isc-transforms-mcp 1.0.16 → 1.0.18

package/JSONS/sailpoint.isc.transforms.replace.schema.json

@@ -2,7 +2,7 @@
   "$schema": "https://json-schema.org/draft/2020-12/schema",
   "$id": "sailpoint.isc.transforms.replace.schema.json",
   "title": "SailPoint ISC Transform Schema - replace",
-  "description": "Strict schema derived from SailPoint official Replace operation documentation. Find and replace all instances of a single regex pattern in the incoming value.",
+  "description": "Strict schema for the SailPoint ISC replace transform. Finds all occurrences of a single Java regular expression pattern in the input string and replaces every match with the replacement string. Unlike replaceAll, this operates on a single regex+replacement pair. Key behaviors: (1) ALL occurrences are replaced, not just the first. (2) Use an empty replacement string to delete all matched text. (3) Capture groups in the regex can be referenced as $1, $2, etc. in the replacement. (4) Use bracket notation for literal special characters (e.g., '[.]' for a literal dot). (5) input is optional — if omitted the transform uses the source+attribute configured in the identity profile UI.",
   "type": "object",
   "additionalProperties": false,
   "required": [
@@ -12,16 +12,18 @@
   ],
   "properties": {
     "type": {
-      "const": "replace"
+      "const": "replace",
+      "description": "Transform operation type. Must be exactly 'replace'."
     },
     "name": {
       "type": "string",
-      "minLength": 1
+      "minLength": 1,
+      "description": "Display name for this transform, shown in UI dropdowns and identity profile mappings."
     },
     "requiresPeriodicRefresh": {
       "type": "boolean",
       "default": false,
-      "description": "Whether the transform should be reevaluated nightly as part of identity refresh. Default false."
+      "description": "If true, re-evaluates this transform during the nightly identity refresh cycle. Default is false."
     },
     "attributes": {
       "type": "object",
@@ -30,19 +32,24 @@
         "regex",
         "replacement"
       ],
+      "description": "Required container for replace operation attributes.",
       "properties": {
         "regex": {
           "type": "string",
           "minLength": 1,
-          "description": "Regular expression pattern to replace."
+          "description": "Required. The Java regular expression pattern to search for. ALL occurrences of the pattern in the input are replaced — not just the first match. Pattern syntax notes: (1) Standard Java regex — character classes, quantifiers, anchors, and capture groups are all supported. (2) Use bracket notation to match literal special regex characters: '[.]' for a literal dot, '[+]' for a literal plus, '[-]' for a literal hyphen. (3) Capture groups with parentheses (e.g., '([A-Za-z]+)') can be back-referenced in the replacement field as $1, $2, etc. (4) The pattern is case-sensitive by default — use character classes (e.g., '[Aa]') or inline flag '(?i)' to match case-insensitively."
         },
         "replacement": {
           "type": "string",
-          "description": "Replacement string."
+          "description": "Required. The string that replaces every occurrence of the matched pattern. Replacement notes: (1) Use an empty string \"\" to delete all matched text. (2) Use $0 to insert the entire matched text, $1 for the first capture group, $2 for the second, etc. (3) To include a literal dollar sign, use \\$."
         },
         "input": {
-          "description": "Optional explicit input passed into the transform (nested transform). If omitted, uses UI-configured input.",
-          "oneOf": [
+          "description": "Optional explicit input providing the string to apply the regex replacement to. If omitted, the transform uses the source and attribute combination configured in the identity profile UI. When provided, must be a nested transform object or a static string.",
+          "anyOf": [
+            {
+              "type": "string",
+              "description": "Static string value to apply the regex replacement to."
+            },
             {
               "$ref": "#/$defs/NestedTransform"
             }
@@ -54,7 +61,7 @@
   "$defs": {
     "NestedTransform": {
       "type": "object",
-      "description": "Nested transform object used as explicit input (name optional in docs).",
+      "description": "A nested transform object that provides the string input for the replace operation. Its output string is the value the regex replacement is applied to. The 'name' field is optional in nested transforms per SailPoint docs.",
       "additionalProperties": false,
       "required": [
         "type",
@@ -62,18 +69,22 @@
       ],
       "properties": {
         "id": {
-          "type": "string"
+          "type": "string",
+          "description": "Optional ID when referencing an existing saved transform."
         },
         "name": {
           "type": "string",
-          "minLength": 1
+          "minLength": 1,
+          "description": "Optional display name for the nested transform."
         },
         "type": {
           "type": "string",
-          "minLength": 1
+          "minLength": 1,
+          "description": "The operation type of the nested transform (e.g., 'accountAttribute', 'identityAttribute', 'trim')."
         },
         "requiresPeriodicRefresh": {
-          "type": "boolean"
+          "type": "boolean",
+          "description": "Whether this nested transform re-evaluates during nightly refresh."
         },
         "attributes": {
           "type": "object",
@@ -85,12 +96,49 @@
   },
   "examples": [
     {
+      "name": "Replace Whitespace with Underscore",
       "type": "replace",
-      "name": "Replace Transform",
       "attributes": {
         "regex": "\\s+",
         "replacement": "_"
       }
+    },
+    {
+      "name": "Remove Non-Alphanumeric Characters",
+      "type": "replace",
+      "attributes": {
+        "regex": "[^A-Za-z0-9]",
+        "replacement": ""
+      }
+    },
+    {
+      "name": "Extract Domain from Email (Capture Group)",
+      "type": "replace",
+      "attributes": {
+        "regex": "^[^@]+@(.+)$",
+        "replacement": "$1",
+        "input": {
+          "type": "identityAttribute",
+          "attributes": {
+            "name": "email"
+          }
+        }
+      }
+    },
+    {
+      "name": "Replace Literal Dots with Hyphens",
+      "type": "replace",
+      "attributes": {
+        "regex": "[.]",
+        "replacement": "-",
+        "input": {
+          "type": "accountAttribute",
+          "attributes": {
+            "sourceName": "HR Source",
+            "attributeName": "displayName"
+          }
+        }
+      }
     }
   ]
 }

package/JSONS/sailpoint.isc.transforms.replaceAll.schema.json

@@ -2,7 +2,7 @@
   "$schema": "https://json-schema.org/draft/2020-12/schema",
   "$id": "sailpoint.isc.transforms.replaceAll.schema.json",
   "title": "SailPoint ISC Transform Schema - replaceAll",
-  "description": "Strict schema derived from SailPoint official Replace All operation documentation. Performs find-and-replace for every (pattern -> replacement) entry in a table. Patterns are interpreted as regular expressions.",
+  "description": "Strict schema for the SailPoint ISC replaceAll transform. Performs multiple find-and-replace operations in a single pass against the input string. Each key in the table is a Java regular expression pattern; its value is the replacement string. All patterns are applied simultaneously against the original input — not sequentially. Pattern matching is case-sensitive by default. Use an empty string value to delete all text matching a pattern. Unlike the single replace transform, replaceAll can handle multiple distinct patterns in one operation.",
   "type": "object",
   "additionalProperties": false,
   "required": [
@@ -12,16 +12,18 @@
   ],
   "properties": {
     "type": {
-      "const": "replaceAll"
+      "const": "replaceAll",
+      "description": "Transform operation type. Must be exactly 'replaceAll'."
     },
     "name": {
       "type": "string",
-      "minLength": 1
+      "minLength": 1,
+      "description": "Display name for this transform, shown in UI dropdowns and identity profile mappings."
     },
     "requiresPeriodicRefresh": {
       "type": "boolean",
       "default": false,
-      "description": "Whether the transform should be reevaluated nightly as part of identity refresh. Default false."
+      "description": "If true, re-evaluates this transform during the nightly identity refresh cycle. Default is false."
     },
     "attributes": {
       "type": "object",
@@ -29,18 +31,24 @@
       "required": [
         "table"
       ],
+      "description": "Required container for replaceAll operation attributes.",
       "properties": {
         "table": {
           "type": "object",
-          "description": "Map of regex patterns to replacement strings.",
+          "description": "Required map of Java regex patterns (keys) to replacement strings (values). Each key is compiled as a Java regular expression and matched against the input string — all occurrences of each matching pattern are replaced with the corresponding value. Rules: (1) All values must be static strings; use an empty string \"\" to delete all matched text. (2) Pattern matching is case-sensitive — use character classes (e.g., '[Aa]') or separate entries for case variants. (3) All patterns apply simultaneously against the original input string in a single pass. (4) For literal special regex characters, use bracket notation (e.g., '[.]' for a literal dot, '[+]' for a literal plus).",
           "minProperties": 1,
           "additionalProperties": {
-            "type": "string"
+            "type": "string",
+            "description": "Replacement string. All occurrences of the matching regex pattern are replaced with this value. Use an empty string to delete matched text."
           }
         },
         "input": {
-          "description": "Optional explicit input passed into the transform (nested transform). If omitted, uses UI-configured input.",
-          "oneOf": [
+          "description": "Optional explicit input that provides the string to apply pattern replacements to. If omitted, the transform uses the source and attribute combination configured in the identity profile UI. When provided, must be a nested transform object or a static string.",
+          "anyOf": [
+            {
+              "type": "string",
+              "description": "Static string value to apply replacements to."
+            },
             {
               "$ref": "#/$defs/NestedTransform"
             }
@@ -52,7 +60,7 @@
   "$defs": {
     "NestedTransform": {
       "type": "object",
-      "description": "Nested transform object used as explicit input (name optional in docs).",
+      "description": "A nested transform object that provides the string input for the replaceAll operation. Its output string is the value that pattern replacements are applied to. The 'name' field is optional in nested transforms per SailPoint docs.",
       "additionalProperties": false,
       "required": [
         "type",
@@ -60,18 +68,22 @@
       ],
       "properties": {
         "id": {
-          "type": "string"
+          "type": "string",
+          "description": "Optional ID when referencing an existing saved transform."
         },
         "name": {
           "type": "string",
-          "minLength": 1
+          "minLength": 1,
+          "description": "Optional display name for the nested transform."
         },
         "type": {
           "type": "string",
-          "minLength": 1
+          "minLength": 1,
+          "description": "The operation type of the nested transform (e.g., 'accountAttribute', 'identityAttribute', 'trim')."
         },
         "requiresPeriodicRefresh": {
-          "type": "boolean"
+          "type": "boolean",
+          "description": "Whether this nested transform re-evaluates during nightly refresh."
         },
         "attributes": {
           "type": "object",
@@ -83,12 +95,47 @@
   },
   "examples": [
     {
+      "name": "Remove Special Characters",
+      "type": "replaceAll",
+      "attributes": {
+        "table": {
+          "[^A-Za-z0-9]": ""
+        }
+      }
+    },
+    {
+      "name": "Normalize Whitespace and Dots",
       "type": "replaceAll",
-      "name": "Replace All Transform",
       "attributes": {
         "table": {
           "\\s+": "_",
-          "[^A-Za-z0-9_]+": ""
+          "[.]": "-"
+        }
+      }
+    },
+    {
+      "name": "Remove Vowels",
+      "type": "replaceAll",
+      "attributes": {
+        "table": {
+          "[aeiouAEIOU]": ""
+        }
+      }
+    },
+    {
+      "name": "Sanitize Username from Account Attribute",
+      "type": "replaceAll",
+      "attributes": {
+        "table": {
+          "\\s+": ".",
+          "[^A-Za-z0-9.]": ""
+        },
+        "input": {
+          "type": "accountAttribute",
+          "attributes": {
+            "sourceName": "HR Source",
+            "attributeName": "displayName"
+          }
         }
       }
     }

package/dist/transforms/lint.js

@@ -428,46 +428,108 @@ function lintFirstValid(attrs) {
     return msgs;
 }
 // ---------------------------------------------------------------------------
-// 8. replace — validate regex compiles
+// 8. replace — regex compile, all-instances info, backreference hint
+// Docs: https://developer.sailpoint.com/docs/extensibility/transforms/operations/replace
 // ---------------------------------------------------------------------------
 function lintReplace(attrs) {
     const msgs = [];
+    // 1. regex: must be a non-empty string and a valid compilable regex
     if (attrs?.regex !== undefined) {
         if (typeof attrs.regex !== "string") {
             push(msgs, "error", "regex must be a string.", "attributes.regex");
         }
+        else if (attrs.regex.trim() === "") {
+            push(msgs, "error", "regex must not be empty.", "attributes.regex");
+        }
         else {
-            // Try to compile the regex — catch syntax errors early before ISC does
+            // Compile check — surface syntax errors before ISC does
             try {
                 new RegExp(attrs.regex);
             }
             catch (e) {
-                push(msgs, "error", `regex '${attrs.regex}' is not a valid regular expression: ${e?.message ?? e}.`, "attributes.regex");
+                push(msgs, "error", `regex '${attrs.regex}' is not a valid regular expression: ${e?.message ?? String(e)}. ` +
+                    "Use bracket notation for literal special characters (e.g., '[.]' for a literal dot, '[-]' for a literal hyphen).", "attributes.regex");
             }
+            // All-instances info — users often expect first-match-only behaviour
+            push(msgs, "info", "replace replaces ALL occurrences of the pattern in the input string, not just the first match. " +
+                "To target only a specific occurrence, use a more precise regex that anchors to the position you want.", "attributes.regex");
         }
     }
-    if (attrs?.replacement !== undefined && typeof attrs.replacement !== "string") {
-        push(msgs, "error", "replacement must be a string.", "attributes.replacement");
+    // 2. replacement: must be a string; empty string is valid and deletes all matches
+    if (attrs?.replacement !== undefined) {
+        if (typeof attrs.replacement !== "string") {
+            push(msgs, "error", "replacement must be a string. Use an empty string \"\" to delete all text matched by the regex.", "attributes.replacement");
+        }
+        else if (/\$\d+/.test(attrs.replacement)) {
+            // Backreference detected — confirm the regex has the matching capture group
+            push(msgs, "info", "replacement contains a backreference (e.g., '$1'). Ensure the regex contains a matching capture group (e.g., '(.+)'). " +
+                "'$0' refers to the entire match; '$1' refers to the first capture group, '$2' to the second, etc.", "attributes.replacement");
+        }
     }
-    if (attrs?.input === undefined) {
-        push(msgs, "warn", "replace typically expects an attributes.input (nested transform or attribute reference).", "attributes.input");
+    // 3. input: optional per docs (omit to use UI-configured source+attribute).
+    //    Validate type only when present.
+    if (attrs?.input !== undefined) {
+        const inp = attrs.input;
+        if (!(typeof inp === "string" || (isPlainObject(inp) && typeof inp.type === "string"))) {
+            push(msgs, "warn", "input must be a nested transform object {type, attributes} providing the string to apply the regex to, or a static string. " +
+                "If omitted, the transform uses the source+attribute combination configured in the identity profile UI.", "attributes.input");
+        }
     }
     return msgs;
 }
 // ---------------------------------------------------------------------------
-// 8. replaceAll — table validation
+// 8. replaceAll — regex key validation, value type, case-sensitivity info
+// Docs: https://developer.sailpoint.com/docs/extensibility/transforms/operations/replace-all
 // ---------------------------------------------------------------------------
 function lintReplaceAll(attrs) {
     const msgs = [];
     if (attrs?.table !== undefined) {
         if (!isPlainObject(attrs.table) || Array.isArray(attrs.table)) {
-            push(msgs, "error", "table must be an object map of key → value string pairs.", "attributes.table");
+            push(msgs, "error", "table must be an object map where keys are regex patterns and values are replacement strings " +
+                "(e.g., {\"[aeiou]\": \"\", \"\\\\s+\": \"_\"}). Keys are interpreted as standard Java regular expressions.", "attributes.table");
         }
         else {
-            const badEntries = Object.entries(attrs.table).filter(([, v]) => typeof v !== "string");
-            if (badEntries.length) {
-                push(msgs, "error", `All table values must be strings. Non-string entries: ${badEntries.map(([k]) => k).join(", ")}.`, "attributes.table");
+            const entries = Object.entries(attrs.table);
+            // 1. Empty table
+            if (entries.length === 0) {
+                push(msgs, "warn", "replaceAll table is empty. Add at least one regex pattern key and its replacement string value.", "attributes.table");
             }
+            else {
+                // 2. All values must be strings (replacement text; empty string is valid — deletes all matches)
+                const badVals = entries.filter(([, v]) => typeof v !== "string");
+                if (badVals.length) {
+                    push(msgs, "error", `All table values must be strings (the replacement text). Non-string entries: ${badVals.map(([k]) => `'${k}'`).join(", ")}. ` +
+                        "Use an empty string \"\" as the value to delete all text that matches the pattern.", "attributes.table");
+                }
+                // 3. Validate each key as a compilable Java-compatible regex (JS RegExp is a close proxy)
+                for (const [key] of entries) {
+                    try {
+                        new RegExp(key);
+                    }
+                    catch (e) {
+                        push(msgs, "error", `table key '${key}' is not a valid regex pattern: ${e?.message ?? String(e)}. ` +
+                            "All table keys are interpreted as Java regular expressions. " +
+                            "Use bracket notation to match literal special characters (e.g., '[.]' for a literal dot, '[+]' for a literal plus).", "attributes.table");
+                    }
+                }
+                // 4. Case-sensitivity info — comparisons are case-sensitive by default
+                push(msgs, "info", "replaceAll pattern matching is case-sensitive by default. " +
+                    "To match both cases, use a character class (e.g., '[Aa]bc' matches 'Abc' or 'abc') or include separate table entries for each case variant.", "attributes.table");
+                // 5. Simultaneous replacement info — all patterns apply in one pass
+                if (entries.length > 1) {
+                    push(msgs, "info", "replaceAll applies all pattern replacements simultaneously in a single pass. " +
+                        "Each pattern matches against the original input — not against output already modified by a previous pattern. " +
+                        "Order of entries does not affect which text is matched.", "attributes.table");
+                }
+            }
+        }
+    }
+    // 6. input: validate type if provided
+    if (attrs?.input !== undefined) {
+        const inp = attrs.input;
+        if (!(typeof inp === "string" || (isPlainObject(inp) && typeof inp.type === "string"))) {
+            push(msgs, "warn", "input must be a nested transform object {type, attributes} providing the string to apply replacements to, or a static string. " +
+                "If omitted, the transform uses the source+attribute combination configured in the identity profile UI.", "attributes.input");
         }
     }
     return msgs;

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "isc-transforms-mcp",
-  "version": "1.0.16",
+  "version": "1.0.18",
   "type": "module",
   "description": "MCP server for SailPoint Identity Security Cloud (ISC) Transform authoring — scaffold, strict lint, catalog, and safe upsert to live tenants.",
   "author": {