catalyst-relay 0.2.0

package/dist/index.js

@@ -0,0 +1,1744 @@
+"use strict";
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+
+// src/index.ts
+var index_exports = {};
+__export(index_exports, {
+  createClient: () => createClient,
+  err: () => err,
+  ok: () => ok
+});
+module.exports = __toCommonJS(index_exports);
+
+// src/types/result.ts
+function ok(value) {
+  return [value, null];
+}
+function err(error) {
+  return [null, error];
+}
+
+// src/core/utils/xml.ts
+var import_xmldom = require("@xmldom/xmldom");
+function safeParseXml(xmlString) {
+  if (!xmlString || xmlString.trim().length === 0) {
+    return err(new Error("Empty XML string provided"));
+  }
+  try {
+    const parser = new import_xmldom.DOMParser();
+    const doc = parser.parseFromString(xmlString, "text/xml");
+    const parseError = doc.getElementsByTagName("parsererror");
+    if (parseError.length > 0) {
+      const errorNode = parseError[0];
+      const errorText = errorNode?.textContent || "Unknown XML parsing error";
+      return err(new Error(`XML parsing failed: ${errorText}`));
+    }
+    return ok(doc);
+  } catch (error) {
+    if (error instanceof Error) {
+      return err(error);
+    }
+    return err(new Error("Unknown XML parsing error"));
+  }
+}
+function extractLockHandle(xml) {
+  if (!xml) {
+    return err(new Error("Empty XML provided"));
+  }
+  const [doc, parseErr] = safeParseXml(xml);
+  if (parseErr) {
+    return err(parseErr);
+  }
+  const lockHandleElements = doc.getElementsByTagName("LOCK_HANDLE");
+  if (lockHandleElements.length === 0) {
+    return err(new Error("LOCK_HANDLE element not found in XML"));
+  }
+  const lockHandleElement = lockHandleElements[0];
+  const lockHandle = lockHandleElement?.textContent;
+  if (!lockHandle || lockHandle.trim().length === 0) {
+    return err(new Error("LOCK_HANDLE element is empty"));
+  }
+  return ok(lockHandle.trim());
+}
+function extractError(xml) {
+  if (!xml) {
+    return "No error message found";
+  }
+  const [doc, parseErr] = safeParseXml(xml);
+  if (parseErr) {
+    return "Failed to parse error XML";
+  }
+  const messageElements = doc.getElementsByTagName("message");
+  if (messageElements.length === 0) {
+    return "No message found";
+  }
+  const messageElement = messageElements[0];
+  const message = messageElement?.textContent;
+  return message || "No message found";
+}
+function escapeXml(str) {
+  if (!str) {
+    return "";
+  }
+  return str.replace(/&/g, "&amp;").replace(/</g, "&lt;").replace(/>/g, "&gt;").replace(/"/g, "&quot;").replace(/'/g, "&apos;");
+}
+function dictToAbapXml(data, root = "DATA") {
+  const innerElements = Object.entries(data).map(([key, value]) => {
+    if (value) {
+      return `<${key}>${escapeXml(value)}</${key}>`;
+    }
+    return `<${key}/>`;
+  }).join("\n            ");
+  return `<?xml version="1.0" encoding="UTF-8"?>
+<asx:abap xmlns:asx="http://www.sap.com/abapxml" version="1.0">
+    <asx:values>
+        <${root}>
+            ${innerElements}
+        </${root}>
+    </asx:values>
+</asx:abap>`;
+}
+
+// src/core/utils/sql.ts
+var SqlValidationError = class extends Error {
+  constructor(message) {
+    super(message);
+    this.name = "SqlValidationError";
+  }
+};
+function validateSqlInput(input, maxLength = 1e4) {
+  if (typeof input !== "string") {
+    return err(new SqlValidationError("Input must be a string"));
+  }
+  if (input.length > maxLength) {
+    return err(new SqlValidationError(`Input exceeds maximum length of ${maxLength}`));
+  }
+  const dangerousPatterns = [
+    {
+      pattern: /\b(DROP|DELETE|INSERT|UPDATE|ALTER|CREATE|TRUNCATE)\s+/i,
+      description: "DDL/DML keywords (DROP, DELETE, INSERT, etc.)"
+    },
+    {
+      pattern: /;[\s]*\w/,
+      description: "Statement termination followed by another statement"
+    },
+    {
+      pattern: /--[\s]*\w/,
+      description: "SQL comments with content"
+    },
+    {
+      pattern: /\/\*.*?\*\//,
+      description: "Block comments"
+    },
+    {
+      pattern: /\bEXEC(UTE)?\s*\(/i,
+      description: "Procedure execution"
+    },
+    {
+      pattern: /\bSP_\w+/i,
+      description: "Stored procedures"
+    },
+    {
+      pattern: /\bXP_\w+/i,
+      description: "Extended stored procedures"
+    },
+    {
+      pattern: /\bUNION\s+(ALL\s+)?SELECT/i,
+      description: "Union-based injection"
+    },
+    {
+      pattern: /@@\w+/,
+      description: "System variables"
+    },
+    {
+      pattern: /\bDECLARE\s+@/i,
+      description: "Variable declarations"
+    },
+    {
+      pattern: /\bCAST\s*\(/i,
+      description: "Type casting"
+    },
+    {
+      pattern: /\bCONVERT\s*\(/i,
+      description: "Type conversion"
+    }
+  ];
+  for (const { pattern, description } of dangerousPatterns) {
+    if (pattern.test(input)) {
+      return err(new SqlValidationError(
+        `Input contains potentially dangerous SQL pattern: ${description}`
+      ));
+    }
+  }
+  const specialCharMatches = input.match(/[;'"\\]/g);
+  const specialCharCount = specialCharMatches ? specialCharMatches.length : 0;
+  if (specialCharCount > 5) {
+    return err(new SqlValidationError("Input contains excessive special characters"));
+  }
+  const singleQuoteCount = (input.match(/'/g) || []).length;
+  if (singleQuoteCount % 2 !== 0) {
+    return err(new SqlValidationError("Unbalanced single quotes detected"));
+  }
+  const doubleQuoteCount = (input.match(/"/g) || []).length;
+  if (doubleQuoteCount % 2 !== 0) {
+    return err(new SqlValidationError("Unbalanced double quotes detected"));
+  }
+  return ok(true);
+}
+
+// src/core/utils/csrf.ts
+var FETCH_CSRF_TOKEN = "fetch";
+var CSRF_TOKEN_HEADER = "x-csrf-token";
+
+// src/core/utils/headers.ts
+var BASE_HEADERS = {
+  "X-sap-adt-sessiontype": "stateful",
+  "User-Agent": "Eclipse/4.34.0 ADT/3.46.0",
+  "X-sap-adt-profiling": "server-time"
+};
+var DEFAULT_TIMEOUT = 3e4;
+function buildRequestHeaders(baseHeaders, customHeaders, auth, csrfToken) {
+  const headers = {
+    ...baseHeaders,
+    ...customHeaders ?? {}
+  };
+  if (auth?.type === "basic") {
+    const credentials = btoa(`${auth.username}:${auth.password}`);
+    headers["Authorization"] = `Basic ${credentials}`;
+  }
+  if (csrfToken && csrfToken !== FETCH_CSRF_TOKEN && !customHeaders?.[CSRF_TOKEN_HEADER]) {
+    headers[CSRF_TOKEN_HEADER] = csrfToken;
+  }
+  return headers;
+}
+function extractCsrfToken(headers) {
+  const token = headers.get(CSRF_TOKEN_HEADER) || headers.get(CSRF_TOKEN_HEADER.toLowerCase());
+  if (!token || token === FETCH_CSRF_TOKEN) {
+    return null;
+  }
+  return token;
+}
+
+// src/core/utils/logging.ts
+var isActive = false;
+function debug(message) {
+  if (isActive) {
+    console.log(`[DEBUG] ${message}`);
+  }
+}
+function debugError(message, cause) {
+  if (!isActive) return;
+  console.error(`[DEBUG] ${message}`);
+  if (cause !== void 0) {
+    console.error(`[DEBUG] Cause:`, cause);
+  }
+}
+
+// src/types/config.ts
+var import_zod = require("zod");
+var clientConfigSchema = import_zod.z.object({
+  url: import_zod.z.string().url(),
+  client: import_zod.z.string().min(1).max(3),
+  auth: import_zod.z.discriminatedUnion("type", [
+    import_zod.z.object({
+      type: import_zod.z.literal("basic"),
+      username: import_zod.z.string().min(1),
+      password: import_zod.z.string().min(1)
+    }),
+    import_zod.z.object({
+      type: import_zod.z.literal("saml"),
+      username: import_zod.z.string().min(1),
+      password: import_zod.z.string().min(1),
+      provider: import_zod.z.string().optional()
+    }),
+    import_zod.z.object({
+      type: import_zod.z.literal("sso"),
+      certificate: import_zod.z.string().optional()
+    })
+  ]),
+  timeout: import_zod.z.number().positive().optional(),
+  insecure: import_zod.z.boolean().optional()
+});
+
+// src/core/session/login.ts
+async function fetchCsrfToken(state, request) {
+  const endpoint = state.config.auth.type === "saml" ? "/sap/bc/adt/core/http/sessions" : "/sap/bc/adt/compatibility/graph";
+  const contentType = state.config.auth.type === "saml" ? "application/vnd.sap.adt.core.http.session.v3+xml" : "application/xml";
+  const headers = {
+    [CSRF_TOKEN_HEADER]: FETCH_CSRF_TOKEN,
+    "Content-Type": contentType,
+    "Accept": contentType
+  };
+  const [response, requestErr] = await request({
+    method: "GET",
+    path: endpoint,
+    headers
+  });
+  if (requestErr) {
+    return err(new Error(`Failed to fetch CSRF token: ${requestErr.message}`));
+  }
+  if (!response.ok) {
+    const text = await response.text();
+    return err(new Error(`CSRF token fetch failed with status ${response.status}: ${text}`));
+  }
+  const token = extractCsrfToken(response.headers);
+  debug(`CSRF token from headers: ${token ? token.substring(0, 20) + "..." : "null"}`);
+  if (!token) {
+    debug("Response headers:");
+    response.headers.forEach((value, key) => debug(`  ${key}: ${value.substring(0, 50)}`));
+    return err(new Error("No CSRF token returned in response headers"));
+  }
+  state.csrfToken = token;
+  debug(`Stored CSRF token in state: ${state.csrfToken?.substring(0, 20)}...`);
+  return ok(token);
+}
+async function login(state, request) {
+  if (state.config.auth.type === "saml") {
+    return err(new Error("SAML authentication not yet implemented"));
+  }
+  if (state.config.auth.type === "sso") {
+    return err(new Error("SSO authentication not yet implemented"));
+  }
+  const [token, tokenErr] = await fetchCsrfToken(state, request);
+  if (tokenErr) {
+    return err(new Error(`Login failed: ${tokenErr.message}`));
+  }
+  const username = state.config.auth.type === "basic" ? state.config.auth.username : "";
+  const session = {
+    sessionId: token,
+    username,
+    expiresAt: Date.now() + 8 * 60 * 60 * 1e3
+  };
+  state.session = session;
+  return ok(session);
+}
+async function logout(state, request) {
+  const [response, requestErr] = await request({
+    method: "POST",
+    path: "/sap/public/bc/icf/logoff"
+  });
+  if (requestErr) {
+    return err(new Error(`Logout failed: ${requestErr.message}`));
+  }
+  if (!response.ok) {
+    const text = await response.text();
+    return err(new Error(`Logout failed with status ${response.status}: ${text}`));
+  }
+  state.csrfToken = null;
+  state.session = null;
+  return ok(void 0);
+}
+async function sessionReset(state, request) {
+  await logout(state, request);
+  state.csrfToken = null;
+  state.session = null;
+  const [, loginErr] = await login(state, request);
+  if (loginErr) {
+    return err(loginErr);
+  }
+  return ok(void 0);
+}
+
+// src/core/adt/types.ts
+var OBJECT_CONFIG_MAP = {
+  "asddls": {
+    endpoint: "ddic/ddl/sources",
+    nameSpace: 'xmlns:ddl="http://www.sap.com/adt/ddic/ddlsources"',
+    rootName: "ddl:ddlSource",
+    type: "DDLS/DF",
+    label: "View" /* VIEW */,
+    extension: "asddls",
+    dpEndpoint: "cds",
+    dpParam: "ddlSourceName"
+  },
+  "asdcls": {
+    endpoint: "acm/dcl/sources",
+    nameSpace: 'xmlns:dcl="http://www.sap.com/adt/acm/dclsources"',
+    rootName: "dcl:dclSource",
+    type: "DCLS/DL",
+    label: "Access Control" /* ACCESS_CONTROL */,
+    extension: "asdcls"
+  },
+  "aclass": {
+    endpoint: "oo/classes",
+    nameSpace: 'xmlns:class="http://www.sap.com/adt/oo/classes"',
+    rootName: "class:abapClass",
+    type: "CLAS/OC",
+    label: "Class" /* CLASS */,
+    extension: "aclass"
+  },
+  "astabldt": {
+    endpoint: "ddic/tables",
+    nameSpace: 'xmlns:blue="http://www.sap.com/wbobj/blue"',
+    rootName: "blue:blueSource",
+    type: "TABL/DT",
+    label: "Table" /* TABLE */,
+    extension: "astabldt",
+    dpEndpoint: "ddic",
+    dpParam: "ddicEntityName"
+  },
+  "asprog": {
+    endpoint: "programs/programs",
+    nameSpace: 'xmlns:program="http://www.sap.com/adt/programs/programs"',
+    rootName: "program:abapProgram",
+    type: "PROG/P",
+    label: "ABAP Program" /* PROGRAM */,
+    extension: "asprog"
+  }
+};
+function getConfigByExtension(extension) {
+  return OBJECT_CONFIG_MAP[extension] ?? null;
+}
+function getConfigByType(type) {
+  for (const config of Object.values(OBJECT_CONFIG_MAP)) {
+    if (config.type === type) {
+      return config;
+    }
+  }
+  return null;
+}
+function getAllTypes() {
+  return Object.values(OBJECT_CONFIG_MAP).map((config) => config.type);
+}
+
+// src/core/adt/helpers.ts
+async function checkResponse(response, requestErr, operation) {
+  if (requestErr) return [null, requestErr];
+  if (!response) return [null, new Error(`${operation}: No response`)];
+  if (!response.ok) {
+    const text = await response.text();
+    const errorMsg = extractError(text);
+    if (errorMsg === "No message found" || errorMsg === "Failed to parse error XML") {
+      return [null, new Error(`${operation}: HTTP ${response.status} - ${text.substring(0, 500)}`)];
+    }
+    return [null, new Error(`${operation}: ${errorMsg}`)];
+  }
+  return [await response.text(), null];
+}
+function requireConfig(extension) {
+  const config = getConfigByExtension(extension);
+  if (!config) return [null, new Error(`Unsupported extension: ${extension}`)];
+  return [config, null];
+}
+
+// src/core/adt/read.ts
+async function readObject(client, object) {
+  const [config, configErr] = requireConfig(object.extension);
+  if (configErr) return err(configErr);
+  const [response, requestErr] = await client.request({
+    method: "GET",
+    path: `/sap/bc/adt/${config.endpoint}/${object.name}/source/main`,
+    headers: { "Accept": "text/plain" }
+  });
+  const [content, checkErr] = await checkResponse(
+    response,
+    requestErr,
+    `Failed to read ${config.label} ${object.name}`
+  );
+  if (checkErr) return err(checkErr);
+  const result = {
+    name: object.name,
+    extension: object.extension,
+    package: "",
+    content
+  };
+  return ok(result);
+}
+
+// src/core/adt/lock.ts
+async function lockObject(client, object) {
+  const [config, configErr] = requireConfig(object.extension);
+  if (configErr) return err(configErr);
+  const [response, requestErr] = await client.request({
+    method: "POST",
+    path: `/sap/bc/adt/${config.endpoint}/${object.name}/source/main`,
+    params: {
+      "_action": "LOCK",
+      "accessMode": "MODIFY"
+    },
+    headers: {
+      "Accept": "application/*,application/vnd.sap.as+xml;charset=UTF-8;dataname=com.sap.adt.lock.result"
+    }
+  });
+  const [text, checkErr] = await checkResponse(
+    response,
+    requestErr,
+    `Failed to lock ${config.label} ${object.name}`
+  );
+  if (checkErr) return err(checkErr);
+  const [lockHandle, extractErr] = extractLockHandle(text);
+  if (extractErr) {
+    return err(new Error(`Failed to extract lock handle: ${extractErr.message}`));
+  }
+  debug(`Lock acquired: handle=${lockHandle}`);
+  return ok(lockHandle);
+}
+async function unlockObject(client, object, lockHandle) {
+  const [config, configErr] = requireConfig(object.extension);
+  if (configErr) return err(configErr);
+  const [response, requestErr] = await client.request({
+    method: "POST",
+    path: `/sap/bc/adt/${config.endpoint}/${object.name}/source/main`,
+    params: {
+      "_action": "UNLOCK",
+      "lockHandle": lockHandle
+    }
+  });
+  const [_, checkErr] = await checkResponse(
+    response,
+    requestErr,
+    `Failed to unlock ${config.label} ${object.name}`
+  );
+  if (checkErr) return err(checkErr);
+  return ok(void 0);
+}
+
+// src/core/adt/create.ts
+async function createObject(client, object, packageName, transport, username) {
+  const [config, configErr] = requireConfig(object.extension);
+  if (configErr) return err(configErr);
+  const description = object.description ?? "";
+  const body = `<?xml version="1.0" encoding="UTF-8"?>
+<${config.rootName} ${config.nameSpace}
+    xmlns:adtcore="http://www.sap.com/adt/core"
+    adtcore:description="${escapeXml(description)}"
+    adtcore:language="EN"
+    adtcore:name="${object.name.toUpperCase()}"
+    adtcore:type="${config.type}"
+    adtcore:responsible="${username.toUpperCase()}">
+
+    <adtcore:packageRef adtcore:name="${packageName}"/>
+
+</${config.rootName}>`;
+  const params = {};
+  if (transport) {
+    params["corrNr"] = transport;
+  }
+  const [response, requestErr] = await client.request({
+    method: "POST",
+    path: `/sap/bc/adt/${config.endpoint}`,
+    params,
+    headers: { "Content-Type": "application/*" },
+    body: body.trim()
+  });
+  const [_, checkErr] = await checkResponse(
+    response,
+    requestErr,
+    `Failed to create ${config.label} ${object.name}`
+  );
+  if (checkErr) return err(checkErr);
+  return ok(void 0);
+}
+
+// src/core/adt/update.ts
+async function updateObject(client, object, lockHandle, transport) {
+  const [config, configErr] = requireConfig(object.extension);
+  if (configErr) return err(configErr);
+  const params = {
+    "lockHandle": lockHandle
+  };
+  if (transport) {
+    params["corrNr"] = transport;
+  }
+  debug(`Update ${object.name}: content length=${object.content?.length ?? 0}`);
+  const [response, requestErr] = await client.request({
+    method: "PUT",
+    path: `/sap/bc/adt/${config.endpoint}/${object.name}/source/main`,
+    params,
+    headers: { "Content-Type": "*/*" },
+    body: object.content
+  });
+  debug(`Update response: ${response?.status ?? "no response"}, err=${requestErr?.message ?? "none"}`);
+  const [_, checkErr] = await checkResponse(
+    response,
+    requestErr,
+    `Failed to update ${config.label} ${object.name}`
+  );
+  if (checkErr) return err(checkErr);
+  return ok(void 0);
+}
+
+// src/core/adt/delete.ts
+async function deleteObject(client, object, lockHandle, transport) {
+  const [config, configErr] = requireConfig(object.extension);
+  if (configErr) return err(configErr);
+  const params = {
+    "lockHandle": lockHandle
+  };
+  if (transport) {
+    params["corrNr"] = transport;
+  }
+  const [response, requestErr] = await client.request({
+    method: "DELETE",
+    path: `/sap/bc/adt/${config.endpoint}/${object.name}/source/main`,
+    params,
+    headers: { "Accept": "text/plain" }
+  });
+  const [_, checkErr] = await checkResponse(
+    response,
+    requestErr,
+    `Failed to delete ${config.label} ${object.name}`
+  );
+  if (checkErr) return err(checkErr);
+  return ok(void 0);
+}
+
+// src/core/adt/activation.ts
+async function activateObjects(client, objects) {
+  if (objects.length === 0) {
+    return ok([]);
+  }
+  const extension = objects[0].extension;
+  const config = getConfigByExtension(extension);
+  if (!config) return err(new Error(`Unsupported extension: ${extension}`));
+  for (const obj of objects) {
+    if (obj.extension !== extension) {
+      return err(new Error("All objects must have the same extension for batch activation"));
+    }
+  }
+  const objectRefs = objects.map((obj) => `<adtcore:objectReference
+                adtcore:uri="/sap/bc/adt/${config.endpoint}/${obj.name.toLowerCase()}"
+                adtcore:type="${config.type}"
+                adtcore:name="${obj.name}"
+                adtcore:description="*"/>`).join("\n            ");
+  const body = `<?xml version="1.0" encoding="UTF-8"?>
+            <adtcore:objectReferences xmlns:adtcore="http://www.sap.com/adt/core">
+            ${objectRefs}
+            </adtcore:objectReferences>`;
+  const [response, requestErr] = await client.request({
+    method: "POST",
+    path: "/sap/bc/adt/activation",
+    params: {
+      "method": "activate",
+      "preAuditRequested": "true"
+    },
+    headers: {
+      "Content-Type": "application/xml",
+      "Accept": "application/xml"
+    },
+    body
+  });
+  if (requestErr) {
+    return err(requestErr);
+  }
+  const text = await response.text();
+  debug(`Activation response status: ${response.status}`);
+  debug(`Activation response: ${text.substring(0, 500)}`);
+  if (!response.ok) {
+    const errorMsg = extractError(text);
+    return err(new Error(`Activation failed: ${errorMsg}`));
+  }
+  const [results, parseErr] = extractActivationErrors(objects, text, extension);
+  if (parseErr) {
+    return err(parseErr);
+  }
+  return ok(results);
+}
+function extractActivationErrors(objects, xml, _extension) {
+  const [doc, parseErr] = safeParseXml(xml);
+  if (parseErr) {
+    return err(parseErr);
+  }
+  const errorMap = /* @__PURE__ */ new Map();
+  objects.forEach((obj) => errorMap.set(obj.name.toLowerCase(), []));
+  const msgElements = doc.getElementsByTagName("msg");
+  const startRegex = /#start=(\d+),(\d+)/;
+  for (let i = 0; i < msgElements.length; i++) {
+    const msg = msgElements[i];
+    if (!msg) continue;
+    const type = msg.getAttribute("type");
+    if (type === "W") continue;
+    const objDescr = msg.getAttribute("objDescr");
+    const href = msg.getAttribute("href");
+    if (!objDescr || !href) continue;
+    let line;
+    let column;
+    const match = startRegex.exec(href);
+    if (match && match[1] && match[2]) {
+      line = parseInt(match[1], 10);
+      column = parseInt(match[2], 10);
+    }
+    if (!line || !column) continue;
+    const matchingObj = objects.find(
+      (obj) => objDescr.toLowerCase().includes(obj.name.toLowerCase())
+    );
+    if (!matchingObj) continue;
+    const shortTextElements = msg.getElementsByTagName("txt");
+    for (let j = 0; j < shortTextElements.length; j++) {
+      const txt = shortTextElements[j];
+      if (!txt) continue;
+      const text = txt.textContent;
+      if (!text) continue;
+      const message = {
+        severity: type === "E" ? "error" : "warning",
+        text,
+        line,
+        column
+      };
+      const messages = errorMap.get(matchingObj.name.toLowerCase()) || [];
+      messages.push(message);
+      errorMap.set(matchingObj.name.toLowerCase(), messages);
+    }
+  }
+  const results = objects.map((obj) => {
+    const messages = errorMap.get(obj.name.toLowerCase()) || [];
+    const hasErrors = messages.some((m) => m.severity === "error");
+    return {
+      name: obj.name,
+      extension: obj.extension,
+      status: hasErrors ? "error" : messages.length > 0 ? "warning" : "success",
+      messages
+    };
+  });
+  return ok(results);
+}
+
+// src/core/adt/tree.ts
+async function getTree(client, query) {
+  const internalQuery = {};
+  if (query.package) {
+    internalQuery.PACKAGE = {
+      name: query.package.startsWith("..") ? query.package : `..${query.package}`,
+      hasChildrenOfSameFacet: false
+    };
+  }
+  const [result, resultErr] = await getTreeInternal(client, internalQuery, "*");
+  if (resultErr) {
+    return err(resultErr);
+  }
+  return ok(result.nodes);
+}
+async function getTreeInternal(client, query, searchPattern) {
+  const body = constructTreeBody(query, searchPattern);
+  const [response, requestErr] = await client.request({
+    method: "POST",
+    path: "/sap/bc/adt/repository/informationsystem/virtualfolders/contents",
+    headers: {
+      "Content-Type": "application/vnd.sap.adt.repository.virtualfolders.request.v1+xml",
+      "Accept": "application/vnd.sap.adt.repository.virtualfolders.result.v1+xml"
+    },
+    body
+  });
+  if (requestErr) {
+    return err(requestErr);
+  }
+  if (!response.ok) {
+    const text2 = await response.text();
+    const errorMsg = extractError(text2);
+    return err(new Error(`Tree discovery failed: ${errorMsg}`));
+  }
+  const text = await response.text();
+  const [result, parseErr] = parseTreeResponse(text);
+  if (parseErr) {
+    return err(parseErr);
+  }
+  return ok(result);
+}
+function constructTreeBody(query, searchPattern) {
+  const facets = [];
+  const specified = {};
+  const sortedFacets = ["PACKAGE", "GROUP", "TYPE", "API"];
+  for (const facet of sortedFacets) {
+    const value = query[facet];
+    if (value) {
+      specified[facet] = value.name;
+      if (!value.hasChildrenOfSameFacet) {
+        facets.push(facet);
+      }
+    } else {
+      facets.push(facet);
+    }
+  }
+  const specifiedXml = Object.entries(specified).map(([facet, name]) => `  <vfs:preselection facet="${facet.toLowerCase()}">
+    <vfs:value>${name}</vfs:value>
+  </vfs:preselection>`).join("\n");
+  const facetsXml = facets.map((facet) => `    <vfs:facet>${facet.toLowerCase()}</vfs:facet>`).join("\n");
+  return `<?xml version="1.0" encoding="UTF-8"?>
+<vfs:virtualFoldersRequest xmlns:vfs="http://www.sap.com/adt/ris/virtualFolders" objectSearchPattern="${searchPattern}">
+${specifiedXml}
+  <vfs:facetorder>
+${facetsXml}
+  </vfs:facetorder>
+</vfs:virtualFoldersRequest>`;
+}
+function parseTreeResponse(xml) {
+  const [doc, parseErr] = safeParseXml(xml);
+  if (parseErr) {
+    return err(parseErr);
+  }
+  const nodes = [];
+  const packages = [];
+  const virtualFolders = doc.getElementsByTagName("vfs:virtualFolder");
+  for (let i = 0; i < virtualFolders.length; i++) {
+    const vf = virtualFolders[i];
+    if (!vf) continue;
+    const facet = vf.getAttribute("facet");
+    const name = vf.getAttribute("name");
+    if (facet === "PACKAGE" && name) {
+      const desc = vf.getAttribute("description");
+      const pkg = {
+        name: name.startsWith("..") ? name.substring(2) : name
+      };
+      if (desc) {
+        pkg.description = desc;
+      }
+      packages.push(pkg);
+    }
+    if (!name || !facet) continue;
+    nodes.push({
+      name: name.startsWith("..") ? name.substring(2) : name,
+      type: "folder",
+      hasChildren: vf.getAttribute("hasChildrenOfSameFacet") === "true"
+    });
+  }
+  const objects = doc.getElementsByTagName("vfs:object");
+  for (let i = 0; i < objects.length; i++) {
+    const obj = objects[i];
+    if (!obj) continue;
+    const name = obj.getAttribute("name");
+    const type = obj.getAttribute("type");
+    if (!name || !type) continue;
+    const config = getConfigByType(type);
+    if (!config) continue;
+    nodes.push({
+      name,
+      type: "object",
+      objectType: config.label,
+      extension: config.extension
+    });
+  }
+  return ok({ nodes, packages });
+}
+
+// src/core/adt/packages.ts
+async function getPackages(client) {
+  const [treeResult, treeErr] = await getTreeInternal(client, {}, "*");
+  if (treeErr) {
+    return err(treeErr);
+  }
+  return ok(treeResult.packages);
+}
+
+// src/core/adt/transports.ts
+async function getTransports(client, packageName) {
+  const contentType = "application/vnd.sap.as+xml; charset=UTF-8; dataname=com.sap.adt.transport.service.checkData";
+  const body = `<?xml version="1.0" encoding="UTF-8"?>
+                    <asx:abap version="1.0" xmlns:asx="http://www.sap.com/abapxml">
+                    <asx:values>
+                        <DATA>
+                        <PGMID></PGMID>
+                        <OBJECT></OBJECT>
+                        <OBJECTNAME></OBJECTNAME>
+                        <DEVCLASS>${packageName}</DEVCLASS>
+                        <SUPER_PACKAGE></SUPER_PACKAGE>
+                        <OPERATION>I</OPERATION>
+                        <URI>/sap/bc/adt/ddic/ddl/sources/transport_check</URI>
+                        </DATA>
+                    </asx:values>
+                    </asx:abap>`;
+  const [response, requestErr] = await client.request({
+    method: "POST",
+    path: "/sap/bc/adt/cts/transportchecks",
+    headers: {
+      "Accept": contentType,
+      "Content-Type": contentType
+    },
+    body
+  });
+  if (requestErr) {
+    return err(requestErr);
+  }
+  if (!response.ok) {
+    const text2 = await response.text();
+    const errorMsg = extractError(text2);
+    return err(new Error(`Failed to fetch transports for ${packageName}: ${errorMsg}`));
+  }
+  const text = await response.text();
+  const [transports, parseErr] = extractTransports(text);
+  if (parseErr) {
+    return err(parseErr);
+  }
+  return ok(transports);
+}
+function extractTransports(xml) {
+  const [doc, parseErr] = safeParseXml(xml);
+  if (parseErr) {
+    return err(parseErr);
+  }
+  const transports = [];
+  const reqHeaders = doc.getElementsByTagName("REQ_HEADER");
+  for (let i = 0; i < reqHeaders.length; i++) {
+    const header = reqHeaders[i];
+    if (!header) continue;
+    const trkorrElement = header.getElementsByTagName("TRKORR")[0];
+    const userElement = header.getElementsByTagName("AS4USER")[0];
+    const textElement = header.getElementsByTagName("AS4TEXT")[0];
+    if (!trkorrElement || !userElement || !textElement) continue;
+    const id = trkorrElement.textContent;
+    const owner = userElement.textContent;
+    const description = textElement.textContent;
+    if (!id || !owner || !description) continue;
+    transports.push({
+      id,
+      owner,
+      description,
+      status: "modifiable"
+    });
+  }
+  return ok(transports);
+}
+
+// src/core/adt/queryBuilder.ts
+function buildWhereClauses(filters) {
+  if (!filters || filters.length === 0) {
+    return "";
+  }
+  const clauses = filters.map((filter) => {
+    const { column, operator, value } = filter;
+    switch (operator) {
+      case "eq":
+        return `${column} = ${formatValue(value)}`;
+      case "ne":
+        return `${column} != ${formatValue(value)}`;
+      case "gt":
+        return `${column} > ${formatValue(value)}`;
+      case "ge":
+        return `${column} >= ${formatValue(value)}`;
+      case "lt":
+        return `${column} < ${formatValue(value)}`;
+      case "le":
+        return `${column} <= ${formatValue(value)}`;
+      case "like":
+        return `${column} LIKE ${formatValue(value)}`;
+      case "in":
+        if (Array.isArray(value)) {
+          const values = value.map((v) => formatValue(v)).join(", ");
+          return `${column} IN (${values})`;
+        }
+        return `${column} IN (${formatValue(value)})`;
+      default:
+        return "";
+    }
+  }).filter((c) => c);
+  if (clauses.length === 0) {
+    return "";
+  }
+  return ` WHERE ${clauses.join(" AND ")}`;
+}
+function buildOrderByClauses(orderBy) {
+  if (!orderBy || orderBy.length === 0) {
+    return "";
+  }
+  const clauses = orderBy.map((o) => `${o.column} ${o.direction.toUpperCase()}`);
+  return ` ORDER BY ${clauses.join(", ")}`;
+}
+function formatValue(value) {
+  if (value === null) {
+    return "NULL";
+  }
+  if (typeof value === "string") {
+    return `'${value.replace(/'/g, "''")}'`;
+  }
+  if (typeof value === "boolean") {
+    return value ? "1" : "0";
+  }
+  return String(value);
+}
+
+// src/core/adt/previewParser.ts
+function parseDataPreview(xml, maxRows, isTable) {
+  const [doc, parseErr] = safeParseXml(xml);
+  if (parseErr) {
+    return err(parseErr);
+  }
+  const namespace = "http://www.sap.com/adt/dataPreview";
+  const metadataElements = doc.getElementsByTagNameNS(namespace, "metadata");
+  const columns = [];
+  for (let i = 0; i < metadataElements.length; i++) {
+    const meta = metadataElements[i];
+    if (!meta) continue;
+    const nameAttr = isTable ? "name" : "camelCaseName";
+    const name = meta.getAttributeNS(namespace, nameAttr) || meta.getAttribute("name");
+    const dataType = meta.getAttributeNS(namespace, "colType") || meta.getAttribute("colType");
+    if (!name || !dataType) continue;
+    columns.push({ name, dataType });
+  }
+  if (columns.length === 0) {
+    return err(new Error("No columns found in preview response"));
+  }
+  const dataSetElements = doc.getElementsByTagNameNS(namespace, "dataSet");
+  const columnData = Array.from({ length: columns.length }, () => []);
+  for (let i = 0; i < dataSetElements.length; i++) {
+    const dataSet = dataSetElements[i];
+    if (!dataSet) continue;
+    const dataElements = dataSet.getElementsByTagNameNS(namespace, "data");
+    for (let j = 0; j < dataElements.length; j++) {
+      const data = dataElements[j];
+      if (!data) continue;
+      const value = data.textContent?.trim() || "";
+      columnData[i].push(value);
+    }
+  }
+  const rows = [];
+  const rowCount = columnData[0]?.length || 0;
+  for (let i = 0; i < Math.min(rowCount, maxRows); i++) {
+    const row = [];
+    for (let j = 0; j < columns.length; j++) {
+      row.push(columnData[j][i]);
+    }
+    rows.push(row);
+  }
+  const dataFrame = {
+    columns,
+    rows,
+    totalRows: rowCount
+  };
+  return ok(dataFrame);
+}
+
+// src/core/adt/data.ts
+async function previewData(client, query) {
+  const extension = query.objectType === "table" ? "astabldt" : "asddls";
+  const config = getConfigByExtension(extension);
+  if (!config || !config.dpEndpoint || !config.dpParam) {
+    return err(new Error(`Data preview not supported for object type: ${query.objectType}`));
+  }
+  const limit = query.limit ?? 100;
+  const whereClauses = buildWhereClauses(query.filters);
+  const orderByClauses = buildOrderByClauses(query.orderBy);
+  const sqlQuery = `select * from ${query.objectName}${whereClauses}${orderByClauses}`;
+  const [, validationErr] = validateSqlInput(sqlQuery);
+  if (validationErr) {
+    return err(new Error(`SQL validation failed: ${validationErr.message}`));
+  }
+  debug(`Data preview: endpoint=${config.dpEndpoint}, param=${config.dpParam}=${query.objectName}`);
+  debug(`SQL: ${sqlQuery}`);
+  const [response, requestErr] = await client.request({
+    method: "POST",
+    path: `/sap/bc/adt/datapreview/${config.dpEndpoint}`,
+    params: {
+      "rowNumber": limit,
+      [config.dpParam]: query.objectName
+    },
+    headers: {
+      "Accept": "application/vnd.sap.adt.datapreview.table.v1+xml",
+      "Content-Type": "text/plain"
+    },
+    body: sqlQuery
+  });
+  if (requestErr) {
+    return err(requestErr);
+  }
+  if (!response.ok) {
+    const text2 = await response.text();
+    debug(`Data preview error response: ${text2.substring(0, 500)}`);
+    const errorMsg = extractError(text2);
+    return err(new Error(`Data preview failed: ${errorMsg}`));
+  }
+  const text = await response.text();
+  const [dataFrame, parseErr] = parseDataPreview(text, limit, query.objectType === "table");
+  if (parseErr) {
+    return err(parseErr);
+  }
+  return ok(dataFrame);
+}
+
+// src/core/adt/distinct.ts
+var MAX_ROW_COUNT = 5e4;
+async function getDistinctValues(client, objectName, column, objectType = "view") {
+  const extension = objectType === "table" ? "astabldt" : "asddls";
+  const config = getConfigByExtension(extension);
+  if (!config || !config.dpEndpoint || !config.dpParam) {
+    return err(new Error(`Data preview not supported for object type: ${objectType}`));
+  }
+  const columnName = column.toUpperCase();
+  const sqlQuery = `SELECT ${columnName} AS value, COUNT(*) AS count FROM ${objectName} GROUP BY ${columnName}`;
+  const [, validationErr] = validateSqlInput(sqlQuery);
+  if (validationErr) {
+    return err(new Error(`SQL validation failed: ${validationErr.message}`));
+  }
+  const [response, requestErr] = await client.request({
+    method: "POST",
+    path: `/sap/bc/adt/datapreview/${config.dpEndpoint}`,
+    params: {
+      "rowNumber": MAX_ROW_COUNT,
+      [config.dpParam]: objectName
+    },
+    headers: {
+      "Accept": "application/vnd.sap.adt.datapreview.table.v1+xml"
+    },
+    body: sqlQuery
+  });
+  if (requestErr) {
+    return err(requestErr);
+  }
+  if (!response.ok) {
+    const text2 = await response.text();
+    const errorMsg = extractError(text2);
+    return err(new Error(`Distinct values query failed: ${errorMsg}`));
+  }
+  const text = await response.text();
+  const [doc, parseErr] = safeParseXml(text);
+  if (parseErr) {
+    return err(parseErr);
+  }
+  const dataSets = doc.getElementsByTagNameNS("http://www.sap.com/adt/dataPreview", "dataSet");
+  const values = [];
+  for (let i = 0; i < dataSets.length; i++) {
+    const dataSet = dataSets[i];
+    if (!dataSet) continue;
+    const dataElements = dataSet.getElementsByTagNameNS("http://www.sap.com/adt/dataPreview", "data");
+    if (dataElements.length < 2) continue;
+    const value = dataElements[0]?.textContent ?? "";
+    const countText = dataElements[1]?.textContent?.trim() ?? "0";
+    values.push({
+      value,
+      count: parseInt(countText, 10)
+    });
+  }
+  const result = {
+    column,
+    values
+  };
+  return ok(result);
+}
+
+// src/core/adt/count.ts
+async function countRows(client, objectName, objectType) {
+  const extension = objectType === "table" ? "astabldt" : "asddls";
+  const config = getConfigByExtension(extension);
+  if (!config || !config.dpEndpoint || !config.dpParam) {
+    return err(new Error(`Data preview not supported for object type: ${objectType}`));
+  }
+  const sqlQuery = `SELECT COUNT(*) AS count FROM ${objectName}`;
+  const [, validationErr] = validateSqlInput(sqlQuery);
+  if (validationErr) {
+    return err(new Error(`SQL validation failed: ${validationErr.message}`));
+  }
+  const [response, requestErr] = await client.request({
+    method: "POST",
+    path: `/sap/bc/adt/datapreview/${config.dpEndpoint}`,
+    params: {
+      "rowNumber": 1,
+      [config.dpParam]: objectName
+    },
+    headers: {
+      "Accept": "application/vnd.sap.adt.datapreview.table.v1+xml"
+    },
+    body: sqlQuery
+  });
+  if (requestErr) {
+    return err(requestErr);
+  }
+  if (!response.ok) {
+    const text2 = await response.text();
+    const errorMsg = extractError(text2);
+    return err(new Error(`Row count query failed: ${errorMsg}`));
+  }
+  const text = await response.text();
+  const [doc, parseErr] = safeParseXml(text);
+  if (parseErr) {
+    return err(parseErr);
+  }
+  const dataElements = doc.getElementsByTagNameNS("http://www.sap.com/adt/dataPreview", "data");
+  if (dataElements.length === 0) {
+    return err(new Error("No count value returned"));
+  }
+  const countText = dataElements[0]?.textContent?.trim();
+  if (!countText) {
+    return err(new Error("Empty count value returned"));
+  }
+  const count = parseInt(countText, 10);
+  if (isNaN(count)) {
+    return err(new Error("Invalid count value returned"));
+  }
+  return ok(count);
+}
+
+// src/core/adt/searchObjects.ts
+async function searchObjects(client, query, types) {
+  const searchPattern = query || "*";
+  const objectTypes = types && types.length > 0 ? types : getAllTypes();
+  const params = [
+    ["operation", "quickSearch"],
+    ["query", searchPattern],
+    ["maxResults", "10001"]
+  ];
+  for (const type of objectTypes) {
+    params.push(["objectType", type]);
+  }
+  const urlParams = new URLSearchParams();
+  for (const [key, value] of params) {
+    urlParams.append(key, value);
+  }
+  const [response, requestErr] = await client.request({
+    method: "GET",
+    path: `/sap/bc/adt/repository/informationsystem/search?${urlParams.toString()}`
+  });
+  if (requestErr) {
+    return err(requestErr);
+  }
+  if (!response.ok) {
+    const text2 = await response.text();
+    const errorMsg = extractError(text2);
+    return err(new Error(`Search failed: ${errorMsg}`));
+  }
+  const text = await response.text();
+  const [results, parseErr] = parseSearchResults(text);
+  if (parseErr) {
+    return err(parseErr);
+  }
+  return ok(results);
+}
+function parseSearchResults(xml) {
+  const [doc, parseErr] = safeParseXml(xml);
+  if (parseErr) {
+    return err(parseErr);
+  }
+  const results = [];
+  const objectRefs = doc.getElementsByTagNameNS("http://www.sap.com/adt/core", "objectReference");
+  for (let i = 0; i < objectRefs.length; i++) {
+    const obj = objectRefs[i];
+    if (!obj) continue;
+    const name = obj.getAttributeNS("http://www.sap.com/adt/core", "name") || obj.getAttribute("adtcore:name");
+    const type = obj.getAttributeNS("http://www.sap.com/adt/core", "type") || obj.getAttribute("adtcore:type");
+    const description = obj.getAttributeNS("http://www.sap.com/adt/core", "description") || obj.getAttribute("adtcore:description");
+    if (!name || !type) continue;
+    const config = getConfigByType(type);
+    if (!config) continue;
+    const packageRef = obj.getElementsByTagNameNS("http://www.sap.com/adt/core", "packageRef")[0];
+    const packageName = packageRef ? packageRef.getAttributeNS("http://www.sap.com/adt/core", "name") || packageRef.getAttribute("adtcore:name") : "";
+    const result = {
+      name,
+      extension: config.extension,
+      package: packageName || "",
+      objectType: config.label
+    };
+    if (description) {
+      result.description = description;
+    }
+    results.push(result);
+  }
+  return ok(results);
+}
+
+// src/core/adt/whereUsed.ts
+async function findWhereUsed(client, object) {
+  const config = getConfigByExtension(object.extension);
+  if (!config) {
+    return err(new Error(`Unsupported extension: ${object.extension}`));
+  }
+  const uri = `/sap/bc/adt/${config.endpoint}/${object.name}`;
+  const body = `<?xml version="1.0" encoding="UTF-8"?>
+    <usagereferences:usageReferenceRequest xmlns:usagereferences="http://www.sap.com/adt/ris/usageReferences">
+      <usagereferences:affectedObjects/>
+    </usagereferences:usageReferenceRequest>`;
+  const [response, requestErr] = await client.request({
+    method: "POST",
+    path: "/sap/bc/adt/repository/informationsystem/usageReferences",
+    params: {
+      "uri": uri,
+      "ris_request_type": "usageReferences"
+    },
+    headers: {
+      "Content-Type": "application/vnd.sap.adt.repository.usagereferences.request.v1+xml",
+      "Accept": "application/vnd.sap.adt.repository.usagereferences.result.v1+xml"
+    },
+    body
+  });
+  if (requestErr) {
+    return err(requestErr);
+  }
+  if (!response.ok) {
+    const text2 = await response.text();
+    const errorMsg = extractError(text2);
+    return err(new Error(`Where-used query failed: ${errorMsg}`));
+  }
+  const text = await response.text();
+  const [dependencies, parseErr] = parseWhereUsed(text);
+  if (parseErr) {
+    return err(parseErr);
+  }
+  return ok(dependencies);
+}
+function parseWhereUsed(xml) {
+  const [doc, parseErr] = safeParseXml(xml);
+  if (parseErr) {
+    return err(parseErr);
+  }
+  const dependencies = [];
+  const referencedObjects = doc.getElementsByTagNameNS(
+    "http://www.sap.com/adt/ris/usageReferences",
+    "referencedObject"
+  );
+  for (let i = 0; i < referencedObjects.length; i++) {
+    const refObj = referencedObjects[i];
+    if (!refObj) continue;
+    const adtObject = refObj.getElementsByTagNameNS(
+      "http://www.sap.com/adt/ris/usageReferences",
+      "adtObject"
+    )[0];
+    if (!adtObject) continue;
+    const name = adtObject.getAttributeNS("http://www.sap.com/adt/core", "name") || adtObject.getAttribute("adtcore:name");
+    const type = adtObject.getAttributeNS("http://www.sap.com/adt/core", "type") || adtObject.getAttribute("adtcore:type");
+    if (!name || !type) continue;
+    const config = getConfigByType(type);
+    if (!config) continue;
+    const packageRef = adtObject.getElementsByTagNameNS("http://www.sap.com/adt/core", "packageRef")[0];
+    const packageName = packageRef ? packageRef.getAttributeNS("http://www.sap.com/adt/core", "name") || packageRef.getAttribute("adtcore:name") : "";
+    dependencies.push({
+      name,
+      extension: config.extension,
+      package: packageName || "",
+      usageType: "reference"
+    });
+  }
+  return ok(dependencies);
+}
+
+// src/core/adt/createTransport.ts
+async function createTransport(client, config) {
+  const body = dictToAbapXml({
+    DEVCLASS: config.package,
+    REQUEST_TEXT: config.description,
+    REF: "",
+    OPERATION: "I"
+  });
+  const [response, requestErr] = await client.request({
+    method: "POST",
+    path: "/sap/bc/adt/cts/transports",
+    headers: {
+      "Content-Type": "application/vnd.sap.as+xml; charset=UTF-8; dataname=com.sap.adt.CreateCorrectionRequest",
+      "Accept": "text/plain"
+    },
+    body
+  });
+  if (requestErr) return err(requestErr);
+  if (!response.ok) {
+    const text2 = await response.text();
+    const errorMsg = extractError(text2);
+    return err(new Error(`Failed to create transport for ${config.package}: ${errorMsg}`));
+  }
+  const text = await response.text();
+  const transportId = text.trim().split("/").pop();
+  if (!transportId) {
+    return err(new Error("Failed to parse transport ID from response"));
+  }
+  return ok(transportId);
+}
+
+// src/core/adt/gitDiff.ts
+var import_diff = require("diff");
+function computeDiff(serverLines, localLines) {
+  const changes = (0, import_diff.diffArrays)(serverLines, localLines);
+  const hunks = [];
+  let diffIndex = 0;
+  let localIndex = 0;
+  for (let i = 0; i < changes.length; i++) {
+    const change = changes[i];
+    if (!change) continue;
+    if (!change.added && !change.removed) {
+      const count = change.count ?? change.value.length;
+      diffIndex += count;
+      localIndex += count;
+      continue;
+    }
+    if (change.removed) {
+      const nextChange = changes[i + 1];
+      if (nextChange?.added) {
+        const serverChanges = change.value;
+        const localChanges = nextChange.value;
+        const modHunk = {
+          type: "modification",
+          length: serverChanges.length + localChanges.length,
+          diffStart: diffIndex,
+          localStart: localIndex,
+          changes: [serverChanges, localChanges]
+        };
+        hunks.push(modHunk);
+        diffIndex += serverChanges.length + localChanges.length;
+        localIndex += localChanges.length;
+        i++;
+        continue;
+      }
+      const deletionHunk = {
+        type: "deletion",
+        length: change.value.length,
+        diffStart: diffIndex,
+        localStart: localIndex,
+        changes: change.value
+      };
+      hunks.push(deletionHunk);
+      diffIndex += change.value.length;
+      continue;
+    }
+    if (!change.added) continue;
+    const additionHunk = {
+      type: "addition",
+      length: change.value.length,
+      diffStart: diffIndex,
+      localStart: localIndex,
+      changes: change.value
+    };
+    hunks.push(additionHunk);
+    diffIndex += change.value.length;
+    localIndex += change.value.length;
+  }
+  return hunks;
+}
+async function gitDiff(client, object) {
+  const [serverObj, readErr] = await readObject(client, {
+    name: object.name,
+    extension: object.extension
+  });
+  if (readErr) {
+    return err(new Error(`${object.name} does not exist on server`));
+  }
+  const config = getConfigByExtension(object.extension);
+  const label = config?.label ?? object.extension;
+  const serverLines = serverObj.content.split("\n");
+  const localLines = object.content.split("\n");
+  const diffs = computeDiff(serverLines, localLines);
+  return ok({
+    name: serverObj.name,
+    extension: serverObj.extension,
+    label,
+    diffs
+  });
+}
+
+// src/core/client.ts
+var import_undici = require("undici");
+function buildParams(baseParams, clientNum) {
+  const params = new URLSearchParams();
+  if (baseParams) {
+    for (const [key, value] of Object.entries(baseParams)) {
+      params.append(key, String(value));
+    }
+  }
+  params.append("sap-client", clientNum);
+  return params;
+}
+function buildUrl2(baseUrl, path, params) {
+  const url = new URL(path, baseUrl);
+  if (params) {
+    for (const [key, value] of params.entries()) {
+      url.searchParams.append(key, value);
+    }
+  }
+  return url.toString();
+}
+var ADTClientImpl = class {
+  state;
+  requestor;
+  agent;
+  constructor(config) {
+    this.state = {
+      config,
+      session: null,
+      csrfToken: null,
+      cookies: /* @__PURE__ */ new Map()
+    };
+    this.requestor = { request: this.request.bind(this) };
+    if (config.insecure) {
+      this.agent = new import_undici.Agent({
+        connect: {
+          rejectUnauthorized: false,
+          checkServerIdentity: () => void 0
+          // Skip hostname verification
+        }
+      });
+    }
+  }
+  get session() {
+    return this.state.session;
+  }
+  // --- Private helpers ---
+  storeCookies(response) {
+    const setCookieHeader = response.headers.get("set-cookie");
+    if (!setCookieHeader) return;
+    const cookieStrings = setCookieHeader.split(/,(?=\s*\w+=)/);
+    for (const cookieStr of cookieStrings) {
+      const match = cookieStr.match(/^([^=]+)=([^;]*)/);
+      if (match && match[1] && match[2]) {
+        this.state.cookies.set(match[1].trim(), match[2].trim());
+      }
+    }
+  }
+  buildCookieHeader() {
+    if (this.state.cookies.size === 0) return null;
+    return Array.from(this.state.cookies.entries()).map(([name, value]) => `${name}=${value}`).join("; ");
+  }
+  // Core HTTP request function with CSRF token injection and automatic retry on 403 errors
+  async request(options) {
+    const { method, path, params, headers: customHeaders, body } = options;
+    const { config } = this.state;
+    debug(`Request ${method} ${path} - CSRF token in state: ${this.state.csrfToken?.substring(0, 20) || "null"}...`);
+    const headers = buildRequestHeaders(
+      BASE_HEADERS,
+      customHeaders,
+      config.auth,
+      this.state.csrfToken
+    );
+    debug(`CSRF header being sent: ${headers["x-csrf-token"]?.substring(0, 20) || "none"}...`);
+    const cookieHeader = this.buildCookieHeader();
+    if (cookieHeader) {
+      headers["Cookie"] = cookieHeader;
+      debug(`Cookies being sent: ${cookieHeader.substring(0, 50)}...`);
+    }
+    const urlParams = buildParams(params, config.client);
+    const url = buildUrl2(config.url, path, urlParams);
+    const fetchOptions = {
+      method,
+      headers,
+      signal: AbortSignal.timeout(config.timeout ?? DEFAULT_TIMEOUT)
+    };
+    if (this.agent) {
+      fetchOptions.dispatcher = this.agent;
+    }
+    if (body) {
+      fetchOptions.body = body;
+    }
+    try {
+      debug(`Fetching URL: ${url}`);
+      debug(`Insecure mode: ${!!this.agent}`);
+      const response = await (0, import_undici.fetch)(url, fetchOptions);
+      this.storeCookies(response);
+      if (response.status === 403) {
+        const text = await response.text();
+        if (text.includes("CSRF token validation failed")) {
+          const [newToken, tokenErr] = await fetchCsrfToken(this.state, this.request.bind(this));
+          if (tokenErr) {
+            return err(new Error(`CSRF token refresh failed: ${tokenErr.message}`));
+          }
+          headers[CSRF_TOKEN_HEADER] = newToken;
+          const retryCookieHeader = this.buildCookieHeader();
+          if (retryCookieHeader) {
+            headers["Cookie"] = retryCookieHeader;
+          }
+          debug(`Retrying with new CSRF token: ${newToken.substring(0, 20)}...`);
+          const retryResponse = await (0, import_undici.fetch)(url, { ...fetchOptions, headers });
+          this.storeCookies(retryResponse);
+          return ok(retryResponse);
+        }
+        return ok(new Response(text, {
+          status: response.status,
+          statusText: response.statusText,
+          headers: response.headers
+        }));
+      }
+      if (response.status === 500) {
+        const text = await response.text();
+        const [, resetErr] = await sessionReset(this.state, this.request.bind(this));
+        if (resetErr) {
+          return err(new Error(`Session reset failed: ${resetErr.message}`));
+        }
+        return ok(new Response(text, {
+          status: response.status,
+          statusText: response.statusText,
+          headers: response.headers
+        }));
+      }
+      return ok(response);
+    } catch (error) {
+      if (error instanceof Error) {
+        debugError(`Fetch error: ${error.name}: ${error.message}`, error.cause);
+        if ("code" in error) {
+          debugError(`Error code: ${error.code}`);
+        }
+        return err(error);
+      }
+      return err(new Error(`Network error: ${String(error)}`));
+    }
+  }
+  // --- Lifecycle ---
+  async login() {
+    return login(this.state, this.request.bind(this));
+  }
+  async logout() {
+    return logout(this.state, this.request.bind(this));
+  }
+  // --- CRAUD Operations ---
+  async read(objects) {
+    if (!this.state.session) return err(new Error("Not logged in"));
+    const results = [];
+    for (const obj of objects) {
+      const [result, readErr] = await readObject(this.requestor, obj);
+      if (readErr) return err(readErr);
+      results.push(result);
+    }
+    return ok(results);
+  }
+  async create(object, packageName, transport) {
+    if (!this.state.session) return err(new Error("Not logged in"));
+    const [, createErr] = await createObject(this.requestor, object, packageName, transport, this.state.session.username);
+    if (createErr) return err(createErr);
+    const objRef = { name: object.name, extension: object.extension };
+    const [lockHandle, lockErr] = await lockObject(this.requestor, objRef);
+    if (lockErr) return err(lockErr);
+    const [, updateErr] = await updateObject(this.requestor, object, lockHandle, transport);
+    const [, unlockErr] = await unlockObject(this.requestor, objRef, lockHandle);
+    if (updateErr) return err(updateErr);
+    if (unlockErr) return err(unlockErr);
+    return ok(void 0);
+  }
+  async update(object, transport) {
+    if (!this.state.session) return err(new Error("Not logged in"));
+    const objRef = { name: object.name, extension: object.extension };
+    const [lockHandle, lockErr] = await lockObject(this.requestor, objRef);
+    if (lockErr) return err(lockErr);
+    const [, updateErr] = await updateObject(this.requestor, object, lockHandle, transport);
+    const [, unlockErr] = await unlockObject(this.requestor, objRef, lockHandle);
+    if (updateErr) return err(updateErr);
+    if (unlockErr) return err(unlockErr);
+    return ok(void 0);
+  }
+  async upsert(objects, packageName, transport) {
+    if (!this.state.session) return err(new Error("Not logged in"));
+    if (objects.length === 0) return ok([]);
+    const results = [];
+    for (const obj of objects) {
+      if (!obj.name || !obj.extension) continue;
+      const objRef = { name: obj.name, extension: obj.extension };
+      const [existing] = await readObject(this.requestor, objRef);
+      if (!existing) {
+        const [, createErr] = await this.create(obj, packageName, transport);
+        if (createErr) return err(createErr);
+        const result2 = {
+          name: obj.name,
+          extension: obj.extension,
+          status: "created"
+        };
+        if (transport) result2.transport = transport;
+        results.push(result2);
+        continue;
+      }
+      const [, updateErr] = await this.update(obj, transport);
+      if (updateErr) return err(updateErr);
+      const result = {
+        name: obj.name,
+        extension: obj.extension,
+        status: "updated"
+      };
+      if (transport) result.transport = transport;
+      results.push(result);
+    }
+    return ok(results);
+  }
+  async activate(objects) {
+    if (!this.state.session) return err(new Error("Not logged in"));
+    return activateObjects(this.requestor, objects);
+  }
+  async delete(objects, transport) {
+    if (!this.state.session) return err(new Error("Not logged in"));
+    for (const obj of objects) {
+      const [lockHandle, lockErr] = await lockObject(this.requestor, obj);
+      if (lockErr) return err(lockErr);
+      const [, deleteErr] = await deleteObject(this.requestor, obj, lockHandle, transport);
+      if (deleteErr) {
+        await unlockObject(this.requestor, obj, lockHandle);
+        return err(deleteErr);
+      }
+    }
+    return ok(void 0);
+  }
+  // --- Discovery ---
+  async getPackages() {
+    if (!this.state.session) return err(new Error("Not logged in"));
+    return getPackages(this.requestor);
+  }
+  async getTree(query) {
+    if (!this.state.session) return err(new Error("Not logged in"));
+    return getTree(this.requestor, query);
+  }
+  async getTransports(packageName) {
+    if (!this.state.session) return err(new Error("Not logged in"));
+    return getTransports(this.requestor, packageName);
+  }
+  // --- Data Preview ---
+  async previewData(query) {
+    if (!this.state.session) return err(new Error("Not logged in"));
+    return previewData(this.requestor, query);
+  }
+  async getDistinctValues(objectName, column, objectType = "view") {
+    if (!this.state.session) return err(new Error("Not logged in"));
+    return getDistinctValues(this.requestor, objectName, column, objectType);
+  }
+  async countRows(objectName, objectType) {
+    if (!this.state.session) return err(new Error("Not logged in"));
+    return countRows(this.requestor, objectName, objectType);
+  }
+  // --- Search ---
+  async search(query, types) {
+    if (!this.state.session) return err(new Error("Not logged in"));
+    return searchObjects(this.requestor, query, types);
+  }
+  async whereUsed(object) {
+    if (!this.state.session) return err(new Error("Not logged in"));
+    return findWhereUsed(this.requestor, object);
+  }
+  // --- Transport Management ---
+  async createTransport(transportConfig) {
+    if (!this.state.session) return err(new Error("Not logged in"));
+    return createTransport(this.requestor, transportConfig);
+  }
+  // --- Diff Operations ---
+  async gitDiff(objects) {
+    if (!this.state.session) return err(new Error("Not logged in"));
+    if (objects.length === 0) return ok([]);
+    const results = [];
+    for (const obj of objects) {
+      const [result, diffErr] = await gitDiff(this.requestor, obj);
+      if (diffErr) return err(diffErr);
+      results.push(result);
+    }
+    return ok(results);
+  }
+  // --- Configuration ---
+  getObjectConfig() {
+    return Object.values(OBJECT_CONFIG_MAP);
+  }
+};
+function createClient(config) {
+  const validation = clientConfigSchema.safeParse(config);
+  if (!validation.success) {
+    const issues = validation.error.issues.map((i) => `${i.path.join(".")}: ${i.message}`).join(", ");
+    return err(new Error(`Invalid client configuration: ${issues}`));
+  }
+  return ok(new ADTClientImpl(config));
+}
+
+// src/core/config.ts
+var import_node_fs = require("fs");
+var import_zod2 = require("zod");
+var systemConfigSchema = import_zod2.z.record(
+  import_zod2.z.string(),
+  import_zod2.z.object({
+    adt: import_zod2.z.string().url().optional(),
+    odata: import_zod2.z.string().url().optional(),
+    instance_num: import_zod2.z.string().optional()
+  })
+);
+// Annotate the CommonJS export names for ESM import in node:
+0 && (module.exports = {
+  createClient,
+  err,
+  ok
+});
+//# sourceMappingURL=index.js.map