arc-1 0.5.0 → 0.6.1

package/dist/handlers/intent.js

@@ -11,12 +11,14 @@
  */
 import { findDefinition, findReferences, findWhereUsed, getCompletion, } from '../adt/codeintel.js';
 import { createObject, deleteObject, lockObject, safeUpdateSource, unlockObject } from '../adt/crud.js';
-import { activate, activateBatch, runAtcCheck, runUnitTests, syntaxCheck } from '../adt/devtools.js';
+import { activate, activateBatch, publishServiceBinding, runAtcCheck, runUnitTests, syntaxCheck, unpublishServiceBinding, } from '../adt/devtools.js';
 import { getDump, getTraceDbAccesses, getTraceHitlist, getTraceStatements, listDumps, listTraces, } from '../adt/diagnostics.js';
 import { AdtApiError, AdtNetworkError, AdtSafetyError, isNotFoundError } from '../adt/errors.js';
 import { classifyTextSearchError, mapSapReleaseToAbaplintVersion, probeFeatures } from '../adt/features.js';
-import { isOperationAllowed, OperationType } from '../adt/safety.js';
+import { checkPackage, isOperationAllowed, OperationType } from '../adt/safety.js';
 import { createTransport, getTransport, listTransports, releaseTransport } from '../adt/transport.js';
+import { getAppInfo } from '../adt/ui5-repository.js';
+import { validateAffHeader } from '../aff/validator.js';
 import { extractCdsElements } from '../context/cds-deps.js';
 import { compressCdsContext, compressContext } from '../context/compressor.js';
 import { extractMethod, formatMethodListing, listMethods, spliceMethod } from '../context/method-surgery.js';
@@ -73,6 +75,46 @@ function textResult(text) {
 function errorResult(message) {
     return { content: [{ type: 'text', text: message }], isError: true };
 }
+// ─── Search Helpers ─────────────────────────────────────────────────
+/**
+ * Transliterate non-ASCII characters in search queries.
+ * SAP object names are ASCII-only, so umlauts and accented characters
+ * never appear in object names. This prevents wasted searches with
+ * German terms like "*Schätzung*" that silently return empty results.
+ */
+export function transliterateQuery(query) {
+    // Explicit German umlaut replacements (must come before NFD decomposition)
+    let result = query
+        .replace(/ä/g, 'AE')
+        .replace(/Ä/g, 'AE')
+        .replace(/ö/g, 'OE')
+        .replace(/Ö/g, 'OE')
+        .replace(/ü/g, 'UE')
+        .replace(/Ü/g, 'UE')
+        .replace(/ß/g, 'SS');
+    // General fallback: strip remaining diacritics (é→e, ñ→n, etc.)
+    result = result.normalize('NFD').replace(/[\u0300-\u036f]/g, '');
+    return { normalized: result, changed: result !== query };
+}
+/**
+ * Detect if a search query looks like a field/column name rather than
+ * an object name. Field names are short, uppercase, and typically don't
+ * start with Z/Y (which are custom object prefixes).
+ */
+export function looksLikeFieldName(query) {
+    // Wildcard patterns are object searches, not field names
+    if (query.includes('*'))
+        return false;
+    if (query.length === 0 || query.length > 15)
+        return false;
+    // Must be uppercase letters, digits, underscores only
+    if (!/^[A-Z0-9_]+$/.test(query))
+        return false;
+    // Z/Y prefix → more likely an object name
+    if (/^[ZY]/.test(query))
+        return false;
+    return true;
+}
 /** Classify error type for audit logging */
 /** Format error messages with LLM-friendly remediation hints */
 function formatErrorForLLM(err, message, _tool, args) {
@@ -85,12 +127,49 @@ function formatErrorForLLM(err, message, _tool, args) {
         if (err.isUnauthorized || err.isForbidden) {
             return `${message}\n\nHint: Authorization error. Check SAP_CLIENT (default: '100'), SAP_USER, and SAP_PASSWORD. The configured SAP user may lack permissions for this object.`;
         }
+        // Transport / corrNr specific hints
+        const transportHint = getTransportHint(err);
+        if (transportHint) {
+            return `${message}\n\nHint: ${transportHint}`;
+        }
     }
     if (err instanceof AdtNetworkError) {
         return `${message}\n\nHint: Cannot reach the SAP system. This is a connectivity issue, not a usage error.`;
     }
     return message;
 }
+/** Detect transport/corrNr failure signatures and return a remediation hint, or undefined if not transport-related. */
+function getTransportHint(err) {
+    const body = (err.responseBody ?? '').toLowerCase();
+    const msg = err.message.toLowerCase();
+    const combined = `${msg} ${body}`;
+    // Missing or invalid transport/correction number
+    if (combined.includes('correction number') ||
+        combined.includes('corrnr') ||
+        (combined.includes('transport request') &&
+            (combined.includes('missing') || combined.includes('required') || combined.includes('invalid')))) {
+        return 'A transport/correction number is required but was not provided or is invalid. Provide an explicit "transport" parameter with a valid transport request ID, or check SE09 in SAP GUI that an open transport exists for your user and target package.';
+    }
+    // Transport not found or not modifiable
+    if (combined.includes('e070') ||
+        (combined.includes('transport') &&
+            (combined.includes('not found') || combined.includes('does not exist') || combined.includes('not modifiable')))) {
+        return 'The specified transport request was not found or is not modifiable. Verify the transport ID in SE09, ensure it is not yet released, and that it belongs to the correct user and target package.';
+    }
+    // Package / transport layer mismatch
+    if (combined.includes('transport layer') ||
+        (combined.includes('package') &&
+            combined.includes('transport') &&
+            (combined.includes('mismatch') || combined.includes('not assigned') || combined.includes('no transport layer')))) {
+        return 'The target package has no transport layer or a transport layer mismatch. Check that the package is configured for transport in SE80/TDEVC, or use a local package ($TMP) if no transport is needed.';
+    }
+    // Authorization for transport operations
+    if (combined.includes('s_transprt') ||
+        (combined.includes('transport') && (combined.includes('no authorization') || combined.includes('not authorized')))) {
+        return 'The SAP user lacks transport authorization (S_TRANSPRT). Contact your SAP basis administrator to grant the required transport permissions.';
+    }
+    return undefined;
+}
 function classifyError(err) {
     if (err instanceof AdtApiError)
         return 'AdtApiError';
@@ -291,21 +370,36 @@ async function handleSAPRead(client, args, cachingLayer) {
     if (isBtpSystem() && BTP_HINTS[type]) {
         return errorResult(BTP_HINTS[type]);
     }
-    // Helper: get source with cache support
+    // Helper: get source with cache support, returns cache hit status
     const cachedGet = async (objType, objName, fetcher) => {
         if (!cachingLayer)
-            return fetcher();
-        const { source } = await cachingLayer.getSource(objType, objName, fetcher);
-        return source;
+            return { source: await fetcher(), cacheHit: false };
+        const { source, hit } = await cachingLayer.getSource(objType, objName, fetcher);
+        return { source, cacheHit: hit };
     };
+    /** Prepend [cached] indicator when result came from cache */
+    const cachedTextResult = (source, cacheHit) => {
+        return textResult(cacheHit ? `[cached]\n${source}` : source);
+    };
+    // Structured format is only supported for CLAS type
+    if (args.format === 'structured' && type !== 'CLAS') {
+        return errorResult('The "structured" format is only supported for CLAS type. Other types return text format.');
+    }
     switch (type) {
-        case 'PROG':
-            return textResult(await cachedGet('PROG', name, () => client.getProgram(name)));
+        case 'PROG': {
+            const { source, cacheHit } = await cachedGet('PROG', name, () => client.getProgram(name));
+            return cachedTextResult(source, cacheHit);
+        }
         case 'CLAS': {
+            // Structured format: return JSON with metadata + decomposed source
+            if (args.format === 'structured') {
+                const structured = await client.getClassStructured(name);
+                return textResult(JSON.stringify(structured, null, 2));
+            }
             const methodParam = args.method;
             if (methodParam && !args.include) {
-                // Method-level read — fetch full source then extract
-                const fullSource = await cachedGet('CLAS', name, () => client.getClass(name));
+                // Method-level read — fetch full source then extract (no cache indicator for derived results)
+                const { source: fullSource } = await cachedGet('CLAS', name, () => client.getClass(name));
                 const abaplintVer = cachedFeatures?.abapRelease
                     ? mapSapReleaseToAbaplintVersion(cachedFeatures.abapRelease)
                     : undefined;
@@ -321,12 +415,15 @@ async function handleSAPRead(client, args, cachingLayer) {
             }
             // Only cache the full merged source (no include param), not individual includes
             if (!args.include) {
-                return textResult(await cachedGet('CLAS', name, () => client.getClass(name)));
+                const { source, cacheHit } = await cachedGet('CLAS', name, () => client.getClass(name));
+                return cachedTextResult(source, cacheHit);
             }
             return textResult(await client.getClass(name, args.include));
         }
-        case 'INTF':
-            return textResult(await cachedGet('INTF', name, () => client.getInterface(name)));
+        case 'INTF': {
+            const { source, cacheHit } = await cachedGet('INTF', name, () => client.getInterface(name));
+            return cachedTextResult(source, cacheHit);
+        }
         case 'FUNC': {
             let group = String(args.group ?? '');
             if (!group) {
@@ -339,7 +436,8 @@ async function handleSAPRead(client, args, cachingLayer) {
                 }
                 group = resolved;
             }
-            return textResult(await cachedGet('FUNC', name, () => client.getFunction(group, name)));
+            const { source, cacheHit } = await cachedGet('FUNC', name, () => client.getFunction(group, name));
+            return cachedTextResult(source, cacheHit);
         }
         case 'FUGR': {
             const expand = Boolean(args.expand_includes);
@@ -364,22 +462,30 @@ async function handleSAPRead(client, args, cachingLayer) {
             const fg = await client.getFunctionGroup(name);
             return textResult(JSON.stringify(fg, null, 2));
         }
-        case 'INCL':
-            return textResult(await cachedGet('INCL', name, () => client.getInclude(name)));
+        case 'INCL': {
+            const { source, cacheHit } = await cachedGet('INCL', name, () => client.getInclude(name));
+            return cachedTextResult(source, cacheHit);
+        }
         case 'DDLS': {
-            const ddlSource = await cachedGet('DDLS', name, () => client.getDdls(name));
+            const { source: ddlSource, cacheHit } = await cachedGet('DDLS', name, () => client.getDdls(name));
             if (args.include?.toLowerCase() === 'elements') {
+                // Elements extraction is derived from source — no cache indicator
                 return textResult(extractCdsElements(ddlSource, name));
             }
-            return textResult(ddlSource);
+            return cachedTextResult(ddlSource, cacheHit);
+        }
+        case 'BDEF': {
+            const { source, cacheHit } = await cachedGet('BDEF', name, () => client.getBdef(name));
+            return cachedTextResult(source, cacheHit);
+        }
+        case 'SRVD': {
+            const { source, cacheHit } = await cachedGet('SRVD', name, () => client.getSrvd(name));
+            return cachedTextResult(source, cacheHit);
         }
-        case 'BDEF':
-            return textResult(await cachedGet('BDEF', name, () => client.getBdef(name)));
-        case 'SRVD':
-            return textResult(await cachedGet('SRVD', name, () => client.getSrvd(name)));
         case 'DDLX': {
             try {
-                return textResult(await cachedGet('DDLX', name, () => client.getDdlx(name)));
+                const { source, cacheHit } = await cachedGet('DDLX', name, () => client.getDdlx(name));
+                return cachedTextResult(source, cacheHit);
             }
             catch (err) {
                 if (isNotFoundError(err)) {
@@ -388,14 +494,22 @@ async function handleSAPRead(client, args, cachingLayer) {
                 throw err;
             }
         }
-        case 'SRVB':
-            return textResult(await cachedGet('SRVB', name, () => client.getSrvb(name)));
-        case 'TABL':
-            return textResult(await cachedGet('TABL', name, () => client.getTable(name)));
-        case 'VIEW':
-            return textResult(await cachedGet('VIEW', name, () => client.getView(name)));
-        case 'STRU':
-            return textResult(await cachedGet('STRU', name, () => client.getStructure(name)));
+        case 'SRVB': {
+            const { source, cacheHit } = await cachedGet('SRVB', name, () => client.getSrvb(name));
+            return cachedTextResult(source, cacheHit);
+        }
+        case 'TABL': {
+            const { source, cacheHit } = await cachedGet('TABL', name, () => client.getTable(name));
+            return cachedTextResult(source, cacheHit);
+        }
+        case 'VIEW': {
+            const { source, cacheHit } = await cachedGet('VIEW', name, () => client.getView(name));
+            return cachedTextResult(source, cacheHit);
+        }
+        case 'STRU': {
+            const { source, cacheHit } = await cachedGet('STRU', name, () => client.getStructure(name));
+            return cachedTextResult(source, cacheHit);
+        }
         case 'DOMA': {
             const domain = await client.getDomain(name);
             return textResult(JSON.stringify(domain, null, 2));
@@ -421,6 +535,18 @@ async function handleSAPRead(client, args, cachingLayer) {
             }
             return textResult(JSON.stringify(tran, null, 2));
         }
+        case 'API_STATE': {
+            // Determine object type for URL construction — use explicit objectType, infer from name, or error
+            const explicitType = String(args.objectType ?? '').toUpperCase();
+            const inferredType = explicitType || inferObjectType(name);
+            if (!inferredType) {
+                return errorResult(`Cannot infer object type from name "${name}". Please specify objectType explicitly (e.g., objectType="CLAS", "INTF", "PROG", "TABL", "DDLS", "FUGR", "DOMA", "DTEL", "SRVD", "SRVB", "BDEF").`);
+            }
+            // Use raw URI (no name encoding) — getApiReleaseState encodes the full URI as a single path segment
+            const objectUri = objectUrlForTypeRaw(inferredType, name);
+            const releaseState = await client.getApiReleaseState(objectUri);
+            return textResult(JSON.stringify(releaseState, null, 2));
+        }
         case 'TABLE_CONTENTS': {
             const maxRows = Number(args.maxRows ?? 100);
             const data = await client.getTableContents(name, maxRows, args.sqlFilter);
@@ -470,18 +596,53 @@ async function handleSAPRead(client, args, cachingLayer) {
             return textResult(await client.getTextElements(name));
         case 'VARIANTS':
             return textResult(await client.getVariants(name));
+        case 'BSP': {
+            if (cachedFeatures?.ui5 && !cachedFeatures.ui5.available) {
+                return errorResult('UI5/Fiori BSP Filestore is not available on this SAP system. ' +
+                    'Run SAPManage(action="probe") to verify feature availability.');
+            }
+            const include = args.include;
+            if (!name) {
+                // List all BSP apps (optional search via query param not used here since name is empty)
+                const apps = await client.listBspApps();
+                return textResult(JSON.stringify(apps, null, 2));
+            }
+            if (!include) {
+                // Browse root structure of the app
+                return textResult(JSON.stringify(await client.getBspAppStructure(name), null, 2));
+            }
+            // If include contains a dot, treat as file read; otherwise browse subfolder
+            if (include.includes('.')) {
+                return textResult(await client.getBspFileContent(name, include));
+            }
+            return textResult(JSON.stringify(await client.getBspAppStructure(name, `/${include}`), null, 2));
+        }
+        case 'BSP_DEPLOY': {
+            if (cachedFeatures?.ui5repo && !cachedFeatures.ui5repo.available) {
+                return errorResult('ABAP Repository OData Service is not available on this SAP system. ' +
+                    'Run SAPManage(action="probe") to verify feature availability.');
+            }
+            if (!name) {
+                return errorResult('BSP_DEPLOY requires a name parameter (e.g., name="ZAPP_BOOKING").');
+            }
+            const info = await getAppInfo(client.http, client.safety, name);
+            if (!info) {
+                return textResult(`App "${name}" not found in ABAP Repository.`);
+            }
+            return textResult(JSON.stringify(info, null, 2));
+        }
         default:
-            return errorResult(`Unknown SAPRead type: "${type}". Supported types: PROG, CLAS, INTF, FUNC, FUGR, INCL, DDLS, DDLX, BDEF, SRVD, SRVB, TABL, VIEW, STRU, DOMA, DTEL, TRAN, TABLE_CONTENTS, DEVC, SOBJ, SYSTEM, COMPONENTS, MESSAGES, TEXT_ELEMENTS, VARIANTS. ` +
+            return errorResult(`Unknown SAPRead type: "${type}". Supported types: PROG, CLAS, INTF, FUNC, FUGR, INCL, DDLS, DDLX, BDEF, SRVD, SRVB, TABL, VIEW, STRU, DOMA, DTEL, TRAN, TABLE_CONTENTS, DEVC, SOBJ, SYSTEM, COMPONENTS, MESSAGES, TEXT_ELEMENTS, VARIANTS, BSP, BSP_DEPLOY, API_STATE. ` +
                 'Tip: Map objectType from SAPSearch results by dropping the slash suffix (e.g., DDLS/DF → type="DDLS", CLAS/OC → type="CLAS", PROG/P → type="PROG"). ' +
                 'Do not pass a URI — use the "type" and "name" parameters instead.');
     }
 }
 async function handleSAPSearch(client, args) {
-    const query = String(args.query ?? '');
+    const rawQuery = String(args.query ?? '');
     const maxResults = Number(args.maxResults ?? 100);
     const searchType = String(args.searchType ?? 'object');
     if (searchType === 'source_code') {
-        // If probe already determined textSearch is unavailable, return the precise reason
+        // Source code search: do NOT transliterate — source can contain umlauts in strings/comments
         if (cachedFeatures?.textSearch && !cachedFeatures.textSearch.available) {
             return errorResult(`Source code search is not available on this SAP system. ${cachedFeatures.textSearch.reason ?? ''}` +
                 `\nUse SAPSearch with searchType="object" to search by object name instead, or use SAPQuery to search metadata tables.`);
@@ -489,7 +650,7 @@ async function handleSAPSearch(client, args) {
         const objectType = args.objectType;
         const packageName = args.packageName;
         try {
-            const results = await client.searchSource(query, maxResults, objectType, packageName);
+            const results = await client.searchSource(rawQuery, maxResults, objectType, packageName);
             return textResult(JSON.stringify(results, null, 2));
         }
         catch (err) {
@@ -504,8 +665,25 @@ async function handleSAPSearch(client, args) {
             throw err;
         }
     }
+    // Object search: transliterate non-ASCII (SAP object names are ASCII-only)
+    const { normalized: query, changed: wasTransliterated } = transliterateQuery(rawQuery);
+    const transliterationNote = wasTransliterated
+        ? `Note: Query contained non-ASCII characters. Transliterated "${rawQuery}" → "${query}" (SAP object names are ASCII-only).\n\n`
+        : '';
     const results = await client.searchObject(query, maxResults);
-    return textResult(JSON.stringify(results, null, 2));
+    if (Array.isArray(results) && results.length === 0) {
+        let hint = '[]' +
+            '\n\n' +
+            transliterationNote +
+            'No objects found. If searching for custom objects, try Z* or Y* prefixes (e.g., "Z*ESTIM*"). ' +
+            'If you already found objects in a package, use SAPRead with type=DEVC to list all package contents instead of more searches.';
+        if (looksLikeFieldName(query)) {
+            const stripped = query.replace(/\*/g, '');
+            hint += `\nThis looks like a field/column name. Use SAPQuery("SELECT fieldname, rollname, domname FROM dd03l WHERE fieldname = '${stripped}'") or SAPRead(type='DDLS', include='elements') to find fields.`;
+        }
+        return textResult(hint);
+    }
+    return textResult(transliterationNote + JSON.stringify(results, null, 2));
 }
 async function handleSAPQuery(client, args) {
     const sql = String(args.sql ?? '');
@@ -729,46 +907,67 @@ function escapeXml(s) {
         .replace(/>/g, '>');
 }
 // ─── Object URL Mapping ──────────────────────────────────────────────
-/** Map object type + name to the ADT object URL used by CRUD/DevTools/etc. */
-function objectUrlForType(type, name) {
-    const encoded = encodeURIComponent(name);
+/** Base path for an object type. Returns path prefix without trailing name segment. */
+function objectBasePath(type) {
     switch (type) {
         case 'PROG':
-            return `/sap/bc/adt/programs/programs/${encoded}`;
+            return '/sap/bc/adt/programs/programs/';
         case 'CLAS':
-            return `/sap/bc/adt/oo/classes/${encoded}`;
+            return '/sap/bc/adt/oo/classes/';
         case 'INTF':
-            return `/sap/bc/adt/oo/interfaces/${encoded}`;
+            return '/sap/bc/adt/oo/interfaces/';
         case 'FUNC':
-            return `/sap/bc/adt/functions/groups/${encoded}`;
+            return '/sap/bc/adt/functions/groups/';
         case 'INCL':
-            return `/sap/bc/adt/programs/includes/${encoded}`;
+            return '/sap/bc/adt/programs/includes/';
         case 'FUGR':
-            return `/sap/bc/adt/functions/groups/${encoded}`;
+            return '/sap/bc/adt/functions/groups/';
         case 'DDLS':
-            return `/sap/bc/adt/ddic/ddl/sources/${encoded}`;
+            return '/sap/bc/adt/ddic/ddl/sources/';
         case 'BDEF':
-            return `/sap/bc/adt/bo/behaviordefinitions/${encoded}`;
+            return '/sap/bc/adt/bo/behaviordefinitions/';
         case 'SRVD':
-            return `/sap/bc/adt/ddic/srvd/sources/${encoded}`;
+            return '/sap/bc/adt/ddic/srvd/sources/';
         case 'DDLX':
-            return `/sap/bc/adt/ddic/ddlx/sources/${encoded}`;
+            return '/sap/bc/adt/ddic/ddlx/sources/';
         case 'SRVB':
-            return `/sap/bc/adt/businessservices/bindings/${encoded}`;
+            return '/sap/bc/adt/businessservices/bindings/';
         case 'TABL':
-            return `/sap/bc/adt/ddic/tables/${encoded}`;
+            return '/sap/bc/adt/ddic/tables/';
         case 'STRU':
-            return `/sap/bc/adt/ddic/structures/${encoded}`;
+            return '/sap/bc/adt/ddic/structures/';
         case 'DOMA':
-            return `/sap/bc/adt/ddic/domains/${encoded}`;
+            return '/sap/bc/adt/ddic/domains/';
         case 'DTEL':
-            return `/sap/bc/adt/ddic/dataelements/${encoded}`;
+            return '/sap/bc/adt/ddic/dataelements/';
         case 'TRAN':
-            return `/sap/bc/adt/vit/wb/object_type/trant/object_name/${encoded}`;
+            return '/sap/bc/adt/vit/wb/object_type/trant/object_name/';
         default:
-            return `/sap/bc/adt/programs/programs/${encoded}`;
+            return '/sap/bc/adt/programs/programs/';
     }
 }
+/** Map object type + name to the ADT object URL used by CRUD/DevTools/etc. Name is URI-encoded. */
+function objectUrlForType(type, name) {
+    return `${objectBasePath(type)}${encodeURIComponent(name)}`;
+}
+/** Infer SAP object type from naming conventions. Returns empty string if type cannot be determined. */
+function inferObjectType(name) {
+    const upper = name.toUpperCase();
+    if (upper.startsWith('IF_') || upper.startsWith('ZIF_') || upper.startsWith('YIF_'))
+        return 'INTF';
+    if (upper.startsWith('CL_') || upper.startsWith('ZCL_') || upper.startsWith('YCL_'))
+        return 'CLAS';
+    if (upper.startsWith('CX_') || upper.startsWith('ZCX_') || upper.startsWith('YCX_'))
+        return 'CLAS';
+    return '';
+}
+/**
+ * Map object type + name to the ADT object URL WITHOUT encoding the name.
+ * Used for API release state where the full URI is encoded as a single path segment by the caller.
+ */
+function objectUrlForTypeRaw(type, name) {
+    return `${objectBasePath(type)}${name}`;
+}
 /** Get the source URL for an object (appends /source/main) */
 function sourceUrlForType(type, name) {
     return `${objectUrlForType(type, name)}/source/main`;
@@ -780,6 +979,10 @@ async function handleSAPWrite(client, args, config, cachingLayer) {
     const name = String(args.name ?? '');
     const source = String(args.source ?? '');
     const transport = args.transport;
+    // type and name are required for all actions except batch_create
+    if (action !== 'batch_create' && (!type || !name)) {
+        return errorResult('"type" and "name" are required for this action.');
+    }
     const objectUrl = objectUrlForType(type, name);
     const srcUrl = sourceUrlForType(type, name);
     switch (action) {
@@ -795,7 +998,13 @@ async function handleSAPWrite(client, args, config, cachingLayer) {
         }
         case 'create': {
             const pkg = String(args.package ?? '$TMP');
+            checkPackage(client.safety, pkg);
             const description = String(args.description ?? name);
+            // AFF header validation (if schema available for this type)
+            const affResult = validateAffHeader(type, { description, originalLanguage: 'en' });
+            if (!affResult.valid) {
+                return errorResult(`AFF metadata validation failed for ${type} ${name}:\n- ${(affResult.errors ?? []).join('\n- ')}\n\nFix the metadata and retry.`);
+            }
             // Build type-specific creation XML body.
             // SAP ADT requires the root element to match the object type —
             // a generic objectReferences body returns 400 "System expected the element ...".
@@ -849,11 +1058,12 @@ async function handleSAPWrite(client, args, config, cachingLayer) {
             return lintWarnings.warnings ? textResult(`${msg}\n\n${lintWarnings.warnings}`) : textResult(msg);
         }
         case 'delete': {
-            // Lock, delete, unlock pattern
+            // Lock, delete, unlock pattern — auto-propagate lock corrNr if no explicit transport
             await client.http.withStatefulSession(async (session) => {
                 const lock = await lockObject(session, client.safety, objectUrl);
+                const effectiveTransport = transport ?? (lock.corrNr || undefined);
                 try {
-                    await deleteObject(session, client.safety, objectUrl, lock.lockHandle, transport);
+                    await deleteObject(session, client.safety, objectUrl, lock.lockHandle, effectiveTransport);
                 }
                 finally {
                     try {
@@ -867,8 +1077,104 @@ async function handleSAPWrite(client, args, config, cachingLayer) {
             cachingLayer?.invalidate(type, name);
             return textResult(`Deleted ${type} ${name}.`);
         }
+        case 'batch_create': {
+            const objects = args.objects;
+            if (!objects || !Array.isArray(objects) || objects.length === 0) {
+                return errorResult('"objects" array is required and must be non-empty for batch_create action.');
+            }
+            const pkg = String(args.package ?? '$TMP');
+            // Check package is allowed before starting any creates
+            checkPackage(client.safety, pkg);
+            const results = [];
+            for (const obj of objects) {
+                const objType = String(obj.type ?? '');
+                const objName = String(obj.name ?? '');
+                const objSource = obj.source ? String(obj.source) : undefined;
+                const objDescription = String(obj.description ?? objName);
+                // AFF header validation per object (if schema available)
+                const affResult = validateAffHeader(objType, { description: objDescription, originalLanguage: 'en' });
+                if (!affResult.valid) {
+                    results.push({
+                        type: objType,
+                        name: objName,
+                        status: 'failed',
+                        error: `AFF metadata validation failed:\n- ${(affResult.errors ?? []).join('\n- ')}`,
+                    });
+                    break;
+                }
+                try {
+                    // Pre-validate source with lint BEFORE creating the object to avoid orphaned objects
+                    if (objSource) {
+                        const lintWarnings = runPreWriteLint(objSource, objType, objName, config);
+                        if (lintWarnings.blocked) {
+                            results.push({
+                                type: objType,
+                                name: objName,
+                                status: 'failed',
+                                error: `source rejected by lint: ${lintWarnings.result.content[0].text}`,
+                            });
+                            break;
+                        }
+                    }
+                    // Step 1: Create the object
+                    const objUrl = objectUrlForType(objType, objName);
+                    const createUrl = objUrl.replace(/\/[^/]+$/, '');
+                    const body = buildCreateXml(objType, objName, pkg, objDescription);
+                    await createObject(client.http, client.safety, createUrl, body, 'application/xml', transport);
+                    // Step 2: Write source if provided
+                    if (objSource) {
+                        const srcUrl = sourceUrlForType(objType, objName);
+                        await safeUpdateSource(client.http, client.safety, objUrl, srcUrl, objSource, transport);
+                    }
+                    // Step 3: Activate the object
+                    const activationResult = await activate(client.http, client.safety, objUrl);
+                    if (!activationResult.success) {
+                        results.push({
+                            type: objType,
+                            name: objName,
+                            status: 'failed',
+                            error: `activation failed: ${activationResult.messages.join('; ')}`,
+                        });
+                        break;
+                    }
+                    cachingLayer?.invalidate(objType, objName);
+                    results.push({ type: objType, name: objName, status: 'success' });
+                }
+                catch (err) {
+                    results.push({
+                        type: objType,
+                        name: objName,
+                        status: 'failed',
+                        error: err instanceof Error ? err.message : String(err),
+                    });
+                    break;
+                }
+            }
+            // Add 'skipped' entries for objects that were never attempted due to early break
+            for (let i = results.length; i < objects.length; i++) {
+                const skipped = objects[i];
+                results.push({
+                    type: String(skipped.type ?? ''),
+                    name: String(skipped.name ?? ''),
+                    status: 'failed',
+                    error: 'skipped — stopped after previous failure',
+                });
+            }
+            const summary = results
+                .map((r) => `${r.name} (${r.type}) ${r.status === 'success' ? '✓' : `✗ — ${r.error}`}`)
+                .join(', ');
+            const successCount = results.filter((r) => r.status === 'success').length;
+            const hasFailure = results.some((r) => r.status === 'failed');
+            if (hasFailure) {
+                const cleanupHint = successCount > 0
+                    ? ` Note: ${successCount} already-created object(s) remain on the SAP system and may need manual cleanup.`
+                    : '';
+                return errorResult(`Batch created ${successCount}/${objects.length} objects in package ${pkg}: ${summary}${cleanupHint}`);
+            }
+            return textResult(`Batch created ${successCount} objects in package ${pkg}: ${summary}`);
+        }
         default:
-            return errorResult(`Unknown SAPWrite action: ${action}. Supported: create, update, delete, edit_method`);
+            return errorResult(`Unknown SAPWrite action: ${action}. Supported: create, update, delete, edit_method, batch_create`);
     }
 }
 /**
@@ -922,8 +1228,78 @@ function runPreWriteLint(source, type, name, config) {
 }
 // ─── SAPActivate Handler ─────────────────────────────────────────────
 async function handleSAPActivate(client, args) {
-    const type = String(args.type ?? '');
+    const action = String(args.action ?? 'activate');
+    const name = String(args.name ?? '');
+    const version = String(args.version ?? '0001');
+    // Publish service binding
+    if (action === 'publish_srvb') {
+        if (!name) {
+            return errorResult('Missing required "name" parameter for publish_srvb action.');
+        }
+        const result = await publishServiceBinding(client.http, client.safety, name, version);
+        if (result.severity === 'ERROR') {
+            return errorResult(`Failed to publish service binding ${name}: ${result.shortText}${result.longText ? ` — ${result.longText}` : ''}`);
+        }
+        let srvbInfo;
+        try {
+            srvbInfo = await client.getSrvb(name);
+        }
+        catch {
+            if (result.severity === 'UNKNOWN') {
+                return errorResult(`Publish response for ${name} could not be parsed and readback failed — use SAPRead to verify publish status.`);
+            }
+            return textResult(`Successfully published service binding ${name} (readback of binding metadata failed — use SAPRead to verify)`);
+        }
+        // Verify the published flag from the SRVB readback
+        try {
+            const srvbData = JSON.parse(srvbInfo);
+            if (srvbData.published === false) {
+                return errorResult(`Publish of service binding ${name} may have failed — binding is still unpublished.\n\n${srvbInfo}`);
+            }
+        }
+        catch {
+            // If we can't parse the readback JSON, fall through — better to return what we have
+        }
+        if (result.severity === 'UNKNOWN') {
+            return textResult(`Publish request for ${name} completed but response could not be fully parsed. Verify status below:\n\n${srvbInfo}`);
+        }
+        return textResult(`Successfully published service binding ${name}.\n\n${srvbInfo}`);
+    }
+    // Unpublish service binding
+    if (action === 'unpublish_srvb') {
+        if (!name) {
+            return errorResult('Missing required "name" parameter for unpublish_srvb action.');
+        }
+        const result = await unpublishServiceBinding(client.http, client.safety, name, version);
+        if (result.severity === 'ERROR') {
+            return errorResult(`Failed to unpublish service binding ${name}: ${result.shortText}${result.longText ? ` — ${result.longText}` : ''}`);
+        }
+        let srvbInfo;
+        try {
+            srvbInfo = await client.getSrvb(name);
+        }
+        catch {
+            // Readback failed — fall through with what we have
+        }
+        // Verify the published flag from the SRVB readback
+        if (srvbInfo) {
+            try {
+                const srvbData = JSON.parse(srvbInfo);
+                if (srvbData.published === true) {
+                    return errorResult(`Unpublish of service binding ${name} may have failed — binding is still published.\n\n${srvbInfo}`);
+                }
+            }
+            catch {
+                // If we can't parse the readback JSON, fall through
+            }
+        }
+        if (result.severity === 'UNKNOWN') {
+            return textResult(`Unpublish request for ${name} completed but response could not be fully parsed.${srvbInfo ? ` Verify status below:\n\n${srvbInfo}` : ' Use SAPRead to verify status.'}`);
+        }
+        return textResult(`Successfully unpublished service binding ${name}.${srvbInfo ? `\n\n${srvbInfo}` : ''}`);
+    }
     // Batch activation: multiple objects at once (for RAP stacks etc.)
+    const type = String(args.type ?? '');
     if (args.objects && Array.isArray(args.objects)) {
         const objects = args.objects.map((o) => {
             const objType = String(o.type ?? type);
@@ -938,7 +1314,6 @@ async function handleSAPActivate(client, args) {
         return errorResult(`Batch activation failed for: ${names}.\nErrors: ${result.messages.join('; ')}`);
     }
     // Single activation (existing behavior)
-    const name = String(args.name ?? '');
     const objectUrl = objectUrlForType(type, name);
     const result = await activate(client.http, client.safety, objectUrl);
     if (result.success) {
@@ -1020,8 +1395,63 @@ async function handleSAPNavigate(client, args) {
             const proposals = await getCompletion(client.http, client.safety, uri, line, column, source);
             return textResult(JSON.stringify(proposals, null, 2));
         }
+        case 'hierarchy': {
+            const className = String(args.name ?? '').toUpperCase();
+            if (!className) {
+                return errorResult('Provide name (class name) for hierarchy lookup.');
+            }
+            // Sanitize to prevent SQL injection — class names are alphanumeric + underscore + namespace slash
+            const safeName = className.replace(/[^A-Z0-9_/]/g, '');
+            if (safeName !== className) {
+                return errorResult(`Invalid class name: "${className}". Only alphanumeric characters, underscores, and slashes are allowed.`);
+            }
+            const canFreeSQL = isOperationAllowed(client.safety, OperationType.FreeSQL);
+            const canQuery = isOperationAllowed(client.safety, OperationType.Query);
+            if (!canFreeSQL && !canQuery) {
+                return errorResult('Class hierarchy requires data access permissions. ' +
+                    'Enable free SQL (--block-free-sql=false) or table preview (--block-data=false).');
+            }
+            try {
+                let ownRels;
+                let subRels;
+                if (canFreeSQL) {
+                    ownRels = await client.runQuery(`SELECT CLSNAME, REFCLSNAME, RELTYPE FROM SEOMETAREL WHERE CLSNAME = '${safeName}'`, 100);
+                    subRels = await client.runQuery(`SELECT CLSNAME FROM SEOMETAREL WHERE REFCLSNAME = '${safeName}' AND RELTYPE = '2'`, 100);
+                }
+                else {
+                    // Fall back to named table preview (Query op type)
+                    ownRels = await client.getTableContents('SEOMETAREL', 100, `CLSNAME = '${safeName}'`);
+                    subRels = await client.getTableContents('SEOMETAREL', 100, `REFCLSNAME = '${safeName}' AND RELTYPE = '2'`);
+                }
+                let superclass = null;
+                const interfaces = [];
+                for (let i = 0; i < ownRels.rows.length; i++) {
+                    const row = ownRels.rows[i];
+                    const reltype = String(row.RELTYPE ?? '').trim();
+                    const refName = String(row.REFCLSNAME ?? '').trim();
+                    if (reltype === '2') {
+                        superclass = refName;
+                    }
+                    else if (reltype === '1') {
+                        interfaces.push(refName);
+                    }
+                }
+                const subclasses = [];
+                for (let i = 0; i < subRels.rows.length; i++) {
+                    subclasses.push(String(subRels.rows[i].CLSNAME ?? '').trim());
+                }
+                const result = { className: safeName, superclass, interfaces, subclasses };
+                return textResult(JSON.stringify(result, null, 2));
+            }
+            catch (err) {
+                if (err instanceof AdtApiError && err.statusCode === 404) {
+                    return errorResult('Cannot query SEOMETAREL — table may not be accessible on this system.');
+                }
+                throw err;
+            }
+        }
         default:
-            return errorResult(`Unknown SAPNavigate action: ${action}. Supported: definition, references, completion`);
+            return errorResult(`Unknown SAPNavigate action: ${action}. Supported: definition, references, completion, hierarchy`);
     }
 }
 // ─── SAPDiagnose Handler ─────────────────────────────────────────────
@@ -1112,6 +1542,8 @@ async function handleSAPTransport(client, args) {
             if (!description)
                 return errorResult('Description is required for "create" action.');
             const id = await createTransport(client.http, client.safety, description);
+            if (!id)
+                return errorResult('Transport creation succeeded but no transport ID was returned. Check the SAP system manually.');
             return textResult(`Created transport request: ${id}`);
         }
         case 'release': {
@@ -1265,6 +1697,7 @@ async function handleSAPManage(client, config, args, cachingLayer, isPerUserClie
             featureConfig.amdp = config.featureAmdp;
             featureConfig.ui5 = config.featureUi5;
             featureConfig.transport = config.featureTransport;
+            featureConfig.ui5repo = config.featureUi5Repo;
             const probed = await probeFeatures(client.http, featureConfig, config.systemType);
             // In PP mode with a per-user client, auth-sensitive results (401/403 on any
             // feature) must not poison the global cache — another user may have different