arc-1 0.9.11 → 0.9.12

package/dist/handlers/intent.js

@@ -14,8 +14,8 @@ import { buildSiblingExtensionFinding, classifyCdsImpact, deriveSiblingStem, isS
 import { diffMethodSets, extractMethodNameFromClause, findSectionAnchor, insertMethodPair, moveMethodDefinition, removeMethodPair, spliceClassDefinition, spliceMethodSignature, } from '../adt/class-structure.js';
 import { findDefinition, findInterfaceImplementersViaSeoMetaRel, findReferences, findWhereUsed, getCompletion, getWhereUsedScope, } from '../adt/codeintel.js';
 import { createObject, deleteObject, lockObject, safeUpdateClassInclude, safeUpdateObject, safeUpdateSource, unlockObject, updateObject, updateSource, } from '../adt/crud.js';
-import { buildDataElementXml, buildDomainXml, buildMessageClassXml, buildPackageXml, buildServiceBindingXml, decodeKtdText, normalizeAdtLanguage, rewriteKtdText, } from '../adt/ddic-xml.js';
-import { activate, activateBatch, applyFixProposal, getFixProposals, getPrettyPrinterSettings, prettyPrint, publishServiceBinding, runAtcCheck, runUnitTests, setPrettyPrinterSettings, syntaxCheck, unpublishServiceBinding, } from '../adt/devtools.js';
+import { buildDataElementXml, buildDomainXml, buildMessageClassXml, buildPackageXml, buildServiceBindingXml, decodeKtdText, normalizeAdtLanguage, normalizeAdtResponsible, rewriteKtdText, } from '../adt/ddic-xml.js';
+import { activate, activateBatch, applyFixProposal, getCdsTestCases, getFixProposals, getPrettyPrinterSettings, prettyPrint, publishServiceBinding, runAtcCheck, runUnitTests, setPrettyPrinterSettings, supportsCdsTestCases, syntaxCheck, unpublishServiceBinding, } from '../adt/devtools.js';
 import { getDump, getGatewayErrorDetail, getObjectState, getTraceDbAccesses, getTraceHitlist, getTraceStatements, listDumps, listGatewayErrors, listSystemMessages, listTraces, } from '../adt/diagnostics.js';
 import { AdtApiError, AdtNetworkError, AdtSafetyError, classifySapDomainError, isNotFoundError, } from '../adt/errors.js';
 import { classifyTextSearchError, mapSapReleaseToAbaplintVersion, probeFeatures } from '../adt/features.js';
@@ -27,6 +27,7 @@ import { applyRapHandlerScaffold, extractRapHandlerRequirements, findMissingRapH
 import { formatRapPreflightFindings, validateRapSource } from '../adt/rap-preflight.js';
 import { changePackage } from '../adt/refactoring.js';
 import { checkOperation, checkPackage, isOperationAllowed, OperationType } from '../adt/safety.js';
+import { createServerDrivenObject, deleteServerDrivenObject, getServerDrivenObject, isServerDrivenObjectType, serverDrivenBlueContentType, serverDrivenObjectUrl, supportsServerDrivenObject, updateServerDrivenObjectSource, } from '../adt/server-driven.js';
 import { createTransport, createTransportWithTarget, deleteTransport, getObjectTransports, getTransport, getTransportInfo, listTransportLayers, listTransports, listTransportTargets, reassignTransport, releaseTransport, releaseTransportRecursive, supportsExplicitTransportTarget, } from '../adt/transport.js';
 import { getAppInfo } from '../adt/ui5-repository.js';
 import { validateAffHeader } from '../aff/validator.js';
@@ -825,19 +826,28 @@ export async function handleToolCall(client, config, toolName, args, authInfo, _
     // For SAPSearch.tadir_lookup with source='db'|'both', synthesize a sub-action key so the
     // sql-scoped policy entry kicks in (otherwise viewer-only profiles could piggyback on the
     // ADT info-system route to issue freestyle SQL).
+    //
+    // SECURITY (privilege-escalation hardening): the scope key is derived from the SAME
+    // normalized value the handler ultimately dispatches on. `normalizeTypeArgsForValidation`
+    // upper-cases + slash-collapses `type` and coerces non-string inputs via String(), so a
+    // caller cannot evade the per-type scope gate by sending a value that misses the policy key
+    // here yet is canonicalized into a privileged type just before Zod runs. Two such bypasses
+    // existed when this lookup read the RAW `args`: an array (`type: ["TABLE_CONTENTS"]` —
+    // typeof "object" → undefined key → base `read`) and a lowercase string
+    // (`type: "table_contents"` — no `SAPRead.table_contents` key → base `read`), both of which
+    // were then normalized into the data-scoped `TABLE_CONTENTS` for the handler. Normalizing
+    // first closes the array, case, and slash-form variants in one place (and keeps the
+    // SAP_DENY_ACTIONS match below consistent with the canonical form). The normalized object is
+    // reused for Zod validation below so canonicalization happens exactly once.
     // Runs BEFORE Zod validation so scope errors don't leak schema details to unauthorized callers.
-    let actionOrType = toolName === 'SAPRead'
-        ? typeof args.type === 'string'
-            ? args.type
-            : undefined
-        : typeof args.action === 'string'
-            ? args.action
-            : undefined;
+    const normalizedArgs = normalizeTypeArgsForValidation(toolName, args);
+    const rawScopeKey = toolName === 'SAPRead' ? normalizedArgs.type : normalizedArgs.action;
+    let actionOrType = rawScopeKey === undefined || rawScopeKey === null || rawScopeKey === '' ? undefined : String(rawScopeKey);
     if (toolName === 'SAPSearch' &&
-        typeof args.searchType === 'string' &&
-        args.searchType === 'tadir_lookup' &&
-        typeof args.source === 'string') {
-        const src = args.source.toLowerCase();
+        typeof normalizedArgs.searchType === 'string' &&
+        normalizedArgs.searchType === 'tadir_lookup' &&
+        typeof normalizedArgs.source === 'string') {
+        const src = normalizedArgs.source.toLowerCase();
         if (src === 'db' || src === 'both') {
             actionOrType = `tadir_lookup_${src}`;
         }
@@ -881,7 +891,10 @@ export async function handleToolCall(client, config, toolName, args, authInfo, _
     const isBtp = config.systemType === 'btp';
     const schema = getToolSchema(toolName, isBtp);
     if (schema) {
-        args = normalizeTypeArgsForValidation(toolName, args);
+        // Reuse the normalized args computed for the scope-key derivation above —
+        // re-normalizing would be redundant (the transform is idempotent) and risks
+        // the two paths drifting.
+        args = normalizedArgs;
         const parsed = schema.safeParse(args);
         if (!parsed.success) {
             const validationError = formatZodError(parsed.error, toolName);
@@ -1098,6 +1111,20 @@ async function handleSAPRead(client, args, cachingLayer) {
     if (isBtpSystem() && BTP_HINTS[type]) {
         return errorResult(BTP_HINTS[type]);
     }
+    // Server-driven objects (ABAP Platform 2025 / SAP_BASIS 8.16+): DESD, EVTB, DTSC, COTA, …
+    // share one AFF generic-object contract (blue:blueSource metadata + AFF JSON source), read
+    // via the discovery-gated generic engine instead of the per-type switch below. They bypass
+    // the version/draft/cache machinery (no /source/main text; JSON output).
+    if (isServerDrivenObjectType(type)) {
+        if (!name)
+            return errorResult(`"name" is required for SAPRead type=${type}.`);
+        if (supportsServerDrivenObject(client.http, type) === false) {
+            return errorResult(`SAPRead type=${type} (server-driven object) requires SAP_BASIS 8.16+ (ABAP Platform 2025 / S/4HANA 2025). ` +
+                'This system does not expose this object type.');
+        }
+        const sdo = await getServerDrivenObject(client.http, client.safety, type, name);
+        return textResult(JSON.stringify(sdo, null, 2));
+    }
     if (args.force_refresh === true && cachingLayer && VERSIONED_SOURCE_READ_TYPES.has(type)) {
         cachingLayer.inactiveLists.invalidate(client.username);
         cachingLayer.invalidate(type, name, 'all');
@@ -2322,12 +2349,18 @@ export function warnCdsReservedKeywords(source) {
     return (`Warning: field name(s) ${fieldNames.map((f) => `'${f}'`).join(', ')} may be CDS reserved keywords. ` +
         `If the DDL save fails with a generic syntax error, rename them (e.g., 'position' → 'playing_position', 'type' → 'obj_type').`);
 }
-export function buildCreateXml(type, name, pkg, description, properties, language) {
+export function buildCreateXml(type, name, pkg, description, properties, language, responsible) {
     // Master/original language for the created object. Derived from the configured
     // SAP_LANGUAGE (passed by callers as config.language) so the create-XML body
     // matches the sap-language URL param ARC-1 already sends. Defaults to "EN" when
     // unset, preserving legacy output. See issue #343.
     const masterLanguage = normalizeAdtLanguage(language);
+    // Person responsible for the created object. Derived from the configured logon
+    // user (passed by callers as config.username). The legacy hard-coded "DEVELOPER"
+    // only exists on SAP demo systems, so on a real system it fails with
+    // 400 [?/049] "Enter a valid user, not DEVELOPER, as the person responsible".
+    // Defaults to "DEVELOPER" only when no user is configured. Same threading as #343.
+    const responsibleUser = normalizeAdtResponsible(responsible);
     switch (type) {
         case 'PROG':
             return `<?xml version="1.0" encoding="UTF-8"?>
@@ -2338,7 +2371,7 @@ export function buildCreateXml(type, name, pkg, description, properties, languag
                      adtcore:type="PROG/P"
                      adtcore:masterLanguage="${masterLanguage}"
                      adtcore:masterSystem="H00"
-                     adtcore:responsible="DEVELOPER">
+                     adtcore:responsible="${escapeXml(responsibleUser)}">
   <adtcore:packageRef adtcore:name="${escapeXml(pkg)}"/>
 </program:abapProgram>`;
         case 'CLAS':
@@ -2350,7 +2383,7 @@ export function buildCreateXml(type, name, pkg, description, properties, languag
                  adtcore:type="CLAS/OC"
                  adtcore:masterLanguage="${masterLanguage}"
                  adtcore:masterSystem="H00"
-                 adtcore:responsible="DEVELOPER">
+                 adtcore:responsible="${escapeXml(responsibleUser)}">
   <adtcore:packageRef adtcore:name="${escapeXml(pkg)}"/>
 </class:abapClass>`;
         case 'INTF':
@@ -2362,7 +2395,7 @@ export function buildCreateXml(type, name, pkg, description, properties, languag
                     adtcore:type="INTF/OI"
                     adtcore:masterLanguage="${masterLanguage}"
                     adtcore:masterSystem="H00"
-                    adtcore:responsible="DEVELOPER">
+                    adtcore:responsible="${escapeXml(responsibleUser)}">
   <adtcore:packageRef adtcore:name="${escapeXml(pkg)}"/>
 </intf:abapInterface>`;
         case 'INCL':
@@ -2374,7 +2407,7 @@ export function buildCreateXml(type, name, pkg, description, properties, languag
                      adtcore:type="PROG/I"
                      adtcore:masterLanguage="${masterLanguage}"
                      adtcore:masterSystem="H00"
-                     adtcore:responsible="DEVELOPER">
+                     adtcore:responsible="${escapeXml(responsibleUser)}">
   <adtcore:packageRef adtcore:name="${escapeXml(pkg)}"/>
 </include:abapInclude>`;
         case 'DDLS':
@@ -2386,7 +2419,7 @@ export function buildCreateXml(type, name, pkg, description, properties, languag
                adtcore:type="DDLS/DF"
                adtcore:masterLanguage="${masterLanguage}"
                adtcore:masterSystem="H00"
-                 adtcore:responsible="DEVELOPER">
+                 adtcore:responsible="${escapeXml(responsibleUser)}">
   <adtcore:packageRef adtcore:name="${escapeXml(pkg)}"/>
 </ddl:ddlSource>`;
         case 'DCLS':
@@ -2398,7 +2431,7 @@ export function buildCreateXml(type, name, pkg, description, properties, languag
                adtcore:type="DCLS/DL"
                adtcore:masterLanguage="${masterLanguage}"
                adtcore:masterSystem="H00"
-               adtcore:responsible="DEVELOPER">
+               adtcore:responsible="${escapeXml(responsibleUser)}">
   <adtcore:packageRef adtcore:name="${escapeXml(pkg)}"/>
 </dcl:dclSource>`;
         case 'TABL':
@@ -2416,7 +2449,7 @@ export function buildCreateXml(type, name, pkg, description, properties, languag
                  adtcore:type="${adtType}"
                  adtcore:masterLanguage="${masterLanguage}"
                  adtcore:masterSystem="H00"
-                 adtcore:responsible="DEVELOPER">
+                 adtcore:responsible="${escapeXml(responsibleUser)}">
   <adtcore:packageRef adtcore:name="${escapeXml(pkg)}"/>
 </blue:blueSource>`;
         }
@@ -2431,7 +2464,7 @@ export function buildCreateXml(type, name, pkg, description, properties, languag
                  adtcore:type="BDEF/BDO"
                  adtcore:masterLanguage="${masterLanguage}"
                  adtcore:masterSystem="H00"
-                 adtcore:responsible="DEVELOPER">
+                 adtcore:responsible="${escapeXml(responsibleUser)}">
   <adtcore:packageRef adtcore:name="${escapeXml(pkg)}"/>
 </blue:blueSource>`;
         case 'SRVD':
@@ -2443,7 +2476,7 @@ export function buildCreateXml(type, name, pkg, description, properties, languag
                  adtcore:type="SRVD/SRV"
                  adtcore:masterLanguage="${masterLanguage}"
                  adtcore:masterSystem="H00"
-                 adtcore:responsible="DEVELOPER"
+                 adtcore:responsible="${escapeXml(responsibleUser)}"
                  srvd:srvdSourceType="S">
   <adtcore:packageRef adtcore:name="${escapeXml(pkg)}"/>
 </srvd:srvdSource>`;
@@ -2464,6 +2497,7 @@ export function buildCreateXml(type, name, pkg, description, properties, languag
                 version: properties?.version ? String(properties.version) : undefined,
                 odataVersion: properties?.odataVersion ? String(properties.odataVersion) : undefined,
                 language: masterLanguage,
+                responsible: responsibleUser,
             };
             return buildServiceBindingXml(params);
         }
@@ -2476,7 +2510,7 @@ export function buildCreateXml(type, name, pkg, description, properties, languag
                  adtcore:type="DDLX/EX"
                  adtcore:masterLanguage="${masterLanguage}"
                  adtcore:masterSystem="H00"
-                     adtcore:responsible="DEVELOPER">
+                     adtcore:responsible="${escapeXml(responsibleUser)}">
   <adtcore:packageRef adtcore:name="${escapeXml(pkg)}"/>
 </ddlx:ddlxSource>`;
         case 'DOMA': {
@@ -2502,6 +2536,7 @@ export function buildCreateXml(type, name, pkg, description, properties, languag
                 fixedValues,
                 valueTable: properties?.valueTable ? String(properties.valueTable) : undefined,
                 language: masterLanguage,
+                responsible: responsibleUser,
             };
             return buildDomainXml(params);
         }
@@ -2528,6 +2563,7 @@ export function buildCreateXml(type, name, pkg, description, properties, languag
                 defaultComponentName: properties?.defaultComponentName ? String(properties.defaultComponentName) : undefined,
                 changeDocument: toBoolean(properties?.changeDocument),
                 language: masterLanguage,
+                responsible: responsibleUser,
             };
             return buildDataElementXml(params);
         }
@@ -2758,63 +2794,125 @@ function normalizeWriteObjectType(type) {
 function canonicalTablType(type) {
     return type === 'TABL/DT' || type === 'TABL/DS' ? 'TABL' : type;
 }
-/** Normalize type fields before schema validation so slash/case aliases are accepted. */
-function normalizeTypeArgsForValidation(toolName, args) {
+/**
+ * Fields whose handler INTENTIONALLY treats an explicit empty string as a meaningful
+ * signal distinct from "omitted", so the pre-validation strip must keep an empty-STRING
+ * value (a `null` is still stripped — the handlers treat null as omitted):
+ *  - `target` — SAPTransport create rejects a "provided but empty" target as a caller
+ *    mistake (vs omitted → local); see `targetProvided` in handleSAPTransport.
+ *  - `proposalUserContent` — SAPDiagnose apply_quickfix forwards an empty
+ *    `<userContent></userContent>` verbatim.
+ * Keep this set minimal: it only needs entries where a handler distinguishes ""-present
+ * from absent. Empty strings on enums/numbers/everything-else are safe to strip.
+ */
+const EMPTY_STRING_MEANINGFUL_FIELDS = new Set(['target', 'proposalUserContent']);
+/**
+ * Strip GPT/OpenAI "overpopulation" pollution before Zod validation:
+ *  - `null` values — OpenAI Structured Outputs / `strict` mode (the default for the
+ *    Responses API) emulates an optional field as a `["type","null"]` union and emits
+ *    `null` for every unused optional. `z.X().optional()` rejects `null`, so a strict
+ *    caller otherwise cannot make a clean call (every unused optional becomes null →
+ *    rejected). `null` is ALWAYS stripped (handlers treat null as omitted).
+ *  - empty / whitespace-only strings — many callers serialize an omitted optional as
+ *    `""`. On optional enums that hard-rejects; on optional numbers `z.coerce.number("")`
+ *    silently becomes `0`. Stripped, EXCEPT for the EMPTY_STRING_MEANINGFUL_FIELDS above.
+ *
+ * Preserves real `false` and `0` — ONLY `null` and empty/whitespace strings are removed.
+ * Shallow at the top level, plus one level into each `objects[]` item (SAPWrite
+ * `batch_create` / SAPActivate batch). Deliberately does NOT recurse into leaf data
+ * arrays (`messages`/`fixedValues`/`parameters`/`where`) — those carry user data where
+ * an empty string or null may be meaningful. See issue #360.
+ */
+export function stripLlmEmptyValues(args) {
+    const isStrippable = (key, v) => v === null || (typeof v === 'string' && v.trim() === '' && !EMPTY_STRING_MEANINGFUL_FIELDS.has(key));
+    const cleanShallow = (obj) => {
+        const out = {};
+        for (const [k, v] of Object.entries(obj)) {
+            if (!isStrippable(k, v))
+                out[k] = v;
+        }
+        return out;
+    };
+    const cleaned = cleanShallow(args);
+    if (Array.isArray(cleaned.objects)) {
+        cleaned.objects = cleaned.objects.map((o) => o && typeof o === 'object' && !Array.isArray(o) ? cleanShallow(o) : o);
+    }
+    return cleaned;
+}
+/** Normalize type fields before schema validation so slash/case aliases are accepted.
+ *  Also strips GPT/OpenAI pollution (null + empty strings) via stripLlmEmptyValues so the
+ *  same normalization runs for every tool — standard, hyperfocused, and the CLI all route
+ *  through handleToolCall, which calls this once before scope derivation + Zod (issue #360).
+ *  Exported for unit tests (the include-drop + strip behavior). */
+export function normalizeTypeArgsForValidation(toolName, args) {
+    const cleaned = stripLlmEmptyValues(args);
     switch (toolName) {
         case 'SAPRead':
             return {
-                ...args,
-                type: normalizeObjectType(String(args.type ?? '')),
-                objectType: args.objectType === undefined ? undefined : normalizeObjectType(String(args.objectType ?? '')),
+                ...cleaned,
+                type: normalizeObjectType(String(cleaned.type ?? '')),
+                objectType: cleaned.objectType === undefined ? undefined : normalizeObjectType(String(cleaned.objectType ?? '')),
             };
-        case 'SAPWrite':
+        case 'SAPWrite': {
             // SAPWrite preserves TABL/DT and TABL/DS so the create path can route by subtype.
+            const normType = cleaned.type === undefined ? undefined : normalizeWriteObjectType(String(cleaned.type ?? ''));
+            // Drop an inapplicable `include`: it is only meaningful for a CLAS local-include
+            // write (update/edit_method/edit_class_definition). GPT/OpenAI callers frequently
+            // attach include="definitions" to unrelated writes (DDLS/PROG/DTEL/delete/batch_create),
+            // which validateSapWriteInput would otherwise hard-reject even though the requested
+            // intent is valid. A garbage include VALUE on a real CLAS include path is still
+            // rejected by the z.enum check downstream (issue #360).
+            const action = String(cleaned.action ?? '');
+            const includeApplies = normType === 'CLAS' && (action === 'update' || action === 'edit_method' || action === 'edit_class_definition');
+            if (!includeApplies)
+                delete cleaned.include;
             return {
-                ...args,
-                type: args.type === undefined ? undefined : normalizeWriteObjectType(String(args.type ?? '')),
-                objects: Array.isArray(args.objects)
-                    ? args.objects.map((obj) => typeof obj === 'object' && obj !== null
+                ...cleaned,
+                type: normType,
+                objects: Array.isArray(cleaned.objects)
+                    ? cleaned.objects.map((obj) => typeof obj === 'object' && obj !== null
                         ? {
                             ...obj,
                             type: normalizeWriteObjectType(String(obj.type ?? '')),
                         }
                         : obj)
-                    : args.objects,
+                    : cleaned.objects,
             };
+        }
         case 'SAPActivate':
             return {
-                ...args,
-                type: args.type === undefined ? undefined : normalizeObjectType(String(args.type ?? '')),
-                objects: Array.isArray(args.objects)
-                    ? args.objects.map((obj) => typeof obj === 'object' && obj !== null
+                ...cleaned,
+                type: cleaned.type === undefined ? undefined : normalizeObjectType(String(cleaned.type ?? '')),
+                objects: Array.isArray(cleaned.objects)
+                    ? cleaned.objects.map((obj) => typeof obj === 'object' && obj !== null
                         ? {
                             ...obj,
                             type: normalizeObjectType(String(obj.type ?? '')),
                         }
                         : obj)
-                    : args.objects,
+                    : cleaned.objects,
             };
         case 'SAPSearch':
             return {
-                ...args,
-                objectType: args.objectType === undefined ? undefined : normalizeObjectType(String(args.objectType ?? '')),
+                ...cleaned,
+                objectType: cleaned.objectType === undefined ? undefined : normalizeObjectType(String(cleaned.objectType ?? '')),
             };
         case 'SAPNavigate':
             // Only normalize `type` (for URL building). `objectType` is passed to SAP's
             // where-used scope API in slash format (e.g., CLAS/OC) — normalizing it would break the filter.
             return {
-                ...args,
-                type: args.type === undefined ? undefined : normalizeObjectType(String(args.type ?? '')),
+                ...cleaned,
+                type: cleaned.type === undefined ? undefined : normalizeObjectType(String(cleaned.type ?? '')),
             };
         case 'SAPDiagnose':
             return {
-                ...args,
-                type: args.type === undefined ? undefined : normalizeObjectType(String(args.type ?? '')),
+                ...cleaned,
+                type: cleaned.type === undefined ? undefined : normalizeObjectType(String(cleaned.type ?? '')),
             };
         case 'SAPContext':
             return {
-                ...args,
-                type: args.type === undefined ? undefined : normalizeObjectType(String(args.type ?? '')),
+                ...cleaned,
+                type: cleaned.type === undefined ? undefined : normalizeObjectType(String(cleaned.type ?? '')),
             };
         case 'SAPTransport':
             // Normalize `type` for SAPTransport actions that route through
@@ -2824,11 +2922,11 @@ function normalizeTypeArgsForValidation(toolName, args) {
             // string-typed schema and hit the slash-form throw inside objectBasePath,
             // which is correct as a last-resort fence but not as a friendly error.
             return {
-                ...args,
-                type: args.type === undefined ? undefined : normalizeObjectType(String(args.type ?? '')),
+                ...cleaned,
+                type: cleaned.type === undefined ? undefined : normalizeObjectType(String(cleaned.type ?? '')),
             };
         default:
-            return args;
+            return cleaned;
     }
 }
 /**
@@ -3018,6 +3116,112 @@ function stripIncludeHeader(source) {
  * the `objects[]` items and are validated per item in the batch_create branch.
  */
 const NAME_CASE_GUARD_ACTIONS = new Set(['create', 'update', 'edit_method', 'delete']);
+/**
+ * Enforce the `allowedPackages` ceiling for an EXISTING object addressed by its
+ * ADT object URL. Resolves the object's REAL package from ADT metadata and gates
+ * it via `checkPackage`. Fail-closed: if the package can't be determined, refuse
+ * the operation rather than passing the gate. No-op (and no HTTP round-trip) when
+ * no package restrictions are configured.
+ *
+ * Shared by every mutating operation that targets an existing object —
+ * update/delete/surgery (via `enforcePackageForExistingObject`), activation, and
+ * change_package — so they all honor the same package boundary against the
+ * object's true package, never a caller-supplied package string.
+ */
+async function enforceAllowedPackageForObjectUrl(client, objectUrl, label, accept) {
+    if (client.safety.allowedPackages.length === 0)
+        return undefined;
+    const pkg = await client.resolveObjectPackage(objectUrl, accept);
+    if (!pkg) {
+        throw new AdtSafetyError(`${label} blocked: ARC-1 could not determine the object's package from ADT metadata ` +
+            `(no adtcore:packageRef/containerRef). Fail-closed because allowedPackages is restricted.`);
+    }
+    await checkPackage(client.safety, pkg, client.getPackageHierarchyResolver());
+    return pkg;
+}
+/**
+ * SAPWrite for server-driven objects (8.16+): create / update-source / delete via the generic AFF
+ * blue:blueSource + JSON-source engine. Discovery-gated (clean 8.16 error otherwise), allowWrites-gated
+ * (through the engine's checkOperation), and allowedPackages-gated against the REAL package
+ * (create gates the caller-supplied package like every create; update/delete resolve the object's true
+ * package under the blues Accept). The `source` param carries the AFF JSON — parse-validated before the
+ * PUT; ABAP-specific pre-write steps (lint, RAP preflight, CDS guard) do not apply. Create leaves the
+ * object inactive — callers follow with SAPActivate (never auto-activated).
+ */
+async function handleServerDrivenObjectWrite(client, action, type, name, args, cachingLayer) {
+    // Discovery gate — mirror handleSAPRead's server-driven branch.
+    if (supportsServerDrivenObject(client.http, type) === false) {
+        return errorResult(`SAPWrite type=${type} (server-driven object) requires SAP_BASIS 8.16+ (ABAP Platform 2025 / S/4HANA 2025). ` +
+            'This system does not expose this object type.');
+    }
+    const transport = args.transport;
+    const objUrl = serverDrivenObjectUrl(type, name);
+    const blueAccept = serverDrivenBlueContentType(type);
+    const invalidate = () => {
+        cachingLayer?.invalidate(type, name, 'all');
+        cachingLayer?.inactiveLists.invalidate(client.username);
+    };
+    // SDO source is AFF JSON (not ABAP) — validate it parses before any PUT.
+    const validateSource = () => {
+        const src = String(args.source ?? '');
+        try {
+            JSON.parse(src);
+        }
+        catch {
+            return {
+                ok: false,
+                result: errorResult(`SAPWrite ${action} for ${type} ${name}: "source" must be valid AFF JSON ` +
+                    '(e.g. {"formatVersion":"1","header":{"description":"…","originalLanguage":"en"}}).'),
+            };
+        }
+        return { ok: true, json: src };
+    };
+    const hasSourceArg = typeof args.source === 'string' && args.source.trim() !== '';
+    switch (action) {
+        case 'create': {
+            const pkg = String(args.package ?? '$TMP');
+            await checkPackage(client.safety, pkg, client.getPackageHierarchyResolver());
+            const description = String(args.description ?? name);
+            await createServerDrivenObject(client.http, client.safety, type, name, {
+                package: pkg,
+                description,
+                transport,
+            });
+            let wroteSource = false;
+            if (hasSourceArg) {
+                const v = validateSource();
+                if (!v.ok)
+                    return v.result;
+                await updateServerDrivenObjectSource(client.http, client.safety, type, name, v.json, { transport });
+                wroteSource = true;
+            }
+            invalidate();
+            return textResult(`Created ${type} ${name} in package ${pkg}${wroteSource ? ' and wrote AFF JSON source' : ''}.\n` +
+                `Next step: SAPActivate(type="${type}", name="${name}").`);
+        }
+        case 'update': {
+            if (!hasSourceArg) {
+                return errorResult(`SAPWrite update for ${type} ${name} requires "source" (the AFF JSON body).`);
+            }
+            const v = validateSource();
+            if (!v.ok)
+                return v.result;
+            await enforceAllowedPackageForObjectUrl(client, objUrl, `Operations on ${type} '${name}'`, blueAccept);
+            await updateServerDrivenObjectSource(client.http, client.safety, type, name, v.json, { transport });
+            invalidate();
+            return textResult(`Updated source of ${type} ${name}.\nNext step: SAPActivate(type="${type}", name="${name}").`);
+        }
+        case 'delete': {
+            await enforceAllowedPackageForObjectUrl(client, objUrl, `Operations on ${type} '${name}'`, blueAccept);
+            await deleteServerDrivenObject(client.http, client.safety, type, name, { transport });
+            invalidate();
+            return textResult(`Deleted ${type} ${name}.`);
+        }
+        default:
+            return errorResult(`Action "${action}" is not supported for server-driven object type ${type}. ` +
+                'Supported: create, update, delete (source is AFF JSON) — then SAPActivate to activate.');
+    }
+}
 async function handleSAPWrite(client, args, config, cachingLayer) {
     const action = String(args.action ?? '');
     const type = normalizeWriteObjectType(String(args.type ?? ''));
@@ -3052,6 +3256,14 @@ async function handleSAPWrite(client, args, config, cachingLayer) {
             `Note: the object NAME in TADIR must be uppercase, but the source code inside the object can use mixed case ` +
             `(e.g. for DDLS: name="${name.toUpperCase()}" but source can contain "define view entity ${name}").`);
     }
+    // Server-driven objects (ABAP Platform 2025 / SAP_BASIS 8.16+): DESD, EVTB, DTSC, CSNM, EVTO, COTA
+    // share one AFF generic-object write contract (POST blue:blueSource metadata → PUT AFF JSON source
+    // → activate). They route through the dedicated engine instead of the per-type switch below —
+    // objectBasePath(<sdo>) throws, so this MUST come before the objectUrl computation. Mirrors the
+    // server-driven branch in handleSAPRead.
+    if (isServerDrivenObjectType(type)) {
+        return handleServerDrivenObjectWrite(client, action, type, name, args, cachingLayer);
+    }
     // For TABL update/delete/edit_method, the existing object may live at /tables/
     // (transparent) or /structures/ (DDIC structure). Resolve once via the client's
     // cached URL probe. For 'create' the default /tables/ URL is correct (we only
@@ -3128,15 +3340,7 @@ async function handleSAPWrite(client, args, config, cachingLayer) {
     // Fail-closed: if the package cannot be determined from ADT metadata, refuse the write
     // rather than silently passing through the allowlist gate.
     async function enforcePackageForExistingObject() {
-        if (client.safety.allowedPackages.length === 0)
-            return undefined;
-        const pkg = await client.resolveObjectPackage(objectUrl);
-        if (!pkg) {
-            throw new AdtSafetyError(`Operations on ${type} '${name}' blocked: ARC-1 could not determine the object's package ` +
-                `from ADT metadata (no adtcore:packageRef in response). Fail-closed because allowedPackages is restricted.`);
-        }
-        await checkPackage(client.safety, pkg, client.getPackageHierarchyResolver());
-        return pkg;
+        return enforceAllowedPackageForObjectUrl(client, objectUrl, `Operations on ${type} '${name}'`);
     }
     // Helper for class-section surgery (issue #303): fetch the class structure AND
     // /source/main at the SAME effective version, so the spliced line ranges line
@@ -3200,7 +3404,7 @@ async function handleSAPWrite(client, args, config, cachingLayer) {
                 const mergedProps = await mergeMetadataWriteProperties(client, type, name, metadataProps);
                 const description = String(args.description ?? mergedProps._description ?? name);
                 const pkg = String(args.package ?? existingPackage ?? mergedProps._package ?? '$TMP');
-                const body = buildCreateXml(type, name, pkg, description, mergedProps, config.language);
+                const body = buildCreateXml(type, name, pkg, description, mergedProps, config.language, config.username);
                 await safeUpdateObject(client.http, client.safety, objectUrl, body, vendorContentTypeForType(type), transport, cachedFeatures?.abapRelease);
                 invalidateWrittenObject(type, name);
                 return textResult(`Successfully updated ${type} ${name}.`);
@@ -3385,7 +3589,7 @@ async function handleSAPWrite(client, args, config, cachingLayer) {
             // SAP ADT requires the root element to match the object type —
             // a generic objectReferences body returns 400 "System expected the element ...".
             const metadataProperties = getMetadataWriteProperties(args);
-            const body = buildCreateXml(type, name, pkg, description, metadataProperties, config.language);
+            const body = buildCreateXml(type, name, pkg, description, metadataProperties, config.language, config.username);
             // Step 1: Create the object (metadata only)
             const createUrl = objectUrl.replace(/\/[^/]+$/, ''); // parent collection URL
             // DOMA/DTEL/BDEF require vendor-specific content types; all other types use
@@ -4283,7 +4487,7 @@ async function handleSAPWrite(client, args, config, cachingLayer) {
                     const objUrl = objectUrlForType(objType, objName);
                     const createUrl = objUrl.replace(/\/[^/]+$/, '');
                     const objMetadataProps = getMetadataWriteProperties(obj);
-                    const body = buildCreateXml(objType, objName, objPackage, objDescription, objMetadataProps, config.language);
+                    const body = buildCreateXml(objType, objName, objPackage, objDescription, objMetadataProps, config.language, config.username);
                     const contentType = createContentTypeForType(objType);
                     const needsPackageParam = objType === 'BDEF' || objType === 'TABL' || objType === 'TABL/DT' || objType === 'TABL/DS';
                     try {
@@ -4753,6 +4957,12 @@ async function handleSAPActivate(client, args, cachingLayer) {
             }
             return { type: objType, name: objName, url };
         }));
+        // Enforce the allowedPackages ceiling against each object's REAL package before
+        // activating ANY of them — one out-of-allowlist object aborts the whole batch
+        // (no partial activation). Fail-closed; no-op when unrestricted. (security audit 2026-06)
+        for (const o of objects) {
+            await enforceAllowedPackageForObjectUrl(client, o.url, `Activation of ${o.type} '${o.name}'`);
+        }
         const result = await activateBatch(client.http, client.safety, objects, activateOpts);
         const names = objects.map((o) => o.name).join(', ');
         const batchStatuses = buildBatchActivationStatuses(objects, result);
@@ -4809,9 +5019,21 @@ async function handleSAPActivate(client, args, cachingLayer) {
         const groupLc = encodeURIComponent(group.toLowerCase());
         objectUrl = `/sap/bc/adt/functions/groups/${groupLc}/fmodules/${encodeURIComponent(name.toLowerCase())}`;
     }
+    else if (isServerDrivenObjectType(type)) {
+        // Server-driven objects (8.16+): objectBasePath(<sdo>) throws, so route via the registry href.
+        // Single-object activation only — SDO is not added to the batch resolver above (batch is
+        // RAP-stack-oriented). The generic activate() endpoint handles SDO (verified: activate(DESD) → ok).
+        objectUrl = serverDrivenObjectUrl(type, name);
+    }
     else {
         objectUrl = objectUrlForType(type, name);
     }
+    // Enforce the allowedPackages ceiling against the object's REAL package before
+    // activating — activation is a write-class state change (inactive draft → active
+    // runtime version) and must honor the same package boundary as create/update/delete.
+    // Fail-closed; no-op when allowedPackages is unrestricted. (security audit 2026-06)
+    // SDO metadata only renders its packageRef under the blues Accept — thread it for SDO types.
+    await enforceAllowedPackageForObjectUrl(client, objectUrl, `Activation of ${type} '${name}'`, isServerDrivenObjectType(type) ? serverDrivenBlueContentType(type) : undefined);
     const result = await activate(client.http, client.safety, objectUrl, { ...activateOpts, name });
     if (result.success) {
         cachingLayer?.invalidate(type, name, 'all');
@@ -5125,6 +5347,29 @@ async function handleSAPDiagnose(client, args) {
             const result = await runAtcCheck(client.http, client.safety, objectUrl, variant);
             return textResult(JSON.stringify(result, null, 2));
         }
+        case 'cds_testcases': {
+            // SAP-suggested ABAP Unit test cases for a CDS entity (CDS Test Double Framework).
+            // The CDS name goes straight into the ?ddlsourceName= query param — no object URL.
+            if (!name) {
+                return errorResult('"name" (the CDS entity / DDLS source name) is required for "cds_testcases".');
+            }
+            // Discovery-gate: the endpoint exists only on SAP_BASIS 8.16+ (ABAP Platform 2025).
+            // `false` = discovery loaded and the collection is absent (7.5x / 758) → clear message.
+            // `undefined` = discovery not loaded → attempt and let a 404/400 surface normally.
+            if (supportsCdsTestCases(client.http) === false) {
+                return errorResult('CDS test-case scaffolding requires SAP_BASIS 8.16+ (ABAP Platform 2025 / S/4HANA 2025). ' +
+                    'This system does not expose /sap/bc/adt/aunit/dbtestdoubles/cds/testcases.');
+            }
+            const result = await getCdsTestCases(client.http, client.safety, name);
+            const payload = {
+                ...result,
+                hint: `Scaffold an ABAP Unit test class for ${result.cds}: ` +
+                    `cl_cds_test_environment=>create( i_for_entity = '${result.cds}' ) in class_setup, ` +
+                    'then implement one FOR TESTING method per case (insert_test_data for the doubled sources, ' +
+                    'assert with cl_abap_unit_assert). AI testdata/testmethod generation is not exposed.',
+            };
+            return textResult(JSON.stringify(payload, null, 2));
+        }
         case 'object_state': {
             if (!name || !type)
                 return errorResult('"name" and "type" are required for "object_state" action.');
@@ -6143,6 +6388,7 @@ async function handleSAPManage(client, config, args, cachingLayer, isPerUserClie
             const superPackage = String(args.superPackage ?? '').trim();
             const softwareComponent = String(args.softwareComponent ?? '').trim();
             const transportLayer = String(args.transportLayer ?? '').trim();
+            const recordChanges = typeof args.recordChanges === 'boolean' ? args.recordChanges : undefined;
             const transport = String(args.transport ?? '').trim();
             if (!name)
                 return errorResult('"name" is required for create_package action.');
@@ -6201,7 +6447,9 @@ async function handleSAPManage(client, config, args, cachingLayer, isPerUserClie
                 superPackage: superPackage || undefined,
                 softwareComponent: softwareComponent || undefined,
                 transportLayer: transportLayer || undefined,
+                recordChanges,
                 packageType,
+                responsible: config.username,
             });
             await createObject(client.http, client.safety, '/sap/bc/adt/packages', xml, 'application/*', effectiveTransport, undefined, cachedFeatures?.abapRelease);
             // Hierarchy changed: invalidate any cached subtree that could contain
@@ -6269,6 +6517,12 @@ async function handleSAPManage(client, config, args, cachingLayer, isPerUserClie
                 }
                 objectUri = uriMatch[1];
             }
+            // SECURITY: gate the object's REAL package (resolved from objectUri via ADT
+            // metadata), not the caller-supplied `oldPackage` — authorization must never
+            // trust an attacker-controlled source-package string. This is the authoritative
+            // source gate; the `checkPackage(oldPackage)` above is defense-in-depth only.
+            // Fail-closed; no-op when allowedPackages is unrestricted. (security audit 2026-06)
+            await enforceAllowedPackageForObjectUrl(client, objectUri, `change_package of ${objectName}`);
             // Transport pre-flight for non-local target packages
             let effectiveTransport = transport || undefined;
             if (!effectiveTransport && newPackage.toUpperCase() !== '$TMP') {