arc-1 0.9.11 → 0.9.13

package/dist/handlers/intent.js

@@ -9,13 +9,13 @@
  * responses. Internal details (stack traces, SAP XML) are NOT
  * leaked to the LLM — only user-friendly error messages.
  */
-import { checkRepo as abapGitCheckRepo, createBranch as abapGitCreateBranch, createRepo as abapGitCreateRepo, getExternalInfo as abapGitGetExternalInfo, listRepos as abapGitListRepos, pullRepo as abapGitPullRepo, pushRepo as abapGitPushRepo, stageRepo as abapGitStageRepo, switchBranch as abapGitSwitchBranch, unlinkRepo as abapGitUnlinkRepo, } from '../adt/abapgit.js';
+import { checkRepo as abapGitCheckRepo, createBranch as abapGitCreateBranch, createRepo as abapGitCreateRepo, enforceRepoPackageAllowed as abapGitEnforceRepoPackage, getExternalInfo as abapGitGetExternalInfo, listRepos as abapGitListRepos, pullRepo as abapGitPullRepo, pushRepo as abapGitPushRepo, stageRepo as abapGitStageRepo, switchBranch as abapGitSwitchBranch, unlinkRepo as abapGitUnlinkRepo, } from '../adt/abapgit.js';
 import { buildSiblingExtensionFinding, classifyCdsImpact, deriveSiblingStem, isSiblingNameMatch, } from '../adt/cds-impact.js';
 import { diffMethodSets, extractMethodNameFromClause, findSectionAnchor, insertMethodPair, moveMethodDefinition, removeMethodPair, spliceClassDefinition, spliceMethodSignature, } from '../adt/class-structure.js';
 import { findDefinition, findInterfaceImplementersViaSeoMetaRel, findReferences, findWhereUsed, getCompletion, getWhereUsedScope, } from '../adt/codeintel.js';
 import { createObject, deleteObject, lockObject, safeUpdateClassInclude, safeUpdateObject, safeUpdateSource, unlockObject, updateObject, updateSource, } from '../adt/crud.js';
-import { buildDataElementXml, buildDomainXml, buildMessageClassXml, buildPackageXml, buildServiceBindingXml, decodeKtdText, normalizeAdtLanguage, rewriteKtdText, } from '../adt/ddic-xml.js';
-import { activate, activateBatch, applyFixProposal, getFixProposals, getPrettyPrinterSettings, prettyPrint, publishServiceBinding, runAtcCheck, runUnitTests, setPrettyPrinterSettings, syntaxCheck, unpublishServiceBinding, } from '../adt/devtools.js';
+import { buildDataElementXml, buildDomainXml, buildMessageClassXml, buildPackageXml, buildServiceBindingXml, decodeKtdText, normalizeAdtLanguage, normalizeAdtResponsible, rewriteKtdText, } from '../adt/ddic-xml.js';
+import { activate, activateBatch, applyFixProposal, getCdsTestCases, getFixProposals, getPrettyPrinterSettings, prettyPrint, publishServiceBinding, runAtcCheck, runUnitTests, setPrettyPrinterSettings, supportsCdsTestCases, syntaxCheck, unpublishServiceBinding, } from '../adt/devtools.js';
 import { getDump, getGatewayErrorDetail, getObjectState, getTraceDbAccesses, getTraceHitlist, getTraceStatements, listDumps, listGatewayErrors, listSystemMessages, listTraces, } from '../adt/diagnostics.js';
 import { AdtApiError, AdtNetworkError, AdtSafetyError, classifySapDomainError, isNotFoundError, } from '../adt/errors.js';
 import { classifyTextSearchError, mapSapReleaseToAbaplintVersion, probeFeatures } from '../adt/features.js';
@@ -27,6 +27,7 @@ import { applyRapHandlerScaffold, extractRapHandlerRequirements, findMissingRapH
 import { formatRapPreflightFindings, validateRapSource } from '../adt/rap-preflight.js';
 import { changePackage } from '../adt/refactoring.js';
 import { checkOperation, checkPackage, isOperationAllowed, OperationType } from '../adt/safety.js';
+import { createServerDrivenObject, deleteServerDrivenObject, getServerDrivenObject, isServerDrivenObjectType, serverDrivenBlueContentType, serverDrivenObjectUrl, supportsServerDrivenObject, updateServerDrivenObjectSource, } from '../adt/server-driven.js';
 import { createTransport, createTransportWithTarget, deleteTransport, getObjectTransports, getTransport, getTransportInfo, listTransportLayers, listTransports, listTransportTargets, reassignTransport, releaseTransport, releaseTransportRecursive, supportsExplicitTransportTarget, } from '../adt/transport.js';
 import { getAppInfo } from '../adt/ui5-repository.js';
 import { validateAffHeader } from '../aff/validator.js';
@@ -825,19 +826,28 @@ export async function handleToolCall(client, config, toolName, args, authInfo, _
     // For SAPSearch.tadir_lookup with source='db'|'both', synthesize a sub-action key so the
     // sql-scoped policy entry kicks in (otherwise viewer-only profiles could piggyback on the
     // ADT info-system route to issue freestyle SQL).
+    //
+    // SECURITY (privilege-escalation hardening): the scope key is derived from the SAME
+    // normalized value the handler ultimately dispatches on. `normalizeTypeArgsForValidation`
+    // upper-cases + slash-collapses `type` and coerces non-string inputs via String(), so a
+    // caller cannot evade the per-type scope gate by sending a value that misses the policy key
+    // here yet is canonicalized into a privileged type just before Zod runs. Two such bypasses
+    // existed when this lookup read the RAW `args`: an array (`type: ["TABLE_CONTENTS"]` —
+    // typeof "object" → undefined key → base `read`) and a lowercase string
+    // (`type: "table_contents"` — no `SAPRead.table_contents` key → base `read`), both of which
+    // were then normalized into the data-scoped `TABLE_CONTENTS` for the handler. Normalizing
+    // first closes the array, case, and slash-form variants in one place (and keeps the
+    // SAP_DENY_ACTIONS match below consistent with the canonical form). The normalized object is
+    // reused for Zod validation below so canonicalization happens exactly once.
     // Runs BEFORE Zod validation so scope errors don't leak schema details to unauthorized callers.
-    let actionOrType = toolName === 'SAPRead'
-        ? typeof args.type === 'string'
-            ? args.type
-            : undefined
-        : typeof args.action === 'string'
-            ? args.action
-            : undefined;
+    const normalizedArgs = normalizeTypeArgsForValidation(toolName, args);
+    const rawScopeKey = toolName === 'SAPRead' ? normalizedArgs.type : normalizedArgs.action;
+    let actionOrType = rawScopeKey === undefined || rawScopeKey === null || rawScopeKey === '' ? undefined : String(rawScopeKey);
     if (toolName === 'SAPSearch' &&
-        typeof args.searchType === 'string' &&
-        args.searchType === 'tadir_lookup' &&
-        typeof args.source === 'string') {
-        const src = args.source.toLowerCase();
+        typeof normalizedArgs.searchType === 'string' &&
+        normalizedArgs.searchType === 'tadir_lookup' &&
+        typeof normalizedArgs.source === 'string') {
+        const src = normalizedArgs.source.toLowerCase();
         if (src === 'db' || src === 'both') {
             actionOrType = `tadir_lookup_${src}`;
         }
@@ -881,7 +891,10 @@ export async function handleToolCall(client, config, toolName, args, authInfo, _
     const isBtp = config.systemType === 'btp';
     const schema = getToolSchema(toolName, isBtp);
     if (schema) {
-        args = normalizeTypeArgsForValidation(toolName, args);
+        // Reuse the normalized args computed for the scope-key derivation above —
+        // re-normalizing would be redundant (the transform is idempotent) and risks
+        // the two paths drifting.
+        args = normalizedArgs;
         const parsed = schema.safeParse(args);
         if (!parsed.success) {
             const validationError = formatZodError(parsed.error, toolName);
@@ -1098,6 +1111,20 @@ async function handleSAPRead(client, args, cachingLayer) {
     if (isBtpSystem() && BTP_HINTS[type]) {
         return errorResult(BTP_HINTS[type]);
     }
+    // Server-driven objects (ABAP Platform 2025 / SAP_BASIS 8.16+): DESD, EVTB, DTSC, COTA, …
+    // share one AFF generic-object contract (blue:blueSource metadata + AFF JSON source), read
+    // via the discovery-gated generic engine instead of the per-type switch below. They bypass
+    // the version/draft/cache machinery (no /source/main text; JSON output).
+    if (isServerDrivenObjectType(type)) {
+        if (!name)
+            return errorResult(`"name" is required for SAPRead type=${type}.`);
+        if (supportsServerDrivenObject(client.http, type) === false) {
+            return errorResult(`SAPRead type=${type} (server-driven object) requires SAP_BASIS 8.16+ (ABAP Platform 2025 / S/4HANA 2025). ` +
+                'This system does not expose this object type.');
+        }
+        const sdo = await getServerDrivenObject(client.http, client.safety, type, name);
+        return textResult(JSON.stringify(sdo, null, 2));
+    }
     if (args.force_refresh === true && cachingLayer && VERSIONED_SOURCE_READ_TYPES.has(type)) {
         cachingLayer.inactiveLists.invalidate(client.username);
         cachingLayer.invalidate(type, name, 'all');
@@ -2322,12 +2349,18 @@ export function warnCdsReservedKeywords(source) {
     return (`Warning: field name(s) ${fieldNames.map((f) => `'${f}'`).join(', ')} may be CDS reserved keywords. ` +
         `If the DDL save fails with a generic syntax error, rename them (e.g., 'position' → 'playing_position', 'type' → 'obj_type').`);
 }
-export function buildCreateXml(type, name, pkg, description, properties, language) {
+export function buildCreateXml(type, name, pkg, description, properties, language, responsible) {
     // Master/original language for the created object. Derived from the configured
     // SAP_LANGUAGE (passed by callers as config.language) so the create-XML body
     // matches the sap-language URL param ARC-1 already sends. Defaults to "EN" when
     // unset, preserving legacy output. See issue #343.
     const masterLanguage = normalizeAdtLanguage(language);
+    // Person responsible for the created object. Derived from the configured logon
+    // user (passed by callers as config.username). The legacy hard-coded "DEVELOPER"
+    // only exists on SAP demo systems, so on a real system it fails with
+    // 400 [?/049] "Enter a valid user, not DEVELOPER, as the person responsible".
+    // Defaults to "DEVELOPER" only when no user is configured. Same threading as #343.
+    const responsibleUser = normalizeAdtResponsible(responsible);
     switch (type) {
         case 'PROG':
             return `<?xml version="1.0" encoding="UTF-8"?>
@@ -2338,7 +2371,7 @@ export function buildCreateXml(type, name, pkg, description, properties, languag
                      adtcore:type="PROG/P"
                      adtcore:masterLanguage="${masterLanguage}"
                      adtcore:masterSystem="H00"
-                     adtcore:responsible="DEVELOPER">
+                     adtcore:responsible="${escapeXml(responsibleUser)}">
   <adtcore:packageRef adtcore:name="${escapeXml(pkg)}"/>
 </program:abapProgram>`;
         case 'CLAS':
@@ -2350,7 +2383,7 @@ export function buildCreateXml(type, name, pkg, description, properties, languag
                  adtcore:type="CLAS/OC"
                  adtcore:masterLanguage="${masterLanguage}"
                  adtcore:masterSystem="H00"
-                 adtcore:responsible="DEVELOPER">
+                 adtcore:responsible="${escapeXml(responsibleUser)}">
   <adtcore:packageRef adtcore:name="${escapeXml(pkg)}"/>
 </class:abapClass>`;
         case 'INTF':
@@ -2362,7 +2395,7 @@ export function buildCreateXml(type, name, pkg, description, properties, languag
                     adtcore:type="INTF/OI"
                     adtcore:masterLanguage="${masterLanguage}"
                     adtcore:masterSystem="H00"
-                    adtcore:responsible="DEVELOPER">
+                    adtcore:responsible="${escapeXml(responsibleUser)}">
   <adtcore:packageRef adtcore:name="${escapeXml(pkg)}"/>
 </intf:abapInterface>`;
         case 'INCL':
@@ -2374,7 +2407,7 @@ export function buildCreateXml(type, name, pkg, description, properties, languag
                      adtcore:type="PROG/I"
                      adtcore:masterLanguage="${masterLanguage}"
                      adtcore:masterSystem="H00"
-                     adtcore:responsible="DEVELOPER">
+                     adtcore:responsible="${escapeXml(responsibleUser)}">
   <adtcore:packageRef adtcore:name="${escapeXml(pkg)}"/>
 </include:abapInclude>`;
         case 'DDLS':
@@ -2386,7 +2419,7 @@ export function buildCreateXml(type, name, pkg, description, properties, languag
                adtcore:type="DDLS/DF"
                adtcore:masterLanguage="${masterLanguage}"
                adtcore:masterSystem="H00"
-                 adtcore:responsible="DEVELOPER">
+                 adtcore:responsible="${escapeXml(responsibleUser)}">
   <adtcore:packageRef adtcore:name="${escapeXml(pkg)}"/>
 </ddl:ddlSource>`;
         case 'DCLS':
@@ -2398,7 +2431,7 @@ export function buildCreateXml(type, name, pkg, description, properties, languag
                adtcore:type="DCLS/DL"
                adtcore:masterLanguage="${masterLanguage}"
                adtcore:masterSystem="H00"
-               adtcore:responsible="DEVELOPER">
+               adtcore:responsible="${escapeXml(responsibleUser)}">
   <adtcore:packageRef adtcore:name="${escapeXml(pkg)}"/>
 </dcl:dclSource>`;
         case 'TABL':
@@ -2416,7 +2449,7 @@ export function buildCreateXml(type, name, pkg, description, properties, languag
                  adtcore:type="${adtType}"
                  adtcore:masterLanguage="${masterLanguage}"
                  adtcore:masterSystem="H00"
-                 adtcore:responsible="DEVELOPER">
+                 adtcore:responsible="${escapeXml(responsibleUser)}">
   <adtcore:packageRef adtcore:name="${escapeXml(pkg)}"/>
 </blue:blueSource>`;
         }
@@ -2431,7 +2464,7 @@ export function buildCreateXml(type, name, pkg, description, properties, languag
                  adtcore:type="BDEF/BDO"
                  adtcore:masterLanguage="${masterLanguage}"
                  adtcore:masterSystem="H00"
-                 adtcore:responsible="DEVELOPER">
+                 adtcore:responsible="${escapeXml(responsibleUser)}">
   <adtcore:packageRef adtcore:name="${escapeXml(pkg)}"/>
 </blue:blueSource>`;
         case 'SRVD':
@@ -2443,7 +2476,7 @@ export function buildCreateXml(type, name, pkg, description, properties, languag
                  adtcore:type="SRVD/SRV"
                  adtcore:masterLanguage="${masterLanguage}"
                  adtcore:masterSystem="H00"
-                 adtcore:responsible="DEVELOPER"
+                 adtcore:responsible="${escapeXml(responsibleUser)}"
                  srvd:srvdSourceType="S">
   <adtcore:packageRef adtcore:name="${escapeXml(pkg)}"/>
 </srvd:srvdSource>`;
@@ -2464,6 +2497,7 @@ export function buildCreateXml(type, name, pkg, description, properties, languag
                 version: properties?.version ? String(properties.version) : undefined,
                 odataVersion: properties?.odataVersion ? String(properties.odataVersion) : undefined,
                 language: masterLanguage,
+                responsible: responsibleUser,
             };
             return buildServiceBindingXml(params);
         }
@@ -2476,7 +2510,7 @@ export function buildCreateXml(type, name, pkg, description, properties, languag
                  adtcore:type="DDLX/EX"
                  adtcore:masterLanguage="${masterLanguage}"
                  adtcore:masterSystem="H00"
-                     adtcore:responsible="DEVELOPER">
+                     adtcore:responsible="${escapeXml(responsibleUser)}">
   <adtcore:packageRef adtcore:name="${escapeXml(pkg)}"/>
 </ddlx:ddlxSource>`;
         case 'DOMA': {
@@ -2502,6 +2536,7 @@ export function buildCreateXml(type, name, pkg, description, properties, languag
                 fixedValues,
                 valueTable: properties?.valueTable ? String(properties.valueTable) : undefined,
                 language: masterLanguage,
+                responsible: responsibleUser,
             };
             return buildDomainXml(params);
         }
@@ -2528,6 +2563,7 @@ export function buildCreateXml(type, name, pkg, description, properties, languag
                 defaultComponentName: properties?.defaultComponentName ? String(properties.defaultComponentName) : undefined,
                 changeDocument: toBoolean(properties?.changeDocument),
                 language: masterLanguage,
+                responsible: responsibleUser,
             };
             return buildDataElementXml(params);
         }
@@ -2758,63 +2794,125 @@ function normalizeWriteObjectType(type) {
 function canonicalTablType(type) {
     return type === 'TABL/DT' || type === 'TABL/DS' ? 'TABL' : type;
 }
-/** Normalize type fields before schema validation so slash/case aliases are accepted. */
-function normalizeTypeArgsForValidation(toolName, args) {
+/**
+ * Fields whose handler INTENTIONALLY treats an explicit empty string as a meaningful
+ * signal distinct from "omitted", so the pre-validation strip must keep an empty-STRING
+ * value (a `null` is still stripped — the handlers treat null as omitted):
+ *  - `target` — SAPTransport create rejects a "provided but empty" target as a caller
+ *    mistake (vs omitted → local); see `targetProvided` in handleSAPTransport.
+ *  - `proposalUserContent` — SAPDiagnose apply_quickfix forwards an empty
+ *    `<userContent></userContent>` verbatim.
+ * Keep this set minimal: it only needs entries where a handler distinguishes ""-present
+ * from absent. Empty strings on enums/numbers/everything-else are safe to strip.
+ */
+const EMPTY_STRING_MEANINGFUL_FIELDS = new Set(['target', 'proposalUserContent']);
+/**
+ * Strip GPT/OpenAI "overpopulation" pollution before Zod validation:
+ *  - `null` values — OpenAI Structured Outputs / `strict` mode (the default for the
+ *    Responses API) emulates an optional field as a `["type","null"]` union and emits
+ *    `null` for every unused optional. `z.X().optional()` rejects `null`, so a strict
+ *    caller otherwise cannot make a clean call (every unused optional becomes null →
+ *    rejected). `null` is ALWAYS stripped (handlers treat null as omitted).
+ *  - empty / whitespace-only strings — many callers serialize an omitted optional as
+ *    `""`. On optional enums that hard-rejects; on optional numbers `z.coerce.number("")`
+ *    silently becomes `0`. Stripped, EXCEPT for the EMPTY_STRING_MEANINGFUL_FIELDS above.
+ *
+ * Preserves real `false` and `0` — ONLY `null` and empty/whitespace strings are removed.
+ * Shallow at the top level, plus one level into each `objects[]` item (SAPWrite
+ * `batch_create` / SAPActivate batch). Deliberately does NOT recurse into leaf data
+ * arrays (`messages`/`fixedValues`/`parameters`/`where`) — those carry user data where
+ * an empty string or null may be meaningful. See issue #360.
+ */
+export function stripLlmEmptyValues(args) {
+    const isStrippable = (key, v) => v === null || (typeof v === 'string' && v.trim() === '' && !EMPTY_STRING_MEANINGFUL_FIELDS.has(key));
+    const cleanShallow = (obj) => {
+        const out = {};
+        for (const [k, v] of Object.entries(obj)) {
+            if (!isStrippable(k, v))
+                out[k] = v;
+        }
+        return out;
+    };
+    const cleaned = cleanShallow(args);
+    if (Array.isArray(cleaned.objects)) {
+        cleaned.objects = cleaned.objects.map((o) => o && typeof o === 'object' && !Array.isArray(o) ? cleanShallow(o) : o);
+    }
+    return cleaned;
+}
+/** Normalize type fields before schema validation so slash/case aliases are accepted.
+ *  Also strips GPT/OpenAI pollution (null + empty strings) via stripLlmEmptyValues so the
+ *  same normalization runs for every tool — standard, hyperfocused, and the CLI all route
+ *  through handleToolCall, which calls this once before scope derivation + Zod (issue #360).
+ *  Exported for unit tests (the include-drop + strip behavior). */
+export function normalizeTypeArgsForValidation(toolName, args) {
+    const cleaned = stripLlmEmptyValues(args);
     switch (toolName) {
         case 'SAPRead':
             return {
-                ...args,
-                type: normalizeObjectType(String(args.type ?? '')),
-                objectType: args.objectType === undefined ? undefined : normalizeObjectType(String(args.objectType ?? '')),
+                ...cleaned,
+                type: normalizeObjectType(String(cleaned.type ?? '')),
+                objectType: cleaned.objectType === undefined ? undefined : normalizeObjectType(String(cleaned.objectType ?? '')),
             };
-        case 'SAPWrite':
+        case 'SAPWrite': {
             // SAPWrite preserves TABL/DT and TABL/DS so the create path can route by subtype.
+            const normType = cleaned.type === undefined ? undefined : normalizeWriteObjectType(String(cleaned.type ?? ''));
+            // Drop an inapplicable `include`: it is only meaningful for a CLAS local-include
+            // write (update/edit_method/edit_class_definition). GPT/OpenAI callers frequently
+            // attach include="definitions" to unrelated writes (DDLS/PROG/DTEL/delete/batch_create),
+            // which validateSapWriteInput would otherwise hard-reject even though the requested
+            // intent is valid. A garbage include VALUE on a real CLAS include path is still
+            // rejected by the z.enum check downstream (issue #360).
+            const action = String(cleaned.action ?? '');
+            const includeApplies = normType === 'CLAS' && (action === 'update' || action === 'edit_method' || action === 'edit_class_definition');
+            if (!includeApplies)
+                delete cleaned.include;
             return {
-                ...args,
-                type: args.type === undefined ? undefined : normalizeWriteObjectType(String(args.type ?? '')),
-                objects: Array.isArray(args.objects)
-                    ? args.objects.map((obj) => typeof obj === 'object' && obj !== null
+                ...cleaned,
+                type: normType,
+                objects: Array.isArray(cleaned.objects)
+                    ? cleaned.objects.map((obj) => typeof obj === 'object' && obj !== null
                         ? {
                             ...obj,
                             type: normalizeWriteObjectType(String(obj.type ?? '')),
                         }
                         : obj)
-                    : args.objects,
+                    : cleaned.objects,
             };
+        }
         case 'SAPActivate':
             return {
-                ...args,
-                type: args.type === undefined ? undefined : normalizeObjectType(String(args.type ?? '')),
-                objects: Array.isArray(args.objects)
-                    ? args.objects.map((obj) => typeof obj === 'object' && obj !== null
+                ...cleaned,
+                type: cleaned.type === undefined ? undefined : normalizeObjectType(String(cleaned.type ?? '')),
+                objects: Array.isArray(cleaned.objects)
+                    ? cleaned.objects.map((obj) => typeof obj === 'object' && obj !== null
                         ? {
                             ...obj,
                             type: normalizeObjectType(String(obj.type ?? '')),
                         }
                         : obj)
-                    : args.objects,
+                    : cleaned.objects,
             };
         case 'SAPSearch':
             return {
-                ...args,
-                objectType: args.objectType === undefined ? undefined : normalizeObjectType(String(args.objectType ?? '')),
+                ...cleaned,
+                objectType: cleaned.objectType === undefined ? undefined : normalizeObjectType(String(cleaned.objectType ?? '')),
             };
         case 'SAPNavigate':
             // Only normalize `type` (for URL building). `objectType` is passed to SAP's
             // where-used scope API in slash format (e.g., CLAS/OC) — normalizing it would break the filter.
             return {
-                ...args,
-                type: args.type === undefined ? undefined : normalizeObjectType(String(args.type ?? '')),
+                ...cleaned,
+                type: cleaned.type === undefined ? undefined : normalizeObjectType(String(cleaned.type ?? '')),
             };
         case 'SAPDiagnose':
             return {
-                ...args,
-                type: args.type === undefined ? undefined : normalizeObjectType(String(args.type ?? '')),
+                ...cleaned,
+                type: cleaned.type === undefined ? undefined : normalizeObjectType(String(cleaned.type ?? '')),
             };
         case 'SAPContext':
             return {
-                ...args,
-                type: args.type === undefined ? undefined : normalizeObjectType(String(args.type ?? '')),
+                ...cleaned,
+                type: cleaned.type === undefined ? undefined : normalizeObjectType(String(cleaned.type ?? '')),
             };
         case 'SAPTransport':
             // Normalize `type` for SAPTransport actions that route through
@@ -2824,11 +2922,11 @@ function normalizeTypeArgsForValidation(toolName, args) {
             // string-typed schema and hit the slash-form throw inside objectBasePath,
             // which is correct as a last-resort fence but not as a friendly error.
             return {
-                ...args,
-                type: args.type === undefined ? undefined : normalizeObjectType(String(args.type ?? '')),
+                ...cleaned,
+                type: cleaned.type === undefined ? undefined : normalizeObjectType(String(cleaned.type ?? '')),
             };
         default:
-            return args;
+            return cleaned;
     }
 }
 /**
@@ -3018,6 +3116,112 @@ function stripIncludeHeader(source) {
  * the `objects[]` items and are validated per item in the batch_create branch.
  */
 const NAME_CASE_GUARD_ACTIONS = new Set(['create', 'update', 'edit_method', 'delete']);
+/**
+ * Enforce the `allowedPackages` ceiling for an EXISTING object addressed by its
+ * ADT object URL. Resolves the object's REAL package from ADT metadata and gates
+ * it via `checkPackage`. Fail-closed: if the package can't be determined, refuse
+ * the operation rather than passing the gate. No-op (and no HTTP round-trip) when
+ * no package restrictions are configured.
+ *
+ * Shared by every mutating operation that targets an existing object —
+ * update/delete/surgery (via `enforcePackageForExistingObject`), activation, and
+ * change_package — so they all honor the same package boundary against the
+ * object's true package, never a caller-supplied package string.
+ */
+async function enforceAllowedPackageForObjectUrl(client, objectUrl, label, accept) {
+    if (client.safety.allowedPackages.length === 0)
+        return undefined;
+    const pkg = await client.resolveObjectPackage(objectUrl, accept);
+    if (!pkg) {
+        throw new AdtSafetyError(`${label} blocked: ARC-1 could not determine the object's package from ADT metadata ` +
+            `(no adtcore:packageRef/containerRef). Fail-closed because allowedPackages is restricted.`);
+    }
+    await checkPackage(client.safety, pkg, client.getPackageHierarchyResolver());
+    return pkg;
+}
+/**
+ * SAPWrite for server-driven objects (8.16+): create / update-source / delete via the generic AFF
+ * blue:blueSource + JSON-source engine. Discovery-gated (clean 8.16 error otherwise), allowWrites-gated
+ * (through the engine's checkOperation), and allowedPackages-gated against the REAL package
+ * (create gates the caller-supplied package like every create; update/delete resolve the object's true
+ * package under the blues Accept). The `source` param carries the AFF JSON — parse-validated before the
+ * PUT; ABAP-specific pre-write steps (lint, RAP preflight, CDS guard) do not apply. Create leaves the
+ * object inactive — callers follow with SAPActivate (never auto-activated).
+ */
+async function handleServerDrivenObjectWrite(client, action, type, name, args, cachingLayer) {
+    // Discovery gate — mirror handleSAPRead's server-driven branch.
+    if (supportsServerDrivenObject(client.http, type) === false) {
+        return errorResult(`SAPWrite type=${type} (server-driven object) requires SAP_BASIS 8.16+ (ABAP Platform 2025 / S/4HANA 2025). ` +
+            'This system does not expose this object type.');
+    }
+    const transport = args.transport;
+    const objUrl = serverDrivenObjectUrl(type, name);
+    const blueAccept = serverDrivenBlueContentType(type);
+    const invalidate = () => {
+        cachingLayer?.invalidate(type, name, 'all');
+        cachingLayer?.inactiveLists.invalidate(client.username);
+    };
+    // SDO source is AFF JSON (not ABAP) — validate it parses before any PUT.
+    const validateSource = () => {
+        const src = String(args.source ?? '');
+        try {
+            JSON.parse(src);
+        }
+        catch {
+            return {
+                ok: false,
+                result: errorResult(`SAPWrite ${action} for ${type} ${name}: "source" must be valid AFF JSON ` +
+                    '(e.g. {"formatVersion":"1","header":{"description":"…","originalLanguage":"en"}}).'),
+            };
+        }
+        return { ok: true, json: src };
+    };
+    const hasSourceArg = typeof args.source === 'string' && args.source.trim() !== '';
+    switch (action) {
+        case 'create': {
+            const pkg = String(args.package ?? '$TMP');
+            await checkPackage(client.safety, pkg, client.getPackageHierarchyResolver());
+            const description = String(args.description ?? name);
+            await createServerDrivenObject(client.http, client.safety, type, name, {
+                package: pkg,
+                description,
+                transport,
+            });
+            let wroteSource = false;
+            if (hasSourceArg) {
+                const v = validateSource();
+                if (!v.ok)
+                    return v.result;
+                await updateServerDrivenObjectSource(client.http, client.safety, type, name, v.json, { transport });
+                wroteSource = true;
+            }
+            invalidate();
+            return textResult(`Created ${type} ${name} in package ${pkg}${wroteSource ? ' and wrote AFF JSON source' : ''}.\n` +
+                `Next step: SAPActivate(type="${type}", name="${name}").`);
+        }
+        case 'update': {
+            if (!hasSourceArg) {
+                return errorResult(`SAPWrite update for ${type} ${name} requires "source" (the AFF JSON body).`);
+            }
+            const v = validateSource();
+            if (!v.ok)
+                return v.result;
+            await enforceAllowedPackageForObjectUrl(client, objUrl, `Operations on ${type} '${name}'`, blueAccept);
+            await updateServerDrivenObjectSource(client.http, client.safety, type, name, v.json, { transport });
+            invalidate();
+            return textResult(`Updated source of ${type} ${name}.\nNext step: SAPActivate(type="${type}", name="${name}").`);
+        }
+        case 'delete': {
+            await enforceAllowedPackageForObjectUrl(client, objUrl, `Operations on ${type} '${name}'`, blueAccept);
+            await deleteServerDrivenObject(client.http, client.safety, type, name, { transport });
+            invalidate();
+            return textResult(`Deleted ${type} ${name}.`);
+        }
+        default:
+            return errorResult(`Action "${action}" is not supported for server-driven object type ${type}. ` +
+                'Supported: create, update, delete (source is AFF JSON) — then SAPActivate to activate.');
+    }
+}
 async function handleSAPWrite(client, args, config, cachingLayer) {
     const action = String(args.action ?? '');
     const type = normalizeWriteObjectType(String(args.type ?? ''));
@@ -3052,6 +3256,14 @@ async function handleSAPWrite(client, args, config, cachingLayer) {
             `Note: the object NAME in TADIR must be uppercase, but the source code inside the object can use mixed case ` +
             `(e.g. for DDLS: name="${name.toUpperCase()}" but source can contain "define view entity ${name}").`);
     }
+    // Server-driven objects (ABAP Platform 2025 / SAP_BASIS 8.16+): DESD, EVTB, DTSC, CSNM, EVTO, COTA
+    // share one AFF generic-object write contract (POST blue:blueSource metadata → PUT AFF JSON source
+    // → activate). They route through the dedicated engine instead of the per-type switch below —
+    // objectBasePath(<sdo>) throws, so this MUST come before the objectUrl computation. Mirrors the
+    // server-driven branch in handleSAPRead.
+    if (isServerDrivenObjectType(type)) {
+        return handleServerDrivenObjectWrite(client, action, type, name, args, cachingLayer);
+    }
     // For TABL update/delete/edit_method, the existing object may live at /tables/
     // (transparent) or /structures/ (DDIC structure). Resolve once via the client's
     // cached URL probe. For 'create' the default /tables/ URL is correct (we only
@@ -3128,15 +3340,7 @@ async function handleSAPWrite(client, args, config, cachingLayer) {
     // Fail-closed: if the package cannot be determined from ADT metadata, refuse the write
     // rather than silently passing through the allowlist gate.
     async function enforcePackageForExistingObject() {
-        if (client.safety.allowedPackages.length === 0)
-            return undefined;
-        const pkg = await client.resolveObjectPackage(objectUrl);
-        if (!pkg) {
-            throw new AdtSafetyError(`Operations on ${type} '${name}' blocked: ARC-1 could not determine the object's package ` +
-                `from ADT metadata (no adtcore:packageRef in response). Fail-closed because allowedPackages is restricted.`);
-        }
-        await checkPackage(client.safety, pkg, client.getPackageHierarchyResolver());
-        return pkg;
+        return enforceAllowedPackageForObjectUrl(client, objectUrl, `Operations on ${type} '${name}'`);
     }
     // Helper for class-section surgery (issue #303): fetch the class structure AND
     // /source/main at the SAME effective version, so the spliced line ranges line
@@ -3200,7 +3404,7 @@ async function handleSAPWrite(client, args, config, cachingLayer) {
                 const mergedProps = await mergeMetadataWriteProperties(client, type, name, metadataProps);
                 const description = String(args.description ?? mergedProps._description ?? name);
                 const pkg = String(args.package ?? existingPackage ?? mergedProps._package ?? '$TMP');
-                const body = buildCreateXml(type, name, pkg, description, mergedProps, config.language);
+                const body = buildCreateXml(type, name, pkg, description, mergedProps, config.language, config.username);
                 await safeUpdateObject(client.http, client.safety, objectUrl, body, vendorContentTypeForType(type), transport, cachedFeatures?.abapRelease);
                 invalidateWrittenObject(type, name);
                 return textResult(`Successfully updated ${type} ${name}.`);
@@ -3385,7 +3589,7 @@ async function handleSAPWrite(client, args, config, cachingLayer) {
             // SAP ADT requires the root element to match the object type —
             // a generic objectReferences body returns 400 "System expected the element ...".
             const metadataProperties = getMetadataWriteProperties(args);
-            const body = buildCreateXml(type, name, pkg, description, metadataProperties, config.language);
+            const body = buildCreateXml(type, name, pkg, description, metadataProperties, config.language, config.username);
             // Step 1: Create the object (metadata only)
             const createUrl = objectUrl.replace(/\/[^/]+$/, ''); // parent collection URL
             // DOMA/DTEL/BDEF require vendor-specific content types; all other types use
@@ -4283,7 +4487,7 @@ async function handleSAPWrite(client, args, config, cachingLayer) {
                     const objUrl = objectUrlForType(objType, objName);
                     const createUrl = objUrl.replace(/\/[^/]+$/, '');
                     const objMetadataProps = getMetadataWriteProperties(obj);
-                    const body = buildCreateXml(objType, objName, objPackage, objDescription, objMetadataProps, config.language);
+                    const body = buildCreateXml(objType, objName, objPackage, objDescription, objMetadataProps, config.language, config.username);
                     const contentType = createContentTypeForType(objType);
                     const needsPackageParam = objType === 'BDEF' || objType === 'TABL' || objType === 'TABL/DT' || objType === 'TABL/DS';
                     try {
@@ -4753,6 +4957,12 @@ async function handleSAPActivate(client, args, cachingLayer) {
             }
             return { type: objType, name: objName, url };
         }));
+        // Enforce the allowedPackages ceiling against each object's REAL package before
+        // activating ANY of them — one out-of-allowlist object aborts the whole batch
+        // (no partial activation). Fail-closed; no-op when unrestricted. (security audit 2026-06)
+        for (const o of objects) {
+            await enforceAllowedPackageForObjectUrl(client, o.url, `Activation of ${o.type} '${o.name}'`);
+        }
         const result = await activateBatch(client.http, client.safety, objects, activateOpts);
         const names = objects.map((o) => o.name).join(', ');
         const batchStatuses = buildBatchActivationStatuses(objects, result);
@@ -4809,9 +5019,21 @@ async function handleSAPActivate(client, args, cachingLayer) {
         const groupLc = encodeURIComponent(group.toLowerCase());
         objectUrl = `/sap/bc/adt/functions/groups/${groupLc}/fmodules/${encodeURIComponent(name.toLowerCase())}`;
     }
+    else if (isServerDrivenObjectType(type)) {
+        // Server-driven objects (8.16+): objectBasePath(<sdo>) throws, so route via the registry href.
+        // Single-object activation only — SDO is not added to the batch resolver above (batch is
+        // RAP-stack-oriented). The generic activate() endpoint handles SDO (verified: activate(DESD) → ok).
+        objectUrl = serverDrivenObjectUrl(type, name);
+    }
     else {
         objectUrl = objectUrlForType(type, name);
     }
+    // Enforce the allowedPackages ceiling against the object's REAL package before
+    // activating — activation is a write-class state change (inactive draft → active
+    // runtime version) and must honor the same package boundary as create/update/delete.
+    // Fail-closed; no-op when allowedPackages is unrestricted. (security audit 2026-06)
+    // SDO metadata only renders its packageRef under the blues Accept — thread it for SDO types.
+    await enforceAllowedPackageForObjectUrl(client, objectUrl, `Activation of ${type} '${name}'`, isServerDrivenObjectType(type) ? serverDrivenBlueContentType(type) : undefined);
     const result = await activate(client.http, client.safety, objectUrl, { ...activateOpts, name });
     if (result.success) {
         cachingLayer?.invalidate(type, name, 'all');
@@ -5125,6 +5347,29 @@ async function handleSAPDiagnose(client, args) {
             const result = await runAtcCheck(client.http, client.safety, objectUrl, variant);
             return textResult(JSON.stringify(result, null, 2));
         }
+        case 'cds_testcases': {
+            // SAP-suggested ABAP Unit test cases for a CDS entity (CDS Test Double Framework).
+            // The CDS name goes straight into the ?ddlsourceName= query param — no object URL.
+            if (!name) {
+                return errorResult('"name" (the CDS entity / DDLS source name) is required for "cds_testcases".');
+            }
+            // Discovery-gate: the endpoint exists only on SAP_BASIS 8.16+ (ABAP Platform 2025).
+            // `false` = discovery loaded and the collection is absent (7.5x / 758) → clear message.
+            // `undefined` = discovery not loaded → attempt and let a 404/400 surface normally.
+            if (supportsCdsTestCases(client.http) === false) {
+                return errorResult('CDS test-case scaffolding requires SAP_BASIS 8.16+ (ABAP Platform 2025 / S/4HANA 2025). ' +
+                    'This system does not expose /sap/bc/adt/aunit/dbtestdoubles/cds/testcases.');
+            }
+            const result = await getCdsTestCases(client.http, client.safety, name);
+            const payload = {
+                ...result,
+                hint: `Scaffold an ABAP Unit test class for ${result.cds}: ` +
+                    `cl_cds_test_environment=>create( i_for_entity = '${result.cds}' ) in class_setup, ` +
+                    'then implement one FOR TESTING method per case (insert_test_data for the doubled sources, ' +
+                    'assert with cl_abap_unit_assert). AI testdata/testmethod generation is not exposed.',
+            };
+            return textResult(JSON.stringify(payload, null, 2));
+        }
         case 'object_state': {
             if (!name || !type)
                 return errorResult('"name" and "type" are required for "object_state" action.');
@@ -5475,6 +5720,11 @@ async function handleSAPGit(client, args, _authInfo) {
                 result = await gctsPullRepo(client.http, client.safety, repoId, String(args.commit ?? '').trim() || undefined);
             }
             else {
+                // R9: a pull deserializes remote content into the repo's server-bound package, which is
+                // NOT the caller-supplied `package` (abapGit ignores that for an existing repo). Gate the
+                // real binding against the allowlist before writing.
+                const repo = await loadAbapGitRepo(client, repoId);
+                await abapGitEnforceRepoPackage(client.safety, repo.package, client.getPackageHierarchyResolver(), 'SAPGit(action="pull")');
                 result = await abapGitPullRepo(client.http, client.safety, repoId, {
                     ...(packageName ? { package: packageName } : {}),
                     ...(url ? { url } : {}),
@@ -5489,6 +5739,9 @@ async function handleSAPGit(client, args, _authInfo) {
             if (!repoId)
                 return errorResult('SAPGit(action="push") requires repoId.');
             const repo = await loadAbapGitRepo(client, repoId);
+            // R9: push exports the repo's bound-package source to a remote git; gate that package
+            // against the allowlist (the read-side mirror of the pull gate above).
+            await abapGitEnforceRepoPackage(client.safety, repo.package, client.getPackageHierarchyResolver(), 'SAPGit(action="push")');
             const staging = Array.isArray(args.objects) && args.objects.length > 0
                 ? { repoKey: repo.key, branchName: repo.branchName, objects: args.objects }
                 : await abapGitStageRepo(client.http, client.safety, repo);
@@ -5713,8 +5966,24 @@ async function handleSAPTransport(client, args) {
             if (!id)
                 return errorResult('Transport ID is required for "delete" action.');
             const recursive = Boolean(args.recursive ?? false);
-            await deleteTransport(client.http, client.safety, id, recursive);
-            return textResult(`Deleted transport request: ${id}${recursive ? ' (recursive)' : ''}`);
+            const removeLockedObjects = Boolean(args.removeLockedObjects ?? false);
+            try {
+                await deleteTransport(client.http, client.safety, id, recursive, removeLockedObjects);
+            }
+            catch (e) {
+                // ADT refuses to delete a request/task that still holds locked objects (e.g. a deleted
+                // object's lingering record). Point the caller at removeLockedObjects instead of a raw [?/009].
+                if (!removeLockedObjects && e instanceof Error && /locked objects/i.test(e.message)) {
+                    return errorResult(`${e.message}\n\nThe request still holds locked object(s). ` +
+                        `Retry with removeLockedObjects=true to strip them first:\n` +
+                        `  SAPTransport(action="delete", id="${id}", removeLockedObjects=true)`);
+                }
+                throw e;
+            }
+            const extras = [recursive ? 'recursive' : '', removeLockedObjects ? 'removed locked objects' : '']
+                .filter(Boolean)
+                .join(', ');
+            return textResult(`Deleted transport request: ${id}${extras ? ` (${extras})` : ''}`);
         }
         case 'reassign': {
             const id = String(args.id ?? '');
@@ -5821,7 +6090,10 @@ async function handleSAPContext(client, args, cachingLayer) {
     const rawType = String(args.type ?? '');
     const type = normalizeObjectType(rawType || (action === 'impact' ? 'DDLS' : ''));
     const name = String(args.name ?? '');
-    const maxDeps = Number(args.maxDeps ?? 20);
+    // Bound dependency fan-out: a huge maxDeps would fan out unbounded SAP fetches per level
+    // (depth is already capped at 3). Clamp to [1, 100]; non-finite/<1 falls back to the default 20.
+    const rawMaxDeps = Number(args.maxDeps ?? 20);
+    const maxDeps = Number.isFinite(rawMaxDeps) && rawMaxDeps >= 1 ? Math.min(Math.floor(rawMaxDeps), 100) : 20;
     const depth = Math.min(Math.max(Number(args.depth ?? 1), 1), 3);
     // ─── Reverse dep lookup (pre-warmer only) ─────────────────────────
     if (action === 'usages') {
@@ -6143,6 +6415,7 @@ async function handleSAPManage(client, config, args, cachingLayer, isPerUserClie
             const superPackage = String(args.superPackage ?? '').trim();
             const softwareComponent = String(args.softwareComponent ?? '').trim();
             const transportLayer = String(args.transportLayer ?? '').trim();
+            const recordChanges = typeof args.recordChanges === 'boolean' ? args.recordChanges : undefined;
             const transport = String(args.transport ?? '').trim();
             if (!name)
                 return errorResult('"name" is required for create_package action.');
@@ -6201,7 +6474,9 @@ async function handleSAPManage(client, config, args, cachingLayer, isPerUserClie
                 superPackage: superPackage || undefined,
                 softwareComponent: softwareComponent || undefined,
                 transportLayer: transportLayer || undefined,
+                recordChanges,
                 packageType,
+                responsible: config.username,
             });
             await createObject(client.http, client.safety, '/sap/bc/adt/packages', xml, 'application/*', effectiveTransport, undefined, cachedFeatures?.abapRelease);
             // Hierarchy changed: invalidate any cached subtree that could contain
@@ -6269,6 +6544,12 @@ async function handleSAPManage(client, config, args, cachingLayer, isPerUserClie
                 }
                 objectUri = uriMatch[1];
             }
+            // SECURITY: gate the object's REAL package (resolved from objectUri via ADT
+            // metadata), not the caller-supplied `oldPackage` — authorization must never
+            // trust an attacker-controlled source-package string. This is the authoritative
+            // source gate; the `checkPackage(oldPackage)` above is defense-in-depth only.
+            // Fail-closed; no-op when allowedPackages is unrestricted. (security audit 2026-06)
+            await enforceAllowedPackageForObjectUrl(client, objectUri, `change_package of ${objectName}`);
             // Transport pre-flight for non-local target packages
             let effectiveTransport = transport || undefined;
             if (!effectiveTransport && newPackage.toUpperCase() !== '$TMP') {