abapgit-agent 1.9.0 → 1.10.1

package/src/commands/pull.js

@@ -29,12 +29,14 @@ module.exports = {
     const branchArgIndex = args.indexOf('--branch');
     const filesArgIndex = args.indexOf('--files');
     const transportArgIndex = args.indexOf('--transport');
+    const conflictModeArgIndex = args.indexOf('--conflict-mode');
     const jsonOutput = args.includes('--json');
 
     // Auto-detect git remote URL if not provided
     let gitUrl = urlArgIndex !== -1 ? args[urlArgIndex + 1] : null;
     let branch = branchArgIndex !== -1 ? args[branchArgIndex + 1] : gitUtils.getBranch();
     let files = null;
+    let conflictMode = conflictModeArgIndex !== -1 ? args[conflictModeArgIndex + 1] : 'abort';
 
     // Transport: CLI arg takes priority, then config/environment, then null
     let transportRequest = null;
@@ -74,10 +76,10 @@ module.exports = {
       }
     }
 
-    await this.pull(gitUrl, branch, files, transportRequest, loadConfig, AbapHttp, jsonOutput);
+    await this.pull(gitUrl, branch, files, transportRequest, loadConfig, AbapHttp, jsonOutput, undefined, conflictMode);
   },
 
-  async pull(gitUrl, branch = 'main', files = null, transportRequest = null, loadConfig, AbapHttp, jsonOutput = false, gitCredentials = undefined) {
+  async pull(gitUrl, branch = 'main', files = null, transportRequest = null, loadConfig, AbapHttp, jsonOutput = false, gitCredentials = undefined, conflictMode = 'abort') {
     const TERM_WIDTH = process.stdout.columns || 80;
 
     if (!jsonOutput) {
@@ -107,6 +109,7 @@ module.exports = {
       const data = {
         url: gitUrl,
         branch: branch,
+        conflict_mode: conflictMode,
         ...(resolvedCredentials ? { username: resolvedCredentials.username, password: resolvedCredentials.password } : {})
       };
 
@@ -140,12 +143,23 @@ module.exports = {
       const jobId = result.JOB_ID || result.job_id;
       const message = result.MESSAGE || result.message;
       const errorDetail = result.ERROR_DETAIL || result.error_detail;
-      const transportRequestUsed = result.TRANSPORT_REQUEST || result.transport_request;
       const activatedCount = result.ACTIVATED_COUNT || result.activated_count || 0;
       const failedCount = result.FAILED_COUNT || result.failed_count || 0;
       const logMessages = result.LOG_MESSAGES || result.log_messages || [];
       const activatedObjects = result.ACTIVATED_OBJECTS || result.activated_objects || [];
       const failedObjects = result.FAILED_OBJECTS || result.failed_objects || [];
+      const conflictReport = result.CONFLICT_REPORT || result.conflict_report || '';
+      const conflictCount = result.CONFLICT_COUNT || result.conflict_count || 0;
+
+      // --- Conflict report (pull was aborted) ---
+      if (conflictCount > 0 && conflictReport) {
+        console.error(`⚠️  Pull aborted — ${conflictCount} conflict(s) detected\n`);
+        console.error('─'.repeat(TERM_WIDTH));
+        console.error(conflictReport.replace(/\\n/g, '\n'));
+        const err = new Error(message || `Pull aborted — ${conflictCount} conflict(s) detected`);
+        err._isPullError = true;
+        throw err;
+      }
 
       // Icon mapping for message types
       const getIcon = (type) => {

package/src/utils/adt-http.js

@@ -0,0 +1,369 @@
+'use strict';
+
+/**
+ * ADT HTTP client for SAP ABAP Development Tools REST API
+ * Handles XML/AtomPub content, CSRF token, cookie session caching.
+ */
+const https = require('https');
+const http = require('http');
+const fs = require('fs');
+const path = require('path');
+const os = require('os');
+const crypto = require('crypto');
+
+/**
+ * ADT HTTP client with CSRF token, cookie, and session caching.
+ * Mirrors AbapHttp but targets /sap/bc/adt/* with XML content-type.
+ */
+class AdtHttp {
+  constructor(config) {
+    this.config = config;
+    this.csrfToken = null;
+    this.cookies = null;
+
+    const configHash = crypto.createHash('md5')
+      .update(`${config.host}:${config.user}:${config.client}`)
+      .digest('hex')
+      .substring(0, 8);
+
+    this.sessionFile = path.join(os.tmpdir(), `abapgit-adt-session-${configHash}.json`);
+    this.loadSession();
+  }
+
+  loadSession() {
+    if (!fs.existsSync(this.sessionFile)) return;
+    try {
+      const session = JSON.parse(fs.readFileSync(this.sessionFile, 'utf8'));
+      const safetyMargin = 2 * 60 * 1000;
+      if (session.expiresAt > Date.now() + safetyMargin) {
+        this.csrfToken = session.csrfToken;
+        this.cookies = session.cookies;
+      } else {
+        this.clearSession();
+      }
+    } catch (e) {
+      this.clearSession();
+    }
+  }
+
+  saveSession() {
+    const expiresAt = Date.now() + (15 * 60 * 1000);
+    try {
+      fs.writeFileSync(this.sessionFile, JSON.stringify({
+        csrfToken: this.csrfToken,
+        cookies: this.cookies,
+        expiresAt,
+        savedAt: Date.now()
+      }));
+    } catch (e) {
+      // Ignore write errors
+    }
+  }
+
+  clearSession() {
+    this.csrfToken = null;
+    this.cookies = null;
+    try {
+      if (fs.existsSync(this.sessionFile)) fs.unlinkSync(this.sessionFile);
+    } catch (e) {
+      // Ignore deletion errors
+    }
+  }
+
+  /**
+   * Fetch CSRF token via GET /sap/bc/adt/discovery with X-CSRF-Token: fetch
+   */
+  async fetchCsrfToken() {
+    return new Promise((resolve, reject) => {
+      const url = new URL('/sap/bc/adt/discovery', `https://${this.config.host}:${this.config.sapport}`);
+      const options = {
+        hostname: url.hostname,
+        port: url.port,
+        path: url.pathname,
+        method: 'GET',
+        headers: {
+          'Authorization': `Basic ${Buffer.from(`${this.config.user}:${this.config.password}`).toString('base64')}`,
+          'sap-client': this.config.client,
+          'sap-language': this.config.language || 'EN',
+          'X-CSRF-Token': 'fetch',
+          'Accept': 'application/atomsvc+xml'
+        },
+        agent: new https.Agent({ rejectUnauthorized: false })
+      };
+
+      const req = https.request(options, (res) => {
+        const csrfToken = res.headers['x-csrf-token'];
+        const setCookie = res.headers['set-cookie'];
+        if (setCookie) {
+          this.cookies = Array.isArray(setCookie)
+            ? setCookie.map(c => c.split(';')[0]).join('; ')
+            : setCookie.split(';')[0];
+        }
+
+        let body = '';
+        res.on('data', chunk => body += chunk);
+        res.on('end', () => {
+          this.csrfToken = csrfToken;
+          this.saveSession();
+          resolve(csrfToken);
+        });
+      });
+
+      req.on('error', reject);
+      req.end();
+    });
+  }
+
+  /**
+   * Make HTTP request to ADT endpoint with automatic retry on auth failure.
+   * Returns { body: string, headers: object, statusCode: number }.
+   */
+  async request(method, urlPath, body = null, options = {}) {
+    try {
+      return await this._makeRequest(method, urlPath, body, options);
+    } catch (error) {
+      if (this._isAuthError(error) && !options.isRetry) {
+        this.clearSession();
+        await this.fetchCsrfToken();
+        return await this._makeRequest(method, urlPath, body, { ...options, isRetry: true });
+      }
+      throw error;
+    }
+  }
+
+  _isAuthError(error) {
+    if (error.statusCode === 401) return true;
+    if (error.statusCode === 403) return true;
+    const msg = (error.message || '').toLowerCase();
+    return msg.includes('csrf') || msg.includes('unauthorized') || msg.includes('forbidden');
+  }
+
+  async _makeRequest(method, urlPath, body = null, options = {}) {
+    return new Promise((resolve, reject) => {
+      const url = new URL(urlPath, `https://${this.config.host}:${this.config.sapport}`);
+
+      const headers = {
+        'Content-Type': options.contentType || 'application/atom+xml',
+        'Accept': options.accept || 'application/vnd.sap.as+xml, application/atom+xml, application/xml',
+        'sap-client': this.config.client,
+        'sap-language': this.config.language || 'EN',
+        ...options.headers
+      };
+
+      headers['Authorization'] = `Basic ${Buffer.from(`${this.config.user}:${this.config.password}`).toString('base64')}`;
+
+      if (['POST', 'PUT', 'DELETE'].includes(method) && this.csrfToken) {
+        headers['X-CSRF-Token'] = this.csrfToken;
+      }
+
+      if (this.cookies) {
+        headers['Cookie'] = this.cookies;
+      }
+
+      const bodyStr = body || '';
+      headers['Content-Length'] = bodyStr ? Buffer.byteLength(bodyStr) : 0;
+
+      const reqOptions = {
+        hostname: url.hostname,
+        port: url.port,
+        path: url.pathname + url.search,
+        method,
+        headers,
+        agent: new https.Agent({ rejectUnauthorized: false })
+      };
+
+      const req = (url.protocol === 'https:' ? https : http).request(reqOptions, (res) => {
+        if (res.statusCode === 401) {
+          reject({ statusCode: 401, message: 'Authentication failed: 401' });
+          return;
+        }
+        if (res.statusCode === 403) {
+          const errMsg = 'Missing debug authorization. Grant S_ADT_RES (ACTVT=16) to user.';
+          reject({ statusCode: 403, message: errMsg });
+          return;
+        }
+        if (res.statusCode === 404) {
+          let respBody = '';
+          res.on('data', chunk => respBody += chunk);
+          res.on('end', () => {
+            reject({ statusCode: 404, message: `HTTP 404: ${reqOptions.path}`, body: respBody });
+          });
+          return;
+        }
+        if (res.statusCode >= 400) {
+          let respBody = '';
+          res.on('data', chunk => respBody += chunk);
+          res.on('end', () => {
+            reject({ statusCode: res.statusCode, message: `HTTP ${res.statusCode} error`, body: respBody });
+          });
+          return;
+        }
+
+        // Update cookies from any response that sets them.
+        // Merge by name so that updated values (e.g. SAP_SESSIONID) replace
+        // their old counterparts rather than accumulating duplicates.
+        // Duplicate SAP_SESSIONID cookies would cause the ICM to route requests
+        // to a stale work process ("Service cannot be reached").
+        if (res.headers['set-cookie']) {
+          const incoming = Array.isArray(res.headers['set-cookie'])
+            ? res.headers['set-cookie'].map(c => c.split(';')[0])
+            : [res.headers['set-cookie'].split(';')[0]];
+          // Parse existing cookies into a Map (preserves insertion order)
+          const jar = new Map();
+          if (this.cookies) {
+            this.cookies.split(';').forEach(pair => {
+              const trimmed = pair.trim();
+              if (trimmed) {
+                const eq = trimmed.indexOf('=');
+                const k = eq === -1 ? trimmed : trimmed.slice(0, eq);
+                jar.set(k.trim(), trimmed);
+              }
+            });
+          }
+          // Overwrite with incoming cookies
+          incoming.forEach(pair => {
+            const trimmed = pair.trim();
+            if (trimmed) {
+              const eq = trimmed.indexOf('=');
+              const k = eq === -1 ? trimmed : trimmed.slice(0, eq);
+              jar.set(k.trim(), trimmed);
+            }
+          });
+          this.cookies = [...jar.values()].join('; ');
+        }
+
+        let respBody = '';
+        res.on('data', chunk => respBody += chunk);
+        res.on('end', () => {
+          resolve({ body: respBody, headers: res.headers, statusCode: res.statusCode });
+        });
+      });
+
+      req.on('error', reject);
+      if (bodyStr) req.write(bodyStr);
+      req.end();
+    });
+  }
+
+  async get(urlPath, options = {}) {
+    return this.request('GET', urlPath, null, options);
+  }
+
+  async post(urlPath, body = null, options = {}) {
+    return this.request('POST', urlPath, body, options);
+  }
+
+  /**
+   * Fire-and-forget POST: resolves when the request bytes have been flushed
+   * to the TCP send buffer — does NOT wait for a response.
+   *
+   * Used by detach() (stepContinue) where:
+   *   - ADT long-polls until the next breakpoint fires → response may never come
+   *   - We only need ADT to *receive* the request, not respond to it
+   *   - Using the existing stateful session (cookies/CSRF) is mandatory
+   *
+   * The socket is deliberately left open so the OS TCP stack can finish
+   * delivering the data to ADT after we return from this method.
+   *
+   * @param {string} urlPath - URL path
+   * @param {string} body    - Request body (may be empty string)
+   * @param {object} options - Same options as post() (contentType, headers, etc.)
+   * @returns {Promise<void>} Resolves when req.end() callback fires
+   */
+  async postFire(urlPath, body = null, options = {}) {
+    return new Promise((resolve, reject) => {
+      const url = new URL(urlPath, `https://${this.config.host}:${this.config.sapport}`);
+
+      const headers = {
+        'Content-Type': options.contentType || 'application/atom+xml',
+        'Accept': options.accept || 'application/vnd.sap.as+xml, application/atom+xml, application/xml',
+        'sap-client': this.config.client,
+        'sap-language': this.config.language || 'EN',
+        ...options.headers
+      };
+
+      headers['Authorization'] = `Basic ${Buffer.from(`${this.config.user}:${this.config.password}`).toString('base64')}`;
+
+      if (this.csrfToken) {
+        headers['X-CSRF-Token'] = this.csrfToken;
+      }
+
+      if (this.cookies) {
+        headers['Cookie'] = this.cookies;
+      }
+
+      const bodyStr = body || '';
+      headers['Content-Length'] = bodyStr ? Buffer.byteLength(bodyStr) : 0;
+
+      const reqOptions = {
+        hostname: url.hostname,
+        port: url.port,
+        path: url.pathname + url.search,
+        method: 'POST',
+        headers,
+        agent: new https.Agent({ rejectUnauthorized: false })
+      };
+
+      const req = (url.protocol === 'https:' ? https : http).request(reqOptions, (_res) => {
+        // Drain response body to prevent socket hang; we don't use the data.
+        _res.resume();
+      });
+
+      // Resolve as soon as the request is fully written and flushed.
+      req.on('error', resolve); // ignore errors — fire-and-forget
+      if (bodyStr) req.write(bodyStr);
+      req.end(() => resolve());
+    });
+  }
+
+  async put(urlPath, body = null, options = {}) {
+    return this.request('PUT', urlPath, body, options);
+  }
+
+  async delete(urlPath, options = {}) {
+    return this.request('DELETE', urlPath, null, options);
+  }
+
+  /**
+   * Extract an attribute value from a simple XML element using regex.
+   * e.g. extractXmlAttr(xml, 'adtcore:uri', null) for text content
+   *      extractXmlAttr(xml, 'entry', 'id') for attribute
+   * @param {string} xml - XML string
+   * @param {string} tag - Tag name (may include namespace prefix)
+   * @param {string|null} attr - Attribute name, or null for text content
+   * @returns {string|null} Extracted value or null
+   */
+  static extractXmlAttr(xml, tag, attr) {
+    if (attr) {
+      const re = new RegExp(`<${tag}[^>]*\\s${attr}="([^"]*)"`, 'i');
+      const m = xml.match(re);
+      return m ? m[1] : null;
+    }
+    const re = new RegExp(`<${tag}[^>]*>([^<]*)<\/${tag}>`, 'i');
+    const m = xml.match(re);
+    return m ? m[1].trim() : null;
+  }
+
+  /**
+   * Extract all occurrences of a tag's content or attribute from XML.
+   * @param {string} xml - XML string
+   * @param {string} tag - Tag name
+   * @param {string|null} attr - Attribute name, or null for text content
+   * @returns {string[]} Array of matched values
+   */
+  static extractXmlAll(xml, tag, attr) {
+    const results = [];
+    if (attr) {
+      const re = new RegExp(`<${tag}[^>]*\\s${attr}="([^"]*)"`, 'gi');
+      let m;
+      while ((m = re.exec(xml)) !== null) results.push(m[1]);
+    } else {
+      const re = new RegExp(`<${tag}[^>]*>([^<]*)<\/${tag}>`, 'gi');
+      let m;
+      while ((m = re.exec(xml)) !== null) results.push(m[1].trim());
+    }
+    return results;
+  }
+}
+
+module.exports = { AdtHttp };

package/src/utils/debug-daemon.js

@@ -0,0 +1,208 @@
+'use strict';
+
+/**
+ * debug-daemon.js — Long-lived daemon that holds the stateful ADT HTTP connection.
+ *
+ * Why this exists:
+ *   SAP ADT debug sessions are pinned to a specific ABAP work process via the
+ *   SAP_SESSIONID cookie. The cookie is maintained in-memory by AdtHttp. When a
+ *   CLI process exits (e.g. `debug attach --json`) the in-memory session is lost
+ *   and the ABAP work process is released from the debugger. Subsequent CLI
+ *   invocations (`debug step`) get a different HTTP connection → `noSessionAttached`.
+ *
+ *   The daemon keeps one Node.js process alive after attach, holding the open
+ *   HTTP session. Individual CLI commands connect via Unix domain socket, send a
+ *   JSON command, read a JSON response, and exit.
+ *
+ * Lifecycle:
+ *   1. Spawned by `debug attach --json` with detached:true + stdio:ignore + unref()
+ *   2. Reads config/session from env vars (JSON-encoded)
+ *   3. Creates Unix socket at DEBUG_DAEMON_SOCK_PATH
+ *   4. Handles JSON-line commands until `terminate` or 30-min idle timeout
+ *   5. Deletes socket file and exits
+ *
+ * IPC Protocol — newline-delimited JSON over Unix socket:
+ *
+ *   Commands:
+ *     { "cmd": "ping" }
+ *     { "cmd": "step",      "type": "stepOver|stepInto|stepReturn|stepContinue" }
+ *     { "cmd": "vars",      "name": null }
+ *     { "cmd": "stack" }
+ *     { "cmd": "terminate" }
+ *
+ *   Responses (one JSON line per command):
+ *     { "ok": true,  "pong": true }
+ *     { "ok": true,  "position": {...}, "source": [...] }
+ *     { "ok": true,  "variables": [...] }
+ *     { "ok": true,  "frames": [...] }
+ *     { "ok": true,  "terminated": true }
+ *     { "ok": false, "error": "message", "statusCode": 400 }
+ */
+
+const net = require('net');
+const fs  = require('fs');
+const { AdtHttp }      = require('./adt-http');
+const { DebugSession } = require('./debug-session');
+
+const DAEMON_IDLE_TIMEOUT_MS = 30 * 60 * 1000; // 30 minutes
+
+// ─── Public API ───────────────────────────────────────────────────────────────
+
+/**
+ * Start the daemon server.
+ *
+ * @param {object} config           - ABAP connection config
+ * @param {string} sessionId        - debugSessionId returned by attach
+ * @param {string} socketPath       - Unix socket path to listen on
+ * @param {object|null} snapshot    - { csrfToken, cookies } captured from attach process
+ */
+async function startDaemon(config, sessionId, socketPath, snapshot) {
+  const adt = new AdtHttp(config);
+
+  // Restore the exact SAP_SESSIONID cookie + CSRF token from the attach process.
+  // This guarantees the first IPC command reuses the same ABAP work process
+  // without another round-trip for a new token.
+  if (snapshot && snapshot.csrfToken) adt.csrfToken = snapshot.csrfToken;
+  if (snapshot && snapshot.cookies)   adt.cookies   = snapshot.cookies;
+
+  const session = new DebugSession(adt, sessionId);
+
+  // Remove stale socket file from a previous crash
+  try { fs.unlinkSync(socketPath); } catch (e) { /* ignore ENOENT */ }
+
+  let idleTimer = null;
+
+  function resetIdle() {
+    if (idleTimer) clearTimeout(idleTimer);
+    idleTimer = setTimeout(cleanupAndExit, DAEMON_IDLE_TIMEOUT_MS);
+    // unref so idle timer alone doesn't keep the process alive — if the
+    // server stops listening for another reason the process can exit naturally
+    if (idleTimer.unref) idleTimer.unref();
+  }
+
+  function cleanupAndExit(code) {
+    try { fs.unlinkSync(socketPath); } catch (e) { /* ignore */ }
+    process.exit(code || 0);
+  }
+
+  const server = net.createServer((socket) => {
+    resetIdle();
+    let buf = '';
+
+    socket.on('data', (chunk) => {
+      buf += chunk.toString();
+      let idx;
+      while ((idx = buf.indexOf('\n')) !== -1) {
+        const line = buf.slice(0, idx).trim();
+        buf = buf.slice(idx + 1);
+        if (line) {
+          _handleLine(socket, line, session, cleanupAndExit, resetIdle);
+        }
+      }
+    });
+
+    socket.on('error', () => { /* client disconnected abruptly — ignore */ });
+  });
+
+  server.listen(socketPath, () => {
+    resetIdle();
+  });
+
+  server.on('error', (err) => {
+    process.stderr.write(`[debug-daemon] server error: ${err.message}\n`);
+    cleanupAndExit(1);
+  });
+}
+
+/**
+ * Handle one parsed JSON command line.
+ * Exported so unit tests can call it directly without spawning a real server.
+ */
+async function _handleLine(socket, line, session, cleanupAndExit, resetIdle) {
+  let req;
+  try {
+    req = JSON.parse(line);
+  } catch (e) {
+    _send(socket, { ok: false, error: `Invalid JSON: ${e.message}` });
+    return;
+  }
+
+  resetIdle();
+
+  try {
+    switch (req.cmd) {
+      case 'ping': {
+        _send(socket, { ok: true, pong: true });
+        break;
+      }
+      case 'step': {
+        const result = await session.step(req.type || 'stepOver');
+        _send(socket, { ok: true, position: result.position, source: result.source });
+        break;
+      }
+      case 'vars': {
+        const variables = await session.getVariables(req.name || null);
+        _send(socket, { ok: true, variables });
+        break;
+      }
+      case 'expand': {
+        const children = await session.getVariableChildren(req.id, req.meta || {});
+        _send(socket, { ok: true, variables: children });
+        break;
+      }
+      case 'stack': {
+        const frames = await session.getStack();
+        _send(socket, { ok: true, frames });
+        break;
+      }
+      case 'terminate': {
+        await session.terminate();
+        _send(socket, { ok: true, terminated: true });
+        // Flush response before exiting — wait for client to close the socket
+        socket.end(() => cleanupAndExit(0));
+        break;
+      }
+      default: {
+        _send(socket, { ok: false, error: `Unknown command: ${req.cmd}` });
+      }
+    }
+  } catch (err) {
+    _send(socket, {
+      ok: false,
+      error: err.message || JSON.stringify(err),
+      statusCode: err.statusCode,
+      body: err.body || null
+    });
+  }
+}
+
+function _send(socket, obj) {
+  try {
+    socket.write(JSON.stringify(obj) + '\n');
+  } catch (e) {
+    // Client disconnected — ignore
+  }
+}
+
+// ─── Entry point when run as standalone daemon process ────────────────────────
+
+if (require.main === module || process.env.DEBUG_DAEMON_MODE === '1') {
+  const config     = JSON.parse(process.env.DEBUG_DAEMON_CONFIG            || '{}');
+  const sessionId  = process.env.DEBUG_DAEMON_SESSION_ID                   || '';
+  const socketPath = process.env.DEBUG_DAEMON_SOCK_PATH                    || '';
+  const snapshot   = process.env.DEBUG_DAEMON_SESSION_SNAPSHOT
+    ? JSON.parse(process.env.DEBUG_DAEMON_SESSION_SNAPSHOT)
+    : null;
+
+  if (!config.host || !sessionId || !socketPath) {
+    process.stderr.write('[debug-daemon] missing required env vars\n');
+    process.exit(1);
+  }
+
+  startDaemon(config, sessionId, socketPath, snapshot).catch((err) => {
+    process.stderr.write(`[debug-daemon] startup error: ${err.message}\n`);
+    process.exit(1);
+  });
+}
+
+module.exports = { startDaemon, _handleLine };