEPTION || dump.exception || ''],
+  ];
+  fields.forEach(([label, val]) => {
+    if (val) {
+      console.log(`  ${label.padEnd(12)}${val}`);
+    }
+  });
+
+  const normalize = (s) => s.replace(/\\n/g, '\n').replace(/\\r/g, '');
+  const whatHappened  = normalize(dump.WHAT_HAPPENED  || dump.what_happened  || '');
+  const errorAnalysis = normalize(dump.ERROR_ANALYSIS || dump.error_analysis || '');
+
+  if (whatHappened) {
+    console.log('\n  What happened:');
+    console.log('  ' + '-'.repeat(55));
+    console.log(whatHappened.split('\n').map(l => '  ' + l).join('\n'));
+  }
+  if (errorAnalysis) {
+    console.log('\n  Error analysis:');
+    console.log('  ' + '-'.repeat(55));
+    console.log(errorAnalysis.split('\n').map(l => '  ' + l).join('\n'));
+  }
+
+  const stack = dump.CALL_STACK || dump.call_stack || [];
+
+  // Separate structured frames (have level) from source block (no level, has raw text)
+  const frames     = stack.filter(f => (f.LEVEL || f.level));
+  const srcEntries = stack.filter(f => !(f.LEVEL || f.level) && (f.METHOD || f.method));
+
+  if (frames.length > 0) {
+    console.log('\n  Call stack:');
+    console.log('  ' + '-'.repeat(55));
+    frames.forEach((frame) => {
+      const level   = frame.LEVEL   || frame.level   || '';
+      const cls     = frame.CLASS   || frame.class   || '';
+      const method  = frame.METHOD  || frame.method  || '';
+      const program = frame.PROGRAM || frame.program || '';
+      const include = frame.INCLUDE || frame.include || '';
+      const line    = frame.LINE    || frame.line    || '';
+      const location = cls ? `${cls}->${method}` : (method ? `${program} ${method}` : program || include);
+      const lineRef  = line ? ` (line ${line})` : '';
+      console.log(`  ${String(level).padStart(3)}  ${location}${lineRef}`);
+    });
+  }
+
+  if (srcEntries.length > 0) {
+    const srcInc  = dump.SOURCE_INCLUDE || dump.source_include || '';
+    const srcLine = dump.SOURCE_LINE    || dump.source_line    || 0;
+    const heading = srcInc ? `  Source (${srcInc}, line ${srcLine}):` : '  Source:';
+    console.log('\n' + heading);
+    console.log('  ' + '-'.repeat(55));
+    const rawText = srcEntries[0].METHOD || srcEntries[0].method || '';
+    console.log(normalize(rawText).split('\n').map(l => '  ' + l).join('\n'));
+  }
+
+  console.log('');
+}
+
+module.exports = {
+  name: 'dump',
+  description: 'Query short dumps (ST22) from ABAP system',
+  requiresAbapConfig: true,
+  requiresVersionCheck: false,
+
+  async execute(args, context) {
+    const { loadConfig, AbapHttp } = context;
+
+    const idx = (flag) => args.indexOf(flag);
+    const val = (flag) => {
+      const i = idx(flag);
+      return i !== -1 && i + 1 < args.length ? args[i + 1] : null;
+    };
+
+    const userRaw    = val('--user');
+    const dateRaw    = val('--date');
+    const timeRaw    = val('--time');
+    const programRaw = val('--program');
+    const errorRaw   = val('--error');
+    const limitRaw   = val('--limit');
+    const detailRaw  = val('--detail');
+    const timezoneRaw = val('--timezone');
+    const jsonOutput = args.includes('--json');
+
+    const user    = userRaw    ? userRaw.toUpperCase()    : null;
+    const program = programRaw ? programRaw.toUpperCase() : null;
+    const error   = errorRaw   ? errorRaw.toUpperCase()   : null;
+
+    // Resolve timezone: explicit flag > system default
+    const timezone = timezoneRaw || Intl.DateTimeFormat().resolvedOptions().timeZone;
+
+    let limit = 20;
+    if (limitRaw) {
+      const parsed = parseInt(limitRaw, 10);
+      if (!isNaN(parsed) && parsed > 0) {
+        limit = Math.min(parsed, 100);
+      }
+    }
+
+    // Build UTC timestamp range from user's date/time in their timezone
+    let tsFrom = null, tsTo = null;
+    if (dateRaw) {
+      const dates = parseDateArg(dateRaw, timezone);
+      const timeF = timeRaw ? parseTimeArg(timeRaw).from : '000000';
+      const timeT = timeRaw ? parseTimeArg(timeRaw).to   : '235959';
+      tsFrom = toTimestampStr(localToUTC(dates.from, timeF, timezone));
+      tsTo   = toTimestampStr(localToUTC(dates.to,   timeT, timezone));
+    } else if (timeRaw) {
+      // Time filter without date: apply to the default 7-day window
+      const now    = utcToLocal(new Date(), timezone);
+      const today  = now.date.replace(/-/g, '');
+      const sevenAgo = (() => {
+        const d = new Date(now.date + 'T00:00:00Z');
+        d.setUTCDate(d.getUTCDate() - 7);
+        return d.toISOString().slice(0, 10).replace(/-/g, '');
+      })();
+      const times = parseTimeArg(timeRaw);
+      tsFrom = toTimestampStr(localToUTC(sevenAgo, times.from, timezone));
+      tsTo   = toTimestampStr(localToUTC(today,    times.to,   timezone));
+    }
+
+    const detailN = detailRaw ? parseInt(detailRaw, 10) : null;
+
+    const config = loadConfig();
+    const http   = new AbapHttp(config);
+    const csrfToken = await http.fetchCsrfToken();
+
+    const buildData = (extra) => {
+      const data = { limit };
+      if (user)    data.user    = user;
+      if (program) data.program = program;
+      if (error)   data.error   = error;
+      if (tsFrom) {
+        data.ts_from = tsFrom;
+        data.ts_to   = tsTo;
+      }
+      return Object.assign(data, extra);
+    };
+
+    if (detailN) {
+      // Two-step: first list (using limit 100 to get full page), then detail
+      const listResult = await http.post('/sap/bc/z_abapgit_agent/dump', buildData({ limit: 100 }), { csrfToken });
+      const listSuccess = listResult.SUCCESS || listResult.success;
+      const listErr     = listResult.ERROR   || listResult.error;
+
+      if (!listSuccess || listErr) {
+        console.error(`\n  Error: ${listErr || 'Failed to query short dumps'}\n`);
+        return;
+      }
+
+      const dumps = listResult.DUMPS || listResult.dumps || [];
+      if (detailN < 1 || detailN > dumps.length) {
+        console.error(`\n  Error: Row number ${detailN} not found in results (found ${dumps.length} dump(s))\n`);
+        return;
+      }
+
+      const targetId = dumps[detailN - 1].ID || dumps[detailN - 1].id;
+      const detailResult = await http.post('/sap/bc/z_abapgit_agent/dump', buildData({ detail: targetId }), { csrfToken });
+
+      const success = detailResult.SUCCESS || detailResult.success;
+      const errMsg  = detailResult.ERROR   || detailResult.error;
+
+      if (!success || errMsg) {
+        console.error(`\n  Error: ${errMsg || 'Failed to load dump detail'}\n`);
+        return;
+      }
+
+      if (jsonOutput) {
+        console.log(JSON.stringify(detailResult, null, 2));
+        return;
+      }
+
+      const detailDumps = detailResult.DUMPS || detailResult.dumps || [];
+      renderDetail(detailDumps[0] || {}, timezone);
+      return;
+    }
+
+    // List mode
+    const result  = await http.post('/sap/bc/z_abapgit_agent/dump', buildData({}), { csrfToken });
+    const success = result.SUCCESS || result.success;
+    const errMsg  = result.ERROR   || result.error;
+
+    if (!success || errMsg) {
+      console.error(`\n  Error: ${errMsg || 'Failed to query short dumps'}\n`);
+      return;
+    }
+
+    if (jsonOutput) {
+      console.log(JSON.stringify(result, null, 2));
+      return;
+    }
+
+    const dumps = result.DUMPS  || result.dumps  || [];
+    const total = result.TOTAL  || result.total  || dumps.length;
+    renderList(dumps, total, limit, timezone);
+  }
+};

package/src/commands/help.js

@@ -58,6 +58,9 @@ Commands:
   where --objects <obj1>,<obj2>,... [--type <type>] [--limit <n>] [--json]
     Find where-used list for ABAP objects (classes, interfaces, programs)
 
+  dump [--user <user>] [--date <date>] [--time <HH:MM..HH:MM>] [--timezone <tz>] [--program <prog>] [--error <error>] [--limit <n>] [--detail <n>] [--json]
+    Query short dumps (ST22) from ABAP system. Use --detail <n> to view full details.
+
   ref <pattern> [--json]
     Search ABAP reference repositories for patterns. Requires referenceFolder in .abapGitAgent.
 
@@ -100,12 +103,14 @@ Examples:
   abapgit-agent list --package $MY_PACKAGE --type CLAS,INTF  # List classes & interfaces
   abapgit-agent view --objects ZCL_MY_CLASS                  # View class definition
   abapgit-agent where --objects ZCL_MY_CLASS                 # Find where class is used
+  abapgit-agent dump --date TODAY                            # Recent short dumps
+  abapgit-agent dump --user DEVELOPER --detail 1             # Full detail of first result
   abapgit-agent ref "CORRESPONDING"                          # Search for pattern
   abapgit-agent ref --topic exceptions                       # View exceptions topic
   abapgit-agent health                                       # Health check
   abapgit-agent status                                       # Configuration status
 
-For more info: https://github.tools.sap/I045696/abapgit-agent
+For more info: https://github.com/SylvosCai/abapgit-agent
 `);
   }
 };

package/src/utils/adt-http.js

@@ -0,0 +1,344 @@
+'use strict';
+
+/**
+ * ADT HTTP client for SAP ABAP Development Tools REST API
+ * Handles XML/AtomPub content, CSRF token, cookie session caching.
+ */
+const https = require('https');
+const http = require('http');
+const fs = require('fs');
+const path = require('path');
+const os = require('os');
+const crypto = require('crypto');
+
+/**
+ * ADT HTTP client with CSRF token, cookie, and session caching.
+ * Mirrors AbapHttp but targets /sap/bc/adt/* with XML content-type.
+ */
+class AdtHttp {
+  constructor(config) {
+    this.config = config;
+    this.csrfToken = null;
+    this.cookies = null;
+
+    const configHash = crypto.createHash('md5')
+      .update(`${config.host}:${config.user}:${config.client}`)
+      .digest('hex')
+      .substring(0, 8);
+
+    this.sessionFile = path.join(os.tmpdir(), `abapgit-adt-session-${configHash}.json`);
+    this.loadSession();
+  }
+
+  loadSession() {
+    if (!fs.existsSync(this.sessionFile)) return;
+    try {
+      const session = JSON.parse(fs.readFileSync(this.sessionFile, 'utf8'));
+      const safetyMargin = 2 * 60 * 1000;
+      if (session.expiresAt > Date.now() + safetyMargin) {
+        this.csrfToken = session.csrfToken;
+        this.cookies = session.cookies;
+      } else {
+        this.clearSession();
+      }
+    } catch (e) {
+      this.clearSession();
+    }
+  }
+
+  saveSession() {
+    const expiresAt = Date.now() + (15 * 60 * 1000);
+    try {
+      fs.writeFileSync(this.sessionFile, JSON.stringify({
+        csrfToken: this.csrfToken,
+        cookies: this.cookies,
+        expiresAt,
+        savedAt: Date.now()
+      }));
+    } catch (e) {
+      // Ignore write errors
+    }
+  }
+
+  clearSession() {
+    this.csrfToken = null;
+    this.cookies = null;
+    try {
+      if (fs.existsSync(this.sessionFile)) fs.unlinkSync(this.sessionFile);
+    } catch (e) {
+      // Ignore deletion errors
+    }
+  }
+
+  /**
+   * Fetch CSRF token via GET /sap/bc/adt/discovery with X-CSRF-Token: fetch
+   */
+  async fetchCsrfToken() {
+    return new Promise((resolve, reject) => {
+      const url = new URL('/sap/bc/adt/discovery', `https://${this.config.host}:${this.config.sapport}`);
+      const options = {
+        hostname: url.hostname,
+        port: url.port,
+        path: url.pathname,
+        method: 'GET',
+        headers: {
+          'Authorization': `Basic ${Buffer.from(`${this.config.user}:${this.config.password}`).toString('base64')}`,
+          'sap-client': this.config.client,
+          'sap-language': this.config.language || 'EN',
+          'X-CSRF-Token': 'fetch',
+          'Accept': 'application/atomsvc+xml'
+        },
+        agent: new https.Agent({ rejectUnauthorized: false })
+      };
+
+      const req = https.request(options, (res) => {
+        const csrfToken = res.headers['x-csrf-token'];
+        const setCookie = res.headers['set-cookie'];
+        if (setCookie) {
+          this.cookies = Array.isArray(setCookie)
+            ? setCookie.map(c => c.split(';')[0]).join('; ')
+            : setCookie.split(';')[0];
+        }
+
+        let body = '';
+        res.on('data', chunk => body += chunk);
+        res.on('end', () => {
+          this.csrfToken = csrfToken;
+          this.saveSession();
+          resolve(csrfToken);
+        });
+      });
+
+      req.on('error', reject);
+      req.end();
+    });
+  }
+
+  /**
+   * Make HTTP request to ADT endpoint with automatic retry on auth failure.
+   * Returns { body: string, headers: object, statusCode: number }.
+   */
+  async request(method, urlPath, body = null, options = {}) {
+    try {
+      return await this._makeRequest(method, urlPath, body, options);
+    } catch (error) {
+      if (this._isAuthError(error) && !options.isRetry) {
+        this.clearSession();
+        await this.fetchCsrfToken();
+        return await this._makeRequest(method, urlPath, body, { ...options, isRetry: true });
+      }
+      throw error;
+    }
+  }
+
+  _isAuthError(error) {
+    if (error.statusCode === 401) return true;
+    if (error.statusCode === 403) return true;
+    const msg = (error.message || '').toLowerCase();
+    return msg.includes('csrf') || msg.includes('unauthorized') || msg.includes('forbidden');
+  }
+
+  async _makeRequest(method, urlPath, body = null, options = {}) {
+    return new Promise((resolve, reject) => {
+      const url = new URL(urlPath, `https://${this.config.host}:${this.config.sapport}`);
+
+      const headers = {
+        'Content-Type': options.contentType || 'application/atom+xml',
+        'Accept': options.accept || 'application/vnd.sap.as+xml, application/atom+xml, application/xml',
+        'sap-client': this.config.client,
+        'sap-language': this.config.language || 'EN',
+        ...options.headers
+      };
+
+      headers['Authorization'] = `Basic ${Buffer.from(`${this.config.user}:${this.config.password}`).toString('base64')}`;
+
+      if (['POST', 'PUT', 'DELETE'].includes(method) && this.csrfToken) {
+        headers['X-CSRF-Token'] = this.csrfToken;
+      }
+
+      if (this.cookies) {
+        headers['Cookie'] = this.cookies;
+      }
+
+      const bodyStr = body || '';
+      headers['Content-Length'] = bodyStr ? Buffer.byteLength(bodyStr) : 0;
+
+      const reqOptions = {
+        hostname: url.hostname,
+        port: url.port,
+        path: url.pathname + url.search,
+        method,
+        headers,
+        agent: new https.Agent({ rejectUnauthorized: false })
+      };
+
+      const req = (url.protocol === 'https:' ? https : http).request(reqOptions, (res) => {
+        if (res.statusCode === 401) {
+          reject({ statusCode: 401, message: 'Authentication failed: 401' });
+          return;
+        }
+        if (res.statusCode === 403) {
+          const errMsg = 'Missing debug authorization. Grant S_ADT_RES (ACTVT=16) to user.';
+          reject({ statusCode: 403, message: errMsg });
+          return;
+        }
+        if (res.statusCode === 404) {
+          let respBody = '';
+          res.on('data', chunk => respBody += chunk);
+          res.on('end', () => {
+            reject({ statusCode: 404, message: `HTTP 404: ${reqOptions.path}`, body: respBody });
+          });
+          return;
+        }
+        if (res.statusCode >= 400) {
+          let respBody = '';
+          res.on('data', chunk => respBody += chunk);
+          res.on('end', () => {
+            reject({ statusCode: res.statusCode, message: `HTTP ${res.statusCode} error`, body: respBody });
+          });
+          return;
+        }
+
+        // Update cookies from any response that sets them
+        if (res.headers['set-cookie']) {
+          const newCookies = Array.isArray(res.headers['set-cookie'])
+            ? res.headers['set-cookie'].map(c => c.split(';')[0]).join('; ')
+            : res.headers['set-cookie'].split(';')[0];
+          this.cookies = this.cookies ? this.cookies + '; ' + newCookies : newCookies;
+        }
+
+        let respBody = '';
+        res.on('data', chunk => respBody += chunk);
+        res.on('end', () => {
+          resolve({ body: respBody, headers: res.headers, statusCode: res.statusCode });
+        });
+      });
+
+      req.on('error', reject);
+      if (bodyStr) req.write(bodyStr);
+      req.end();
+    });
+  }
+
+  async get(urlPath, options = {}) {
+    return this.request('GET', urlPath, null, options);
+  }
+
+  async post(urlPath, body = null, options = {}) {
+    return this.request('POST', urlPath, body, options);
+  }
+
+  /**
+   * Fire-and-forget POST: resolves when the request bytes have been flushed
+   * to the TCP send buffer — does NOT wait for a response.
+   *
+   * Used by detach() (stepContinue) where:
+   *   - ADT long-polls until the next breakpoint fires → response may never come
+   *   - We only need ADT to *receive* the request, not respond to it
+   *   - Using the existing stateful session (cookies/CSRF) is mandatory
+   *
+   * The socket is deliberately left open so the OS TCP stack can finish
+   * delivering the data to ADT after we return from this method.
+   *
+   * @param {string} urlPath - URL path
+   * @param {string} body    - Request body (may be empty string)
+   * @param {object} options - Same options as post() (contentType, headers, etc.)
+   * @returns {Promise<void>} Resolves when req.end() callback fires
+   */
+  async postFire(urlPath, body = null, options = {}) {
+    return new Promise((resolve, reject) => {
+      const url = new URL(urlPath, `https://${this.config.host}:${this.config.sapport}`);
+
+      const headers = {
+        'Content-Type': options.contentType || 'application/atom+xml',
+        'Accept': options.accept || 'application/vnd.sap.as+xml, application/atom+xml, application/xml',
+        'sap-client': this.config.client,
+        'sap-language': this.config.language || 'EN',
+        ...options.headers
+      };
+
+      headers['Authorization'] = `Basic ${Buffer.from(`${this.config.user}:${this.config.password}`).toString('base64')}`;
+
+      if (this.csrfToken) {
+        headers['X-CSRF-Token'] = this.csrfToken;
+      }
+
+      if (this.cookies) {
+        headers['Cookie'] = this.cookies;
+      }
+
+      const bodyStr = body || '';
+      headers['Content-Length'] = bodyStr ? Buffer.byteLength(bodyStr) : 0;
+
+      const reqOptions = {
+        hostname: url.hostname,
+        port: url.port,
+        path: url.pathname + url.search,
+        method: 'POST',
+        headers,
+        agent: new https.Agent({ rejectUnauthorized: false })
+      };
+
+      const req = (url.protocol === 'https:' ? https : http).request(reqOptions, (_res) => {
+        // Drain response body to prevent socket hang; we don't use the data.
+        _res.resume();
+      });
+
+      // Resolve as soon as the request is fully written and flushed.
+      req.on('error', resolve); // ignore errors — fire-and-forget
+      if (bodyStr) req.write(bodyStr);
+      req.end(() => resolve());
+    });
+  }
+
+  async put(urlPath, body = null, options = {}) {
+    return this.request('PUT', urlPath, body, options);
+  }
+
+  async delete(urlPath, options = {}) {
+    return this.request('DELETE', urlPath, null, options);
+  }
+
+  /**
+   * Extract an attribute value from a simple XML element using regex.
+   * e.g. extractXmlAttr(xml, 'adtcore:uri', null) for text content
+   *      extractXmlAttr(xml, 'entry', 'id') for attribute
+   * @param {string} xml - XML string
+   * @param {string} tag - Tag name (may include namespace prefix)
+   * @param {string|null} attr - Attribute name, or null for text content
+   * @returns {string|null} Extracted value or null
+   */
+  static extractXmlAttr(xml, tag, attr) {
+    if (attr) {
+      const re = new RegExp(`<${tag}[^>]*\\s${attr}="([^"]*)"`, 'i');
+      const m = xml.match(re);
+      return m ? m[1] : null;
+    }
+    const re = new RegExp(`<${tag}[^>]*>([^<]*)<\/${tag}>`, 'i');
+    const m = xml.match(re);
+    return m ? m[1].trim() : null;
+  }
+
+  /**
+   * Extract all occurrences of a tag's content or attribute from XML.
+   * @param {string} xml - XML string
+   * @param {string} tag - Tag name
+   * @param {string|null} attr - Attribute name, or null for text content
+   * @returns {string[]} Array of matched values
+   */
+  static extractXmlAll(xml, tag, attr) {
+    const results = [];
+    if (attr) {
+      const re = new RegExp(`<${tag}[^>]*\\s${attr}="([^"]*)"`, 'gi');
+      let m;
+      while ((m = re.exec(xml)) !== null) results.push(m[1]);
+    } else {
+      const re = new RegExp(`<${tag}[^>]*>([^<]*)<\/${tag}>`, 'gi');
+      let m;
+      while ((m = re.exec(xml)) !== null) results.push(m[1].trim());
+    }
+    return results;
+  }
+}
+
+module.exports = { AdtHttp };