arc-1 0.4.4 → 0.6.0

package/dist/handlers/intent.js

@@ -13,10 +13,11 @@ import { findDefinition, findReferences, findWhereUsed, getCompletion, } from '.
 import { createObject, deleteObject, lockObject, safeUpdateSource, unlockObject } from '../adt/crud.js';
 import { activate, activateBatch, runAtcCheck, runUnitTests, syntaxCheck } from '../adt/devtools.js';
 import { getDump, getTraceDbAccesses, getTraceHitlist, getTraceStatements, listDumps, listTraces, } from '../adt/diagnostics.js';
-import { AdtApiError, AdtNetworkError, AdtSafetyError } from '../adt/errors.js';
-import { mapSapReleaseToAbaplintVersion, probeFeatures } from '../adt/features.js';
-import { isOperationAllowed, OperationType } from '../adt/safety.js';
+import { AdtApiError, AdtNetworkError, AdtSafetyError, isNotFoundError } from '../adt/errors.js';
+import { classifyTextSearchError, mapSapReleaseToAbaplintVersion, probeFeatures } from '../adt/features.js';
+import { checkPackage, isOperationAllowed, OperationType } from '../adt/safety.js';
 import { createTransport, getTransport, listTransports, releaseTransport } from '../adt/transport.js';
+import { validateAffHeader } from '../aff/validator.js';
 import { extractCdsElements } from '../context/cds-deps.js';
 import { compressCdsContext, compressContext } from '../context/compressor.js';
 import { extractMethod, formatMethodListing, listMethods, spliceMethod } from '../context/method-surgery.js';
@@ -26,6 +27,8 @@ import { sanitizeArgs } from '../server/audit.js';
 import { generateRequestId, requestContext } from '../server/context.js';
 import { logger } from '../server/logger.js';
 import { expandHyperfocusedArgs, getHyperfocusedScope } from './hyperfocused.js';
+import { getToolSchema } from './schemas.js';
+import { formatZodError } from './zod-errors.js';
 /**
  * Scope required for each tool.
  *
@@ -39,7 +42,7 @@ import { expandHyperfocusedArgs, getHyperfocusedScope } from './hyperfocused.js'
 export const TOOL_SCOPES = {
     SAPRead: 'read',
     SAPSearch: 'read',
-    SAPQuery: 'read',
+    SAPQuery: 'sql',
     SAPNavigate: 'read',
     SAPContext: 'read',
     SAPLint: 'read',
@@ -47,8 +50,24 @@ export const TOOL_SCOPES = {
     SAPWrite: 'write',
     SAPActivate: 'write',
     SAPManage: 'write',
-    SAPTransport: 'admin',
+    SAPTransport: 'write',
 };
+/**
+ * Check if authInfo has the required scope, respecting implied scopes:
+ * - `write` implies `read`
+ * - `sql` implies `data`
+ */
+export function hasRequiredScope(authInfo, requiredScope) {
+    const scopes = authInfo.scopes;
+    if (scopes.includes(requiredScope))
+        return true;
+    // Implied scopes
+    if (requiredScope === 'read' && scopes.includes('write'))
+        return true;
+    if (requiredScope === 'data' && scopes.includes('sql'))
+        return true;
+    return false;
+}
 function textResult(text) {
     return { content: [{ type: 'text', text }] };
 }
@@ -92,7 +111,7 @@ function classifyError(err) {
  *   all tools are allowed (backward compatibility).
  * @param server - MCP Server instance for elicitation support.
  */
-export async function handleToolCall(client, config, toolName, args, authInfo, _server, cachingLayer) {
+export async function handleToolCall(client, config, toolName, args, authInfo, _server, cachingLayer, isPerUserClient) {
     const reqId = generateRequestId();
     const start = Date.now();
     // Build user context for audit logging
@@ -112,7 +131,7 @@ export async function handleToolCall(client, config, toolName, args, authInfo, _
     // Scope enforcement — only when authInfo is present (XSUAA/OIDC mode)
     if (authInfo) {
         const requiredScope = TOOL_SCOPES[toolName];
-        if (requiredScope && !authInfo.scopes.includes(requiredScope)) {
+        if (requiredScope && !hasRequiredScope(authInfo, requiredScope)) {
             logger.emitAudit({
                 timestamp: new Date().toISOString(),
                 level: 'warn',
@@ -127,6 +146,29 @@ export async function handleToolCall(client, config, toolName, args, authInfo, _
             return errorResult(`Insufficient scope: '${requiredScope}' required for ${toolName}. Your scopes: [${authInfo.scopes.join(', ')}]`);
         }
     }
+    // Validate tool arguments with Zod schema
+    const isBtp = config.systemType === 'btp';
+    // Always use the full search schema for validation — the handler checks text search availability
+    // and returns a proper error message with the probe reason when source_code search is unavailable
+    const schema = getToolSchema(toolName, isBtp);
+    if (schema) {
+        const parsed = schema.safeParse(args);
+        if (!parsed.success) {
+            const validationError = formatZodError(parsed.error, toolName);
+            logger.emitAudit({
+                timestamp: new Date().toISOString(),
+                level: 'warn',
+                event: 'safety_blocked',
+                requestId: reqId,
+                user,
+                clientId,
+                operation: toolName,
+                reason: 'Input validation failed',
+            });
+            return errorResult(validationError);
+        }
+        args = parsed.data;
+    }
     // Run within request context so HTTP-level logs get the requestId
     return requestContext.run({ requestId: reqId, user, tool: toolName }, async () => {
         try {
@@ -163,7 +205,7 @@ export async function handleToolCall(client, config, toolName, args, authInfo, _
                     result = await handleSAPContext(client, args, cachingLayer);
                     break;
                 case 'SAPManage':
-                    result = await handleSAPManage(client, config, args, cachingLayer);
+                    result = await handleSAPManage(client, config, args, cachingLayer, isPerUserClient);
                     break;
                 case 'SAP': {
                     // Hyperfocused mode: route to the appropriate handler
@@ -175,13 +217,13 @@ export async function handleToolCall(client, config, toolName, args, authInfo, _
                     // Check scope for the delegated action
                     if (authInfo) {
                         const requiredScope = getHyperfocusedScope(String(args.action ?? ''));
-                        if (!authInfo.scopes.includes(requiredScope)) {
+                        if (!hasRequiredScope(authInfo, requiredScope)) {
                             result = errorResult(`Insufficient scope: '${requiredScope}' required for SAP(action="${args.action}"). Your scopes: [${authInfo.scopes.join(', ')}]`);
                             break;
                         }
                     }
                     // Delegate to the real handler (recursive call, but with the mapped tool name)
-                    result = await handleToolCall(client, config, expanded.toolName, expanded.expandedArgs, authInfo, _server, cachingLayer);
+                    result = await handleToolCall(client, config, expanded.toolName, expanded.expandedArgs, authInfo, _server, cachingLayer, isPerUserClient);
                     break;
                 }
                 default:
@@ -257,10 +299,19 @@ async function handleSAPRead(client, args, cachingLayer) {
         const { source } = await cachingLayer.getSource(objType, objName, fetcher);
         return source;
     };
+    // Structured format is only supported for CLAS type
+    if (args.format === 'structured' && type !== 'CLAS') {
+        return errorResult('The "structured" format is only supported for CLAS type. Other types return text format.');
+    }
     switch (type) {
         case 'PROG':
             return textResult(await cachedGet('PROG', name, () => client.getProgram(name)));
         case 'CLAS': {
+            // Structured format: return JSON with metadata + decomposed source
+            if (args.format === 'structured') {
+                const structured = await client.getClassStructured(name);
+                return textResult(JSON.stringify(structured, null, 2));
+            }
             const methodParam = args.method;
             if (methodParam && !args.include) {
                 // Method-level read — fetch full source then extract
@@ -336,8 +387,17 @@ async function handleSAPRead(client, args, cachingLayer) {
             return textResult(await cachedGet('BDEF', name, () => client.getBdef(name)));
         case 'SRVD':
             return textResult(await cachedGet('SRVD', name, () => client.getSrvd(name)));
-        case 'DDLX':
-            return textResult(await cachedGet('DDLX', name, () => client.getDdlx(name)));
+        case 'DDLX': {
+            try {
+                return textResult(await cachedGet('DDLX', name, () => client.getDdlx(name)));
+            }
+            catch (err) {
+                if (isNotFoundError(err)) {
+                    return textResult(`No metadata extension (DDLX) found for "${name}". This means no @UI annotations are defined via DDLX for this view. The view may use inline annotations in the DDLS source, or the Fiori app may configure columns via manifest.json / app descriptor.`);
+                }
+                throw err;
+            }
+        }
         case 'SRVB':
             return textResult(await cachedGet('SRVB', name, () => client.getSrvb(name)));
         case 'TABL':
@@ -421,7 +481,9 @@ async function handleSAPRead(client, args, cachingLayer) {
         case 'VARIANTS':
             return textResult(await client.getVariants(name));
         default:
-            return errorResult(`Unknown SAPRead type: ${type}. Supported: PROG, CLAS, INTF, FUNC, FUGR, INCL, DDLS, DDLX, BDEF, SRVD, SRVB, TABL, VIEW, STRU, DOMA, DTEL, TRAN, TABLE_CONTENTS, DEVC, SOBJ, SYSTEM, COMPONENTS, MESSAGES, TEXT_ELEMENTS, VARIANTS`);
+            return errorResult(`Unknown SAPRead type: "${type}". Supported types: PROG, CLAS, INTF, FUNC, FUGR, INCL, DDLS, DDLX, BDEF, SRVD, SRVB, TABL, VIEW, STRU, DOMA, DTEL, TRAN, TABLE_CONTENTS, DEVC, SOBJ, SYSTEM, COMPONENTS, MESSAGES, TEXT_ELEMENTS, VARIANTS. ` +
+                'Tip: Map objectType from SAPSearch results by dropping the slash suffix (e.g., DDLS/DF → type="DDLS", CLAS/OC → type="CLAS", PROG/P → type="PROG"). ' +
+                'Do not pass a URI — use the "type" and "name" parameters instead.');
     }
 }
 async function handleSAPSearch(client, args) {
@@ -429,6 +491,11 @@ async function handleSAPSearch(client, args) {
     const maxResults = Number(args.maxResults ?? 100);
     const searchType = String(args.searchType ?? 'object');
     if (searchType === 'source_code') {
+        // If probe already determined textSearch is unavailable, return the precise reason
+        if (cachedFeatures?.textSearch && !cachedFeatures.textSearch.available) {
+            return errorResult(`Source code search is not available on this SAP system. ${cachedFeatures.textSearch.reason ?? ''}` +
+                `\nUse SAPSearch with searchType="object" to search by object name instead, or use SAPQuery to search metadata tables.`);
+        }
         const objectType = args.objectType;
         const packageName = args.packageName;
         try {
@@ -436,9 +503,13 @@ async function handleSAPSearch(client, args) {
             return textResult(JSON.stringify(results, null, 2));
         }
         catch (err) {
-            if (err instanceof AdtApiError && (err.statusCode === 404 || err.statusCode === 501)) {
-                return errorResult(`Source code search is not available on this SAP system (requires SAP_BASIS ≥ 7.51). ` +
-                    `Use SAPSearch with searchType="object" to search by object name instead, or use SAPQuery to search metadata tables.`);
+            if (err instanceof AdtApiError) {
+                const permanentCodes = [401, 403, 404, 501];
+                if (permanentCodes.includes(err.statusCode)) {
+                    const classified = classifyTextSearchError(err.statusCode);
+                    return errorResult(`Source code search is not available on this SAP system. ${classified.reason ?? ''}` +
+                        `\nUse SAPSearch with searchType="object" to search by object name instead, or use SAPQuery to search metadata tables.`);
+                }
             }
             throw err;
         }
@@ -474,6 +545,10 @@ async function handleSAPQuery(client, args) {
                 }
             }
         }
+        // JOIN-aware error: ADT freestyle SQL parser has known edge cases with JOINs (SAP Note 3605050)
+        if (err instanceof AdtApiError && err.statusCode === 400 && /\bJOIN\b/i.test(sql)) {
+            return errorResult(`${err.message}\n\nMulti-table JOIN query failed. The ADT freestyle SQL endpoint has known parser edge cases with JOINs (SAP Note 3605050). Try splitting into separate single-table queries.`);
+        }
         throw err;
     }
 }
@@ -540,6 +615,129 @@ function buildLintConfigOptions(config, ruleOverrides) {
         ruleOverrides,
     };
 }
+// ─── Object Creation XML ─────────────────────────────────────────────
+/**
+ * Build the type-specific XML body for ADT object creation.
+ *
+ * SAP ADT requires each object type to have its own root XML element.
+ * Using a generic body (e.g. adtcore:objectReferences) returns 400:
+ *   "System expected the element '{http://www.sap.com/adt/programs/programs}abapProgram'"
+ */
+export function buildCreateXml(type, name, pkg, description) {
+    switch (type) {
+        case 'PROG':
+            return `<?xml version="1.0" encoding="UTF-8"?>
+<program:abapProgram xmlns:program="http://www.sap.com/adt/programs/programs"
+                     xmlns:adtcore="http://www.sap.com/adt/core"
+                     adtcore:description="${escapeXml(description)}"
+                     adtcore:name="${escapeXml(name)}"
+                     adtcore:type="PROG/P"
+                     adtcore:masterLanguage="EN"
+                     adtcore:masterSystem="H00"
+                     adtcore:responsible="DEVELOPER">
+  <adtcore:packageRef adtcore:name="${escapeXml(pkg)}"/>
+</program:abapProgram>`;
+        case 'CLAS':
+            return `<?xml version="1.0" encoding="UTF-8"?>
+<class:abapClass xmlns:class="http://www.sap.com/adt/oo/classes"
+                 xmlns:adtcore="http://www.sap.com/adt/core"
+                 adtcore:description="${escapeXml(description)}"
+                 adtcore:name="${escapeXml(name)}"
+                 adtcore:type="CLAS/OC"
+                 adtcore:masterLanguage="EN"
+                 adtcore:masterSystem="H00"
+                 adtcore:responsible="DEVELOPER">
+  <adtcore:packageRef adtcore:name="${escapeXml(pkg)}"/>
+</class:abapClass>`;
+        case 'INTF':
+            return `<?xml version="1.0" encoding="UTF-8"?>
+<intf:abapInterface xmlns:intf="http://www.sap.com/adt/oo/interfaces"
+                    xmlns:adtcore="http://www.sap.com/adt/core"
+                    adtcore:description="${escapeXml(description)}"
+                    adtcore:name="${escapeXml(name)}"
+                    adtcore:type="INTF/OI"
+                    adtcore:masterLanguage="EN"
+                    adtcore:masterSystem="H00"
+                    adtcore:responsible="DEVELOPER">
+  <adtcore:packageRef adtcore:name="${escapeXml(pkg)}"/>
+</intf:abapInterface>`;
+        case 'INCL':
+            return `<?xml version="1.0" encoding="UTF-8"?>
+<include:abapInclude xmlns:include="http://www.sap.com/adt/programs/includes"
+                     xmlns:adtcore="http://www.sap.com/adt/core"
+                     adtcore:description="${escapeXml(description)}"
+                     adtcore:name="${escapeXml(name)}"
+                     adtcore:type="PROG/I"
+                     adtcore:masterLanguage="EN"
+                     adtcore:masterSystem="H00"
+                     adtcore:responsible="DEVELOPER">
+  <adtcore:packageRef adtcore:name="${escapeXml(pkg)}"/>
+</include:abapInclude>`;
+        case 'DDLS':
+            return `<?xml version="1.0" encoding="UTF-8"?>
+<ddl:ddlSource xmlns:ddl="http://www.sap.com/adt/ddic/ddlsources"
+               xmlns:adtcore="http://www.sap.com/adt/core"
+               adtcore:description="${escapeXml(description)}"
+               adtcore:name="${escapeXml(name)}"
+               adtcore:type="DDLS/DF"
+               adtcore:masterLanguage="EN"
+               adtcore:masterSystem="H00"
+               adtcore:responsible="DEVELOPER">
+  <adtcore:packageRef adtcore:name="${escapeXml(pkg)}"/>
+</ddl:ddlSource>`;
+        case 'BDEF':
+            return `<?xml version="1.0" encoding="UTF-8"?>
+<bdef:behaviorDefinition xmlns:bdef="http://www.sap.com/adt/bo/behaviordefinitions"
+                         xmlns:adtcore="http://www.sap.com/adt/core"
+                         adtcore:description="${escapeXml(description)}"
+                         adtcore:name="${escapeXml(name)}"
+                         adtcore:type="BDEF/BDO"
+                         adtcore:masterLanguage="EN"
+                         adtcore:masterSystem="H00"
+                         adtcore:responsible="DEVELOPER">
+  <adtcore:packageRef adtcore:name="${escapeXml(pkg)}"/>
+</bdef:behaviorDefinition>`;
+        case 'SRVD':
+            return `<?xml version="1.0" encoding="UTF-8"?>
+<srvd:srvdSource xmlns:srvd="http://www.sap.com/adt/ddic/srvd/sources"
+                 xmlns:adtcore="http://www.sap.com/adt/core"
+                 adtcore:description="${escapeXml(description)}"
+                 adtcore:name="${escapeXml(name)}"
+                 adtcore:type="SRVD/SRV"
+                 adtcore:masterLanguage="EN"
+                 adtcore:masterSystem="H00"
+                 adtcore:responsible="DEVELOPER">
+  <adtcore:packageRef adtcore:name="${escapeXml(pkg)}"/>
+</srvd:srvdSource>`;
+        case 'DDLX':
+            return `<?xml version="1.0" encoding="UTF-8"?>
+<ddlx:ddlxSource xmlns:ddlx="http://www.sap.com/adt/ddic/ddlx/sources"
+                 xmlns:adtcore="http://www.sap.com/adt/core"
+                 adtcore:description="${escapeXml(description)}"
+                 adtcore:name="${escapeXml(name)}"
+                 adtcore:type="DDLX/EX"
+                 adtcore:masterLanguage="EN"
+                 adtcore:masterSystem="H00"
+                 adtcore:responsible="DEVELOPER">
+  <adtcore:packageRef adtcore:name="${escapeXml(pkg)}"/>
+</ddlx:ddlxSource>`;
+        default:
+            // Fallback — generic objectReferences using the correct URL for the type
+            return `<?xml version="1.0" encoding="UTF-8"?>
+<adtcore:objectReferences xmlns:adtcore="http://www.sap.com/adt/core">
+  <adtcore:objectReference adtcore:uri="${escapeXml(objectUrlForType(type, name))}" adtcore:type="${escapeXml(type)}" adtcore:name="${escapeXml(name)}" adtcore:packageName="${escapeXml(pkg)}"/>
+</adtcore:objectReferences>`;
+    }
+}
+/** Escape special characters for XML attribute values */
+function escapeXml(s) {
+    return s
+        .replace(/&/g, '&amp;')
+        .replace(/"/g, '&quot;')
+        .replace(/'/g, '&apos;')
+        .replace(/</g, '&lt;')
+        .replace(/>/g, '&gt;');
+}
 // ─── Object URL Mapping ──────────────────────────────────────────────
 /** Map object type + name to the ADT object URL used by CRUD/DevTools/etc. */
 function objectUrlForType(type, name) {
@@ -592,6 +790,10 @@ async function handleSAPWrite(client, args, config, cachingLayer) {
     const name = String(args.name ?? '');
     const source = String(args.source ?? '');
     const transport = args.transport;
+    // type and name are required for all actions except batch_create
+    if (action !== 'batch_create' && (!type || !name)) {
+        return errorResult('"type" and "name" are required for this action.');
+    }
     const objectUrl = objectUrlForType(type, name);
     const srcUrl = sourceUrlForType(type, name);
     switch (action) {
@@ -607,12 +809,33 @@ async function handleSAPWrite(client, args, config, cachingLayer) {
         }
         case 'create': {
             const pkg = String(args.package ?? '$TMP');
-            // Build creation XML body
-            const body = `<?xml version="1.0" encoding="UTF-8"?>
-<adtcore:objectReferences xmlns:adtcore="http://www.sap.com/adt/core">
-  <adtcore:objectReference adtcore:uri="${objectUrl}" adtcore:type="${type}" adtcore:name="${name}" adtcore:packageName="${pkg}"/>
-</adtcore:objectReferences>`;
-            const result = await createObject(client.http, client.safety, objectUrl, body, 'application/xml', transport);
+            checkPackage(client.safety, pkg);
+            const description = String(args.description ?? name);
+            checkPackage(client.safety, pkg);
+            // AFF header validation (if schema available for this type)
+            const affResult = validateAffHeader(type, { description, originalLanguage: 'en' });
+            if (!affResult.valid) {
+                return errorResult(`AFF metadata validation failed for ${type} ${name}:\n- ${(affResult.errors ?? []).join('\n- ')}\n\nFix the metadata and retry.`);
+            }
+            // Build type-specific creation XML body.
+            // SAP ADT requires the root element to match the object type —
+            // a generic objectReferences body returns 400 "System expected the element ...".
+            const body = buildCreateXml(type, name, pkg, description);
+            // Step 1: Create the object (metadata only)
+            const createUrl = objectUrl.replace(/\/[^/]+$/, ''); // parent collection URL
+            const result = await createObject(client.http, client.safety, createUrl, body, 'application/xml', transport);
+            // Step 2: Write source code if provided
+            if (source) {
+                // Pre-write lint validation
+                const lintWarnings = runPreWriteLint(source, type, name, config);
+                if (lintWarnings.blocked) {
+                    return textResult(`Created ${type} ${name} in package ${pkg}, but source was rejected by lint:\n${lintWarnings.result.content[0].text}`);
+                }
+                await safeUpdateSource(client.http, client.safety, objectUrl, srcUrl, source, transport);
+                cachingLayer?.invalidate(type, name);
+                const msg = `Created ${type} ${name} in package ${pkg} and wrote source code.`;
+                return lintWarnings.warnings ? textResult(`${msg}\n\n${lintWarnings.warnings}`) : textResult(msg);
+            }
             return textResult(`Created ${type} ${name} in package ${pkg}.\n${result}`);
         }
         case 'edit_method': {
@@ -665,8 +888,104 @@ async function handleSAPWrite(client, args, config, cachingLayer) {
             cachingLayer?.invalidate(type, name);
             return textResult(`Deleted ${type} ${name}.`);
         }
+        case 'batch_create': {
+            const objects = args.objects;
+            if (!objects || !Array.isArray(objects) || objects.length === 0) {
+                return errorResult('"objects" array is required and must be non-empty for batch_create action.');
+            }
+            const pkg = String(args.package ?? '$TMP');
+            // Check package is allowed before starting any creates
+            checkPackage(client.safety, pkg);
+            const results = [];
+            for (const obj of objects) {
+                const objType = String(obj.type ?? '');
+                const objName = String(obj.name ?? '');
+                const objSource = obj.source ? String(obj.source) : undefined;
+                const objDescription = String(obj.description ?? objName);
+                // AFF header validation per object (if schema available)
+                const affResult = validateAffHeader(objType, { description: objDescription, originalLanguage: 'en' });
+                if (!affResult.valid) {
+                    results.push({
+                        type: objType,
+                        name: objName,
+                        status: 'failed',
+                        error: `AFF metadata validation failed:\n- ${(affResult.errors ?? []).join('\n- ')}`,
+                    });
+                    break;
+                }
+                try {
+                    // Pre-validate source with lint BEFORE creating the object to avoid orphaned objects
+                    if (objSource) {
+                        const lintWarnings = runPreWriteLint(objSource, objType, objName, config);
+                        if (lintWarnings.blocked) {
+                            results.push({
+                                type: objType,
+                                name: objName,
+                                status: 'failed',
+                                error: `source rejected by lint: ${lintWarnings.result.content[0].text}`,
+                            });
+                            break;
+                        }
+                    }
+                    // Step 1: Create the object
+                    const objUrl = objectUrlForType(objType, objName);
+                    const createUrl = objUrl.replace(/\/[^/]+$/, '');
+                    const body = buildCreateXml(objType, objName, pkg, objDescription);
+                    await createObject(client.http, client.safety, createUrl, body, 'application/xml', transport);
+                    // Step 2: Write source if provided
+                    if (objSource) {
+                        const srcUrl = sourceUrlForType(objType, objName);
+                        await safeUpdateSource(client.http, client.safety, objUrl, srcUrl, objSource, transport);
+                    }
+                    // Step 3: Activate the object
+                    const activationResult = await activate(client.http, client.safety, objUrl);
+                    if (!activationResult.success) {
+                        results.push({
+                            type: objType,
+                            name: objName,
+                            status: 'failed',
+                            error: `activation failed: ${activationResult.messages.join('; ')}`,
+                        });
+                        break;
+                    }
+                    cachingLayer?.invalidate(objType, objName);
+                    results.push({ type: objType, name: objName, status: 'success' });
+                }
+                catch (err) {
+                    results.push({
+                        type: objType,
+                        name: objName,
+                        status: 'failed',
+                        error: err instanceof Error ? err.message : String(err),
+                    });
+                    break;
+                }
+            }
+            // Add 'skipped' entries for objects that were never attempted due to early break
+            for (let i = results.length; i < objects.length; i++) {
+                const skipped = objects[i];
+                results.push({
+                    type: String(skipped.type ?? ''),
+                    name: String(skipped.name ?? ''),
+                    status: 'failed',
+                    error: 'skipped — stopped after previous failure',
+                });
+            }
+            const summary = results
+                .map((r) => `${r.name} (${r.type}) ${r.status === 'success' ? '✓' : `✗ — ${r.error}`}`)
+                .join(', ');
+            const successCount = results.filter((r) => r.status === 'success').length;
+            const hasFailure = results.some((r) => r.status === 'failed');
+            if (hasFailure) {
+                const cleanupHint = successCount > 0
+                    ? ` Note: ${successCount} already-created object(s) remain on the SAP system and may need manual cleanup.`
+                    : '';
+                return errorResult(`Batch created ${successCount}/${objects.length} objects in package ${pkg}: ${summary}${cleanupHint}`);
+            }
+            return textResult(`Batch created ${successCount} objects in package ${pkg}: ${summary}`);
+        }
         default:
-            return errorResult(`Unknown SAPWrite action: ${action}. Supported: create, update, delete, edit_method`);
+            return errorResult(`Unknown SAPWrite action: ${action}. Supported: create, update, delete, edit_method, batch_create`);
     }
 }
 /**
@@ -1033,7 +1352,7 @@ async function handleSAPContext(client, args, cachingLayer) {
 // ─── SAPManage Handler ────────────────────────────────────────────────
 /** Cached feature status — populated on first probe */
 let cachedFeatures;
-async function handleSAPManage(client, config, args, cachingLayer) {
+async function handleSAPManage(client, config, args, cachingLayer, isPerUserClient) {
     const action = String(args.action ?? '');
     switch (action) {
         case 'features': {
@@ -1063,11 +1382,30 @@ async function handleSAPManage(client, config, args, cachingLayer) {
             featureConfig.amdp = config.featureAmdp;
             featureConfig.ui5 = config.featureUi5;
             featureConfig.transport = config.featureTransport;
-            cachedFeatures = await probeFeatures(client.http, featureConfig, config.systemType);
-            return textResult(JSON.stringify(cachedFeatures, null, 2));
+            const probed = await probeFeatures(client.http, featureConfig, config.systemType);
+            // In PP mode with a per-user client, auth-sensitive results (401/403 on any
+            // feature) must not poison the global cache — another user may have different
+            // authorizations.  Return the per-user result to the caller but keep the global
+            // cache unchanged.  However, when PP is enabled but the request fell back to the
+            // shared/default client (no JWT, missing btpConfig, or non-strict fallback), the
+            // probe ran with the same service-account credentials as the startup probe, so
+            // updating the cache is safe and allows a manual probe to repair a failed startup.
+            // Apply the same auth-failure sanitization as the startup probe: in PP mode,
+            // shared-client 401/403 on textSearch must not hide source_code from users who
+            // might have authorization via per-user clients.
+            if (!isPerUserClient) {
+                if (config.ppEnabled && probed.textSearch && !probed.textSearch.available) {
+                    const reason = probed.textSearch.reason ?? '';
+                    if (reason.includes('authorization') || reason.includes('401') || reason.includes('403')) {
+                        probed.textSearch = undefined;
+                    }
+                }
+                cachedFeatures = probed;
+            }
+            return textResult(JSON.stringify(probed, null, 2));
         }
         default:
-            return errorResult(`Unknown SAPManage action: ${action}. Supported: features, probe`);
+            return errorResult(`Unknown SAPManage action: ${action}. Supported: features, probe, cache_stats`);
     }
 }
 /** Reset cached features (for testing) */
@@ -1078,4 +1416,8 @@ export function resetCachedFeatures() {
 export function setCachedFeatures(features) {
     cachedFeatures = features;
 }
+/** Get cached features (for tool definition adaptation) */
+export function getCachedFeatures() {
+    return cachedFeatures;
+}
 //# sourceMappingURL=intent.js.map