abapgit-agent 1.9.0 → 1.10.0

package/src/utils/adt-http.js

@@ -0,0 +1,344 @@
+'use strict';
+
+/**
+ * ADT HTTP client for SAP ABAP Development Tools REST API
+ * Handles XML/AtomPub content, CSRF token, cookie session caching.
+ */
+const https = require('https');
+const http = require('http');
+const fs = require('fs');
+const path = require('path');
+const os = require('os');
+const crypto = require('crypto');
+
+/**
+ * ADT HTTP client with CSRF token, cookie, and session caching.
+ * Mirrors AbapHttp but targets /sap/bc/adt/* with XML content-type.
+ */
+class AdtHttp {
+  constructor(config) {
+    this.config = config;
+    this.csrfToken = null;
+    this.cookies = null;
+
+    const configHash = crypto.createHash('md5')
+      .update(`${config.host}:${config.user}:${config.client}`)
+      .digest('hex')
+      .substring(0, 8);
+
+    this.sessionFile = path.join(os.tmpdir(), `abapgit-adt-session-${configHash}.json`);
+    this.loadSession();
+  }
+
+  loadSession() {
+    if (!fs.existsSync(this.sessionFile)) return;
+    try {
+      const session = JSON.parse(fs.readFileSync(this.sessionFile, 'utf8'));
+      const safetyMargin = 2 * 60 * 1000;
+      if (session.expiresAt > Date.now() + safetyMargin) {
+        this.csrfToken = session.csrfToken;
+        this.cookies = session.cookies;
+      } else {
+        this.clearSession();
+      }
+    } catch (e) {
+      this.clearSession();
+    }
+  }
+
+  saveSession() {
+    const expiresAt = Date.now() + (15 * 60 * 1000);
+    try {
+      fs.writeFileSync(this.sessionFile, JSON.stringify({
+        csrfToken: this.csrfToken,
+        cookies: this.cookies,
+        expiresAt,
+        savedAt: Date.now()
+      }));
+    } catch (e) {
+      // Ignore write errors
+    }
+  }
+
+  clearSession() {
+    this.csrfToken = null;
+    this.cookies = null;
+    try {
+      if (fs.existsSync(this.sessionFile)) fs.unlinkSync(this.sessionFile);
+    } catch (e) {
+      // Ignore deletion errors
+    }
+  }
+
+  /**
+   * Fetch CSRF token via GET /sap/bc/adt/discovery with X-CSRF-Token: fetch
+   */
+  async fetchCsrfToken() {
+    return new Promise((resolve, reject) => {
+      const url = new URL('/sap/bc/adt/discovery', `https://${this.config.host}:${this.config.sapport}`);
+      const options = {
+        hostname: url.hostname,
+        port: url.port,
+        path: url.pathname,
+        method: 'GET',
+        headers: {
+          'Authorization': `Basic ${Buffer.from(`${this.config.user}:${this.config.password}`).toString('base64')}`,
+          'sap-client': this.config.client,
+          'sap-language': this.config.language || 'EN',
+          'X-CSRF-Token': 'fetch',
+          'Accept': 'application/atomsvc+xml'
+        },
+        agent: new https.Agent({ rejectUnauthorized: false })
+      };
+
+      const req = https.request(options, (res) => {
+        const csrfToken = res.headers['x-csrf-token'];
+        const setCookie = res.headers['set-cookie'];
+        if (setCookie) {
+          this.cookies = Array.isArray(setCookie)
+            ? setCookie.map(c => c.split(';')[0]).join('; ')
+            : setCookie.split(';')[0];
+        }
+
+        let body = '';
+        res.on('data', chunk => body += chunk);
+        res.on('end', () => {
+          this.csrfToken = csrfToken;
+          this.saveSession();
+          resolve(csrfToken);
+        });
+      });
+
+      req.on('error', reject);
+      req.end();
+    });
+  }
+
+  /**
+   * Make HTTP request to ADT endpoint with automatic retry on auth failure.
+   * Returns { body: string, headers: object, statusCode: number }.
+   */
+  async request(method, urlPath, body = null, options = {}) {
+    try {
+      return await this._makeRequest(method, urlPath, body, options);
+    } catch (error) {
+      if (this._isAuthError(error) && !options.isRetry) {
+        this.clearSession();
+        await this.fetchCsrfToken();
+        return await this._makeRequest(method, urlPath, body, { ...options, isRetry: true });
+      }
+      throw error;
+    }
+  }
+
+  _isAuthError(error) {
+    if (error.statusCode === 401) return true;
+    if (error.statusCode === 403) return true;
+    const msg = (error.message || '').toLowerCase();
+    return msg.includes('csrf') || msg.includes('unauthorized') || msg.includes('forbidden');
+  }
+
+  async _makeRequest(method, urlPath, body = null, options = {}) {
+    return new Promise((resolve, reject) => {
+      const url = new URL(urlPath, `https://${this.config.host}:${this.config.sapport}`);
+
+      const headers = {
+        'Content-Type': options.contentType || 'application/atom+xml',
+        'Accept': options.accept || 'application/vnd.sap.as+xml, application/atom+xml, application/xml',
+        'sap-client': this.config.client,
+        'sap-language': this.config.language || 'EN',
+        ...options.headers
+      };
+
+      headers['Authorization'] = `Basic ${Buffer.from(`${this.config.user}:${this.config.password}`).toString('base64')}`;
+
+      if (['POST', 'PUT', 'DELETE'].includes(method) && this.csrfToken) {
+        headers['X-CSRF-Token'] = this.csrfToken;
+      }
+
+      if (this.cookies) {
+        headers['Cookie'] = this.cookies;
+      }
+
+      const bodyStr = body || '';
+      headers['Content-Length'] = bodyStr ? Buffer.byteLength(bodyStr) : 0;
+
+      const reqOptions = {
+        hostname: url.hostname,
+        port: url.port,
+        path: url.pathname + url.search,
+        method,
+        headers,
+        agent: new https.Agent({ rejectUnauthorized: false })
+      };
+
+      const req = (url.protocol === 'https:' ? https : http).request(reqOptions, (res) => {
+        if (res.statusCode === 401) {
+          reject({ statusCode: 401, message: 'Authentication failed: 401' });
+          return;
+        }
+        if (res.statusCode === 403) {
+          const errMsg = 'Missing debug authorization. Grant S_ADT_RES (ACTVT=16) to user.';
+          reject({ statusCode: 403, message: errMsg });
+          return;
+        }
+        if (res.statusCode === 404) {
+          let respBody = '';
+          res.on('data', chunk => respBody += chunk);
+          res.on('end', () => {
+            reject({ statusCode: 404, message: `HTTP 404: ${reqOptions.path}`, body: respBody });
+          });
+          return;
+        }
+        if (res.statusCode >= 400) {
+          let respBody = '';
+          res.on('data', chunk => respBody += chunk);
+          res.on('end', () => {
+            reject({ statusCode: res.statusCode, message: `HTTP ${res.statusCode} error`, body: respBody });
+          });
+          return;
+        }
+
+        // Update cookies from any response that sets them
+        if (res.headers['set-cookie']) {
+          const newCookies = Array.isArray(res.headers['set-cookie'])
+            ? res.headers['set-cookie'].map(c => c.split(';')[0]).join('; ')
+            : res.headers['set-cookie'].split(';')[0];
+          this.cookies = this.cookies ? this.cookies + '; ' + newCookies : newCookies;
+        }
+
+        let respBody = '';
+        res.on('data', chunk => respBody += chunk);
+        res.on('end', () => {
+          resolve({ body: respBody, headers: res.headers, statusCode: res.statusCode });
+        });
+      });
+
+      req.on('error', reject);
+      if (bodyStr) req.write(bodyStr);
+      req.end();
+    });
+  }
+
+  async get(urlPath, options = {}) {
+    return this.request('GET', urlPath, null, options);
+  }
+
+  async post(urlPath, body = null, options = {}) {
+    return this.request('POST', urlPath, body, options);
+  }
+
+  /**
+   * Fire-and-forget POST: resolves when the request bytes have been flushed
+   * to the TCP send buffer — does NOT wait for a response.
+   *
+   * Used by detach() (stepContinue) where:
+   *   - ADT long-polls until the next breakpoint fires → response may never come
+   *   - We only need ADT to *receive* the request, not respond to it
+   *   - Using the existing stateful session (cookies/CSRF) is mandatory
+   *
+   * The socket is deliberately left open so the OS TCP stack can finish
+   * delivering the data to ADT after we return from this method.
+   *
+   * @param {string} urlPath - URL path
+   * @param {string} body    - Request body (may be empty string)
+   * @param {object} options - Same options as post() (contentType, headers, etc.)
+   * @returns {Promise<void>} Resolves when req.end() callback fires
+   */
+  async postFire(urlPath, body = null, options = {}) {
+    return new Promise((resolve, reject) => {
+      const url = new URL(urlPath, `https://${this.config.host}:${this.config.sapport}`);
+
+      const headers = {
+        'Content-Type': options.contentType || 'application/atom+xml',
+        'Accept': options.accept || 'application/vnd.sap.as+xml, application/atom+xml, application/xml',
+        'sap-client': this.config.client,
+        'sap-language': this.config.language || 'EN',
+        ...options.headers
+      };
+
+      headers['Authorization'] = `Basic ${Buffer.from(`${this.config.user}:${this.config.password}`).toString('base64')}`;
+
+      if (this.csrfToken) {
+        headers['X-CSRF-Token'] = this.csrfToken;
+      }
+
+      if (this.cookies) {
+        headers['Cookie'] = this.cookies;
+      }
+
+      const bodyStr = body || '';
+      headers['Content-Length'] = bodyStr ? Buffer.byteLength(bodyStr) : 0;
+
+      const reqOptions = {
+        hostname: url.hostname,
+        port: url.port,
+        path: url.pathname + url.search,
+        method: 'POST',
+        headers,
+        agent: new https.Agent({ rejectUnauthorized: false })
+      };
+
+      const req = (url.protocol === 'https:' ? https : http).request(reqOptions, (_res) => {
+        // Drain response body to prevent socket hang; we don't use the data.
+        _res.resume();
+      });
+
+      // Resolve as soon as the request is fully written and flushed.
+      req.on('error', resolve); // ignore errors — fire-and-forget
+      if (bodyStr) req.write(bodyStr);
+      req.end(() => resolve());
+    });
+  }
+
+  async put(urlPath, body = null, options = {}) {
+    return this.request('PUT', urlPath, body, options);
+  }
+
+  async delete(urlPath, options = {}) {
+    return this.request('DELETE', urlPath, null, options);
+  }
+
+  /**
+   * Extract an attribute value from a simple XML element using regex.
+   * e.g. extractXmlAttr(xml, 'adtcore:uri', null) for text content
+   *      extractXmlAttr(xml, 'entry', 'id') for attribute
+   * @param {string} xml - XML string
+   * @param {string} tag - Tag name (may include namespace prefix)
+   * @param {string|null} attr - Attribute name, or null for text content
+   * @returns {string|null} Extracted value or null
+   */
+  static extractXmlAttr(xml, tag, attr) {
+    if (attr) {
+      const re = new RegExp(`<${tag}[^>]*\\s${attr}="([^"]*)"`, 'i');
+      const m = xml.match(re);
+      return m ? m[1] : null;
+    }
+    const re = new RegExp(`<${tag}[^>]*>([^<]*)<\/${tag}>`, 'i');
+    const m = xml.match(re);
+    return m ? m[1].trim() : null;
+  }
+
+  /**
+   * Extract all occurrences of a tag's content or attribute from XML.
+   * @param {string} xml - XML string
+   * @param {string} tag - Tag name
+   * @param {string|null} attr - Attribute name, or null for text content
+   * @returns {string[]} Array of matched values
+   */
+  static extractXmlAll(xml, tag, attr) {
+    const results = [];
+    if (attr) {
+      const re = new RegExp(`<${tag}[^>]*\\s${attr}="([^"]*)"`, 'gi');
+      let m;
+      while ((m = re.exec(xml)) !== null) results.push(m[1]);
+    } else {
+      const re = new RegExp(`<${tag}[^>]*>([^<]*)<\/${tag}>`, 'gi');
+      let m;
+      while ((m = re.exec(xml)) !== null) results.push(m[1].trim());
+    }
+    return results;
+  }
+}
+
+module.exports = { AdtHttp };

package/src/utils/debug-daemon.js

@@ -0,0 +1,207 @@
+'use strict';
+
+/**
+ * debug-daemon.js — Long-lived daemon that holds the stateful ADT HTTP connection.
+ *
+ * Why this exists:
+ *   SAP ADT debug sessions are pinned to a specific ABAP work process via the
+ *   SAP_SESSIONID cookie. The cookie is maintained in-memory by AdtHttp. When a
+ *   CLI process exits (e.g. `debug attach --json`) the in-memory session is lost
+ *   and the ABAP work process is released from the debugger. Subsequent CLI
+ *   invocations (`debug step`) get a different HTTP connection → `noSessionAttached`.
+ *
+ *   The daemon keeps one Node.js process alive after attach, holding the open
+ *   HTTP session. Individual CLI commands connect via Unix domain socket, send a
+ *   JSON command, read a JSON response, and exit.
+ *
+ * Lifecycle:
+ *   1. Spawned by `debug attach --json` with detached:true + stdio:ignore + unref()
+ *   2. Reads config/session from env vars (JSON-encoded)
+ *   3. Creates Unix socket at DEBUG_DAEMON_SOCK_PATH
+ *   4. Handles JSON-line commands until `terminate` or 30-min idle timeout
+ *   5. Deletes socket file and exits
+ *
+ * IPC Protocol — newline-delimited JSON over Unix socket:
+ *
+ *   Commands:
+ *     { "cmd": "ping" }
+ *     { "cmd": "step",      "type": "stepOver|stepInto|stepReturn|stepContinue" }
+ *     { "cmd": "vars",      "name": null }
+ *     { "cmd": "stack" }
+ *     { "cmd": "terminate" }
+ *
+ *   Responses (one JSON line per command):
+ *     { "ok": true,  "pong": true }
+ *     { "ok": true,  "position": {...}, "source": [...] }
+ *     { "ok": true,  "variables": [...] }
+ *     { "ok": true,  "frames": [...] }
+ *     { "ok": true,  "terminated": true }
+ *     { "ok": false, "error": "message", "statusCode": 400 }
+ */
+
+const net = require('net');
+const fs  = require('fs');
+const { AdtHttp }      = require('./adt-http');
+const { DebugSession } = require('./debug-session');
+
+const DAEMON_IDLE_TIMEOUT_MS = 30 * 60 * 1000; // 30 minutes
+
+// ─── Public API ───────────────────────────────────────────────────────────────
+
+/**
+ * Start the daemon server.
+ *
+ * @param {object} config           - ABAP connection config
+ * @param {string} sessionId        - debugSessionId returned by attach
+ * @param {string} socketPath       - Unix socket path to listen on
+ * @param {object|null} snapshot    - { csrfToken, cookies } captured from attach process
+ */
+async function startDaemon(config, sessionId, socketPath, snapshot) {
+  const adt = new AdtHttp(config);
+
+  // Restore the exact SAP_SESSIONID cookie + CSRF token from the attach process.
+  // This guarantees the first IPC command reuses the same ABAP work process
+  // without another round-trip for a new token.
+  if (snapshot && snapshot.csrfToken) adt.csrfToken = snapshot.csrfToken;
+  if (snapshot && snapshot.cookies)   adt.cookies   = snapshot.cookies;
+
+  const session = new DebugSession(adt, sessionId);
+
+  // Remove stale socket file from a previous crash
+  try { fs.unlinkSync(socketPath); } catch (e) { /* ignore ENOENT */ }
+
+  let idleTimer = null;
+
+  function resetIdle() {
+    if (idleTimer) clearTimeout(idleTimer);
+    idleTimer = setTimeout(cleanupAndExit, DAEMON_IDLE_TIMEOUT_MS);
+    // unref so idle timer alone doesn't keep the process alive — if the
+    // server stops listening for another reason the process can exit naturally
+    if (idleTimer.unref) idleTimer.unref();
+  }
+
+  function cleanupAndExit(code) {
+    try { fs.unlinkSync(socketPath); } catch (e) { /* ignore */ }
+    process.exit(code || 0);
+  }
+
+  const server = net.createServer((socket) => {
+    resetIdle();
+    let buf = '';
+
+    socket.on('data', (chunk) => {
+      buf += chunk.toString();
+      let idx;
+      while ((idx = buf.indexOf('\n')) !== -1) {
+        const line = buf.slice(0, idx).trim();
+        buf = buf.slice(idx + 1);
+        if (line) {
+          _handleLine(socket, line, session, cleanupAndExit, resetIdle);
+        }
+      }
+    });
+
+    socket.on('error', () => { /* client disconnected abruptly — ignore */ });
+  });
+
+  server.listen(socketPath, () => {
+    resetIdle();
+  });
+
+  server.on('error', (err) => {
+    process.stderr.write(`[debug-daemon] server error: ${err.message}\n`);
+    cleanupAndExit(1);
+  });
+}
+
+/**
+ * Handle one parsed JSON command line.
+ * Exported so unit tests can call it directly without spawning a real server.
+ */
+async function _handleLine(socket, line, session, cleanupAndExit, resetIdle) {
+  let req;
+  try {
+    req = JSON.parse(line);
+  } catch (e) {
+    _send(socket, { ok: false, error: `Invalid JSON: ${e.message}` });
+    return;
+  }
+
+  resetIdle();
+
+  try {
+    switch (req.cmd) {
+      case 'ping': {
+        _send(socket, { ok: true, pong: true });
+        break;
+      }
+      case 'step': {
+        const result = await session.step(req.type || 'stepOver');
+        _send(socket, { ok: true, position: result.position, source: result.source });
+        break;
+      }
+      case 'vars': {
+        const variables = await session.getVariables(req.name || null);
+        _send(socket, { ok: true, variables });
+        break;
+      }
+      case 'expand': {
+        const children = await session.getVariableChildren(req.id, req.meta || {});
+        _send(socket, { ok: true, variables: children });
+        break;
+      }
+      case 'stack': {
+        const frames = await session.getStack();
+        _send(socket, { ok: true, frames });
+        break;
+      }
+      case 'terminate': {
+        await session.terminate();
+        _send(socket, { ok: true, terminated: true });
+        // Flush response before exiting — wait for client to close the socket
+        socket.end(() => cleanupAndExit(0));
+        break;
+      }
+      default: {
+        _send(socket, { ok: false, error: `Unknown command: ${req.cmd}` });
+      }
+    }
+  } catch (err) {
+    _send(socket, {
+      ok: false,
+      error: err.message || JSON.stringify(err),
+      statusCode: err.statusCode
+    });
+  }
+}
+
+function _send(socket, obj) {
+  try {
+    socket.write(JSON.stringify(obj) + '\n');
+  } catch (e) {
+    // Client disconnected — ignore
+  }
+}
+
+// ─── Entry point when run as standalone daemon process ────────────────────────
+
+if (require.main === module || process.env.DEBUG_DAEMON_MODE === '1') {
+  const config     = JSON.parse(process.env.DEBUG_DAEMON_CONFIG            || '{}');
+  const sessionId  = process.env.DEBUG_DAEMON_SESSION_ID                   || '';
+  const socketPath = process.env.DEBUG_DAEMON_SOCK_PATH                    || '';
+  const snapshot   = process.env.DEBUG_DAEMON_SESSION_SNAPSHOT
+    ? JSON.parse(process.env.DEBUG_DAEMON_SESSION_SNAPSHOT)
+    : null;
+
+  if (!config.host || !sessionId || !socketPath) {
+    process.stderr.write('[debug-daemon] missing required env vars\n');
+    process.exit(1);
+  }
+
+  startDaemon(config, sessionId, socketPath, snapshot).catch((err) => {
+    process.stderr.write(`[debug-daemon] startup error: ${err.message}\n`);
+    process.exit(1);
+  });
+}
+
+module.exports = { startDaemon, _handleLine };

package/src/utils/debug-render.js

@@ -0,0 +1,69 @@
+'use strict';
+
+/**
+ * Shared display helpers for the debug command and REPL.
+ */
+
+/**
+ * Format and print a variable list with dynamic column widths.
+ *
+ * Name display:
+ *   {DATAAGING_TEMPERATURE_DEFAULT} → DATAAGING_TEMPERATURE_DEFAULT  (strip braces)
+ *
+ * Value display:
+ *   {O:N*\CLASS=FOO}           → (FOO)         object reference
+ *   {O:INITIAL}                → (null)         null object reference
+ *   {A:N*\CLASS=FOO\TYPE=BAR}  → (ref: FOO)     data reference
+ *   table                      → [N rows] — use 'x NAME' to expand
+ *   long string                → truncated to 100 chars with …
+ *
+ * @param {Array} variables - [{ name, type, value, metaType, tableLines }]
+ */
+function printVarList(variables) {
+  if (variables.length === 0) {
+    console.log('\n  No variables at current position.');
+    return;
+  }
+
+  // Build display rows first so we can measure column widths.
+  const rows = variables.map(({ name, type, value, metaType, tableLines }) => {
+    const dispName = (name.startsWith('{') && name.endsWith('}')
+      ? name.slice(1, -1)
+      : name).toLowerCase();
+    const dispType = (type || '').toLowerCase();
+
+    let dispValue;
+    if (metaType === 'table') {
+      dispValue = `[${tableLines} rows] — use 'x ${dispName}' to expand`;
+    } else if (typeof value === 'string' && value.startsWith('{O:INITIAL}')) {
+      dispValue = '(null)';
+    } else if (typeof value === 'string' && value.startsWith('{O:')) {
+      const classMatch = value.match(/\\CLASS=([A-Z0-9_]+)/i);
+      dispValue = classMatch ? `(${classMatch[1].toLowerCase()})` : value;
+    } else if (typeof value === 'string' && value.startsWith('{A:')) {
+      const classMatch = value.match(/\\CLASS=([A-Z0-9_]+)/i);
+      dispValue = classMatch ? `(ref: ${classMatch[1].toLowerCase()})` : '(ref)';
+    } else {
+      const str = String(value || '');
+      dispValue = str.length > 100 ? str.slice(0, 100) + '…' : str;
+    }
+
+    return { dispName, dispType, dispValue };
+  });
+
+  const nameW = Math.min(40, Math.max(4, ...rows.map(r => r.dispName.length)));
+  const typeW = Math.min(30, Math.max(4, ...rows.map(r => r.dispType.length)));
+
+  console.log('\n  Variables:\n');
+  console.log('  ' + 'Name'.padEnd(nameW + 2) + 'Type'.padEnd(typeW + 2) + 'Value');
+  console.log('  ' + '-'.repeat(nameW + typeW + 20));
+  rows.forEach(({ dispName, dispType, dispValue }) => {
+    const nameCol = dispName.length > nameW
+      ? dispName.slice(0, nameW - 1) + '…'
+      : dispName.padEnd(nameW + 2);
+    console.log('  ' + nameCol + dispType.padEnd(typeW + 2) + dispValue);
+  });
+  console.log('');
+}
+
+module.exports = { printVarList };