nowaikit 2.6.0 → 3.0.0

package/dist/prompts/capabilities/build-rest-api.js

@@ -0,0 +1,293 @@
+const capability = {
+    name: 'build-rest-api',
+    title: 'Build Scripted REST API',
+    description: 'Guided Scripted REST API endpoint design — authentication, input validation, versioning, error responses',
+    category: 'build',
+    arguments: [
+        {
+            name: 'description',
+            description: 'what the API should do in plain language',
+            required: true,
+        },
+        {
+            name: 'api_name',
+            description: 'desired API name (e.g. "Asset Lookup"). If omitted, one will be derived from the description',
+            required: false,
+        },
+        {
+            name: 'http_methods',
+            description: 'comma-separated HTTP methods to implement: GET, POST, PUT, DELETE. Default: GET',
+            required: false,
+        },
+    ],
+    recommendedTools: [
+        'query_records',
+        'list_rest_messages',
+        'get_rest_message',
+        'create_rest_message',
+        'get_table_schema',
+        'create_script_include',
+    ],
+    buildPrompt(args = {}) {
+        const desc = args.description ?? '<not provided>';
+        const apiName = args.api_name ?? '<derive from description>';
+        const methods = args.http_methods ?? 'GET';
+        return [
+            {
+                role: 'user',
+                content: {
+                    type: 'text',
+                    text: [
+                        `Build a Scripted REST API.`,
+                        `**API Name:** ${apiName}`,
+                        `**HTTP Methods:** ${methods}`,
+                        `**Requirement:** ${desc}`,
+                        '',
+                        'Follow these steps exactly:',
+                        '',
+                        '### Step 1 — Understand the Requirement',
+                        'Restate the API requirement in your own words. Identify:',
+                        '- **Resources** — what entities does this API expose? (e.g., incidents, users, assets)',
+                        '- **Operations** — which HTTP methods map to which actions? (GET=read, POST=create, PUT=update, DELETE=remove)',
+                        '- **Consumers** — who will call this API? (external system, Service Portal, mobile app, MID Server)',
+                        '- **Authentication type** — Basic Auth, OAuth 2.0, API Key via header, or session-based',
+                        '- **Data volume** — expected request/response sizes, pagination needs',
+                        'Call out ambiguities and ask for clarification if needed.',
+                        '',
+                        '### Step 2 — Check Existing Scripted REST APIs',
+                        'Use **query_records** on `sys_ws_definition` (Scripted REST Services) to list all existing APIs.',
+                        'Check for:',
+                        '- **Namespace conflicts** — does an API with the same or similar name already exist?',
+                        '- **Endpoint collisions** — will the new resource paths conflict with existing ones?',
+                        '- **Reuse opportunities** — can an existing API be extended instead of creating a new one?',
+                        '',
+                        'Summarize existing APIs in a table:',
+                        '| Name | Namespace | Base Path | Active | Resources |',
+                        '|------|-----------|-----------|--------|-----------|',
+                        '',
+                        '### Step 3 — Design the API Structure',
+                        'Design the full API structure following ServiceNow Scripted REST API best practices:',
+                        '',
+                        '**API Registration (sys_ws_definition):**',
+                        '- **Name:** descriptive, PascalCase (e.g., `AssetLookupAPI`)',
+                        '- **API ID:** lowercase with underscores (e.g., `asset_lookup_api`)',
+                        '- **API Namespace:** use the scoped app namespace (e.g., `x_myapp`)',
+                        '- **Base API Path:** `/api/x_myapp/v1/<resource>` — always version the API',
+                        '',
+                        '**Resource Design (sys_ws_operation):**',
+                        'For each HTTP method, define:',
+                        '| Method | Resource Path | Purpose | Example |',
+                        '|--------|---------------|---------|---------|',
+                        '| GET | `/<resource>` | List records (with pagination) | `GET /api/x_app/v1/assets?limit=20&offset=0` |',
+                        '| GET | `/<resource>/{id}` | Get single record | `GET /api/x_app/v1/assets/abc123` |',
+                        '| POST | `/<resource>` | Create record | `POST /api/x_app/v1/assets` with JSON body |',
+                        '| PUT | `/<resource>/{id}` | Update record | `PUT /api/x_app/v1/assets/abc123` with JSON body |',
+                        '| DELETE | `/<resource>/{id}` | Delete record | `DELETE /api/x_app/v1/assets/abc123` |',
+                        '',
+                        '**Versioning Strategy:**',
+                        '- Use URL path versioning: `/api/x_app/v1/...`',
+                        '- Never break existing consumers — add v2 alongside v1 when needed',
+                        '- Deprecation headers: `X-API-Deprecated: true`, `X-API-Sunset: 2025-12-31`',
+                        '',
+                        '### Step 4 — Define Request/Response Schemas',
+                        'For each resource endpoint, define:',
+                        '',
+                        '**Request Schema:**',
+                        '- **Path parameters:** `{id}` — validate format (sys_id = 32-char hex)',
+                        '- **Query parameters:** `limit` (default 20, max 100), `offset`, `fields`, `sysparm_query`, `orderBy`',
+                        '- **Request body (POST/PUT):** JSON schema with required and optional fields',
+                        '- **Headers:** `Content-Type: application/json`, `Accept: application/json`, custom auth headers',
+                        '',
+                        '**Input Validation Rules:**',
+                        '- Validate sys_id format: `/^[a-f0-9]{32}$/`',
+                        '- Validate numeric parameters: `limit` must be 1-100, `offset` must be >= 0',
+                        '- Validate required body fields: return 400 with specific field errors',
+                        '- Sanitize string inputs: strip HTML, enforce max length, prevent GlideRecord injection',
+                        '- Validate enum values: only accept known values for choice fields',
+                        '',
+                        '**Response Schema:**',
+                        '```json',
+                        '{',
+                        '  "result": {',
+                        '    "status": "success",',
+                        '    "data": { ... },',
+                        '    "meta": {',
+                        '      "total": 150,',
+                        '      "limit": 20,',
+                        '      "offset": 0,',
+                        '      "next": "/api/x_app/v1/resource?limit=20&offset=20"',
+                        '    }',
+                        '  }',
+                        '}',
+                        '```',
+                        '',
+                        '**Error Response Schema:**',
+                        '```json',
+                        '{',
+                        '  "error": {',
+                        '    "message": "Record not found",',
+                        '    "detail": "No incident exists with sys_id abc123",',
+                        '    "status": "failure"',
+                        '  }',
+                        '}',
+                        '```',
+                        '',
+                        '### Step 5 — Generate Resource Scripts',
+                        'Write the scripted REST resource scripts for each HTTP method. Apply these patterns:',
+                        '',
+                        '**Request Object API (`request`):**',
+                        '- `request.pathParams` — map of URL path parameters (e.g., `{id}`)',
+                        '- `request.queryParams` — map of query string parameters',
+                        '- `request.body` — the parsed request body (RESTAPIRequestBody)',
+                        '- `request.getHeader(name)` — read request headers',
+                        '- `request.body.dataString` — raw body string',
+                        '- `request.body.data` — parsed object from JSON body',
+                        '- `request.body.nextEntry()` — iterate stream (for large payloads)',
+                        '- `request.uri` — full request URI',
+                        '',
+                        '**Response Object API (`response`):**',
+                        '- `response.setBody(obj)` — set JSON response body',
+                        '- `response.setStatus(code)` — set HTTP status code',
+                        '- `response.setHeader(name, value)` — set response headers',
+                        '- `response.setContentType(type)` — set Content-Type header',
+                        '',
+                        '**GlideRecord Operations:**',
+                        '- Use `GlideRecord` for CRUD, never raw SQL',
+                        '- Always use `setValue()` / `getValue()` for field access',
+                        '- Use `setLimit()` for list endpoints, enforce max of 100',
+                        '- Use `addEncodedQuery()` for complex filters, but NEVER concatenate user input — validate first',
+                        '- Use `chooseWindow(offset, offset + limit)` for pagination',
+                        '- Use `getRowCount()` sparingly — prefer `GlideAggregate` for total counts',
+                        '',
+                        '**Script Structure Template:**',
+                        '```javascript',
+                        '(function process(/*RESTAPIRequest*/ request, /*RESTAPIResponse*/ response) {',
+                        '    // 1. Parse and validate input',
+                        '    // 2. Check authorization',
+                        '    // 3. Perform GlideRecord operation',
+                        '    // 4. Build response',
+                        '    // 5. Handle errors with try/catch',
+                        '})(request, response);',
+                        '```',
+                        '',
+                        '**Error Handling with sn_ws_err:**',
+                        '- `new sn_ws_err.BadRequestError("message")` — 400',
+                        '- `new sn_ws_err.NotFoundError("message")` — 404',
+                        '- `new sn_ws_err.NotAcceptableError("message")` — 406',
+                        '- `new sn_ws_err.ConflictError("message")` — 409',
+                        '- `new sn_ws_err.UnsupportedMediaTypeError("message")` — 415',
+                        '- `new sn_ws_err.ServiceError("message")` — 500',
+                        '- For custom status codes: `response.setStatus(code); response.setBody({error: {...}});`',
+                        '',
+                        '### Step 6 — Implement Authentication & Authorization',
+                        'Implement layered security:',
+                        '',
+                        '**Authentication (who is calling):**',
+                        '- **Basic Auth:** ServiceNow handles natively; ensure HTTPS-only property is set',
+                        '- **OAuth 2.0:** configure OAuth Application, grant type, scopes. Use `oauth_entity` table',
+                        '- **API Key:** custom header validation (`X-API-Key`). Store key in `sys_properties` or credential store',
+                        '- **Mutual Auth (mTLS):** for high-security integrations, configure certificate validation',
+                        '',
+                        '**Authorization (what can they do):**',
+                        '- **ACL on the Scripted REST API:** set `Requires authentication` and `Requires role`',
+                        '- **In-script role checks:** `gs.hasRole("x_myapp.api_user")` for fine-grained control',
+                        '- **Row-level security:** filter GlideRecord results by caller\'s company/department/assignment_group',
+                        '- **Field-level security:** only return fields the caller is authorized to see',
+                        '- **Rate limiting:** check `request.getHeader("X-RateLimit-Remaining")` or implement custom throttling via properties',
+                        '',
+                        '**CORS Configuration:**',
+                        '- Set `glide.rest.cors.enabled` to true if browser clients will call the API',
+                        '- Configure allowed origins: `glide.rest.cors.rule.<name>.allowed_origins`',
+                        '- Set appropriate methods and headers in CORS rules',
+                        '',
+                        '### Step 7 — Add Error Handling',
+                        'Implement comprehensive error handling:',
+                        '',
+                        '**HTTP Status Code Map:**',
+                        '| Code | Meaning | When to Use |',
+                        '|------|---------|-------------|',
+                        '| 200 | OK | Successful GET, PUT |',
+                        '| 201 | Created | Successful POST |',
+                        '| 204 | No Content | Successful DELETE |',
+                        '| 400 | Bad Request | Invalid input, missing required fields |',
+                        '| 401 | Unauthorized | Missing or invalid authentication |',
+                        '| 403 | Forbidden | Authenticated but insufficient role/permissions |',
+                        '| 404 | Not Found | Record does not exist |',
+                        '| 405 | Method Not Allowed | HTTP method not supported on this resource |',
+                        '| 409 | Conflict | Duplicate record or concurrent modification |',
+                        '| 415 | Unsupported Media Type | Content-Type not application/json |',
+                        '| 422 | Unprocessable Entity | Valid JSON but fails business validation |',
+                        '| 429 | Too Many Requests | Rate limit exceeded |',
+                        '| 500 | Internal Server Error | Unexpected error (log details, return generic message) |',
+                        '',
+                        '**Error Response Best Practices:**',
+                        '- Always return a JSON error body, never raw text or HTML',
+                        '- Include a human-readable `message` and a machine-readable `error_code`',
+                        '- Never expose stack traces, sys_ids of internal records, or table names in error messages',
+                        '- Log full error details server-side with `gs.error()` for debugging',
+                        '- Wrap entire resource script in try/catch to prevent 500 errors from leaking implementation details',
+                        '',
+                        '### Step 8 — Create the Scripted REST API and Resources',
+                        'Use **create_rest_message** or guide the user to create the artifacts:',
+                        '',
+                        '1. **Create the Scripted REST Service** (`sys_ws_definition`):',
+                        '   - Name, API ID, namespace, base path',
+                        '   - Set `Requires authentication: true`',
+                        '   - Set required roles',
+                        '',
+                        '2. **Create each Resource** (`sys_ws_operation`):',
+                        '   - One resource per HTTP method + path combination',
+                        '   - Attach the generated script',
+                        '   - Set the HTTP method and relative path',
+                        '   - Configure query parameters and path parameters',
+                        '',
+                        '3. **Create supporting Script Includes** (if needed):',
+                        '   - Shared validation utilities',
+                        '   - Response builder helpers',
+                        '   - Business logic that might be reused across resources',
+                        '',
+                        'Report the sys_id and name of every created artifact.',
+                        '',
+                        '### Step 9 — Generate API Documentation and Test Scenarios',
+                        '',
+                        '**API Documentation:**',
+                        'Generate documentation in this format:',
+                        '```',
+                        'API: <name>',
+                        'Base URL: /api/<namespace>/v1/<resource>',
+                        'Authentication: <method>',
+                        'Content-Type: application/json',
+                        '',
+                        'Endpoints:',
+                        '  <METHOD> <path> — <description>',
+                        '    Request: <schema>',
+                        '    Response: <schema>',
+                        '    Errors: <possible error codes>',
+                        '```',
+                        '',
+                        '**Test Scenarios:**',
+                        'Provide a comprehensive test matrix:',
+                        '| # | Scenario | Method | Path | Body/Params | Expected Status | Expected Response |',
+                        '|---|----------|--------|------|-------------|-----------------|-------------------|',
+                        'Include at minimum:',
+                        '- Happy-path for each HTTP method',
+                        '- Missing required fields (400)',
+                        '- Invalid sys_id format (400)',
+                        '- Record not found (404)',
+                        '- Unauthorized request (401)',
+                        '- Forbidden — wrong role (403)',
+                        '- Duplicate creation attempt (409)',
+                        '- Pagination — first page, middle page, last page, beyond total',
+                        '- Large response — verify limit enforcement',
+                        '- Concurrent modification — optimistic locking if applicable',
+                        '- Special characters in input — verify sanitization',
+                        '- Empty body on POST/PUT (400)',
+                        '- Wrong Content-Type header (415)',
+                    ].join('\n'),
+                },
+            },
+        ];
+    },
+};
+export default capability;
+//# sourceMappingURL=build-rest-api.js.map

package/dist/prompts/capabilities/build-rest-api.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"build-rest-api.js","sourceRoot":"","sources":["../../../src/prompts/capabilities/build-rest-api.ts"],"names":[],"mappings":"AAEA,MAAM,UAAU,GAAyB;IACvC,IAAI,EAAE,gBAAgB;IACtB,KAAK,EAAE,yBAAyB;IAChC,WAAW,EACT,0GAA0G;IAC5G,QAAQ,EAAE,OAAO;IACjB,SAAS,EAAE;QACT;YACE,IAAI,EAAE,aAAa;YACnB,WAAW,EAAE,0CAA0C;YACvD,QAAQ,EAAE,IAAI;SACf;QACD;YACE,IAAI,EAAE,UAAU;YAChB,WAAW,EACT,8FAA8F;YAChG,QAAQ,EAAE,KAAK;SAChB;QACD;YACE,IAAI,EAAE,cAAc;YACpB,WAAW,EACT,iFAAiF;YACnF,QAAQ,EAAE,KAAK;SAChB;KACF;IACD,gBAAgB,EAAE;QAChB,eAAe;QACf,oBAAoB;QACpB,kBAAkB;QAClB,qBAAqB;QACrB,kBAAkB;QAClB,uBAAuB;KACxB;IACD,WAAW,CAAC,IAAI,GAAG,EAAE;QACnB,MAAM,IAAI,GAAG,IAAI,CAAC,WAAW,IAAI,gBAAgB,CAAC;QAClD,MAAM,OAAO,GAAG,IAAI,CAAC,QAAQ,IAAI,2BAA2B,CAAC;QAC7D,MAAM,OAAO,GAAG,IAAI,CAAC,YAAY,IAAI,KAAK,CAAC;QAE3C,OAAO;YACL;gBACE,IAAI,EAAE,MAAM;gBACZ,OAAO,EAAE;oBACP,IAAI,EAAE,MAAM;oBACZ,IAAI,EAAE;wBACJ,4BAA4B;wBAC5B,iBAAiB,OAAO,EAAE;wBAC1B,qBAAqB,OAAO,EAAE;wBAC9B,oBAAoB,IAAI,EAAE;wBAC1B,EAAE;wBACF,6BAA6B;wBAC7B,EAAE;wBACF,yCAAyC;wBACzC,0DAA0D;wBAC1D,wFAAwF;wBACxF,gHAAgH;wBAChH,qGAAqG;wBACrG,yFAAyF;wBACzF,uEAAuE;wBACvE,2DAA2D;wBAC3D,EAAE;wBACF,gDAAgD;wBAChD,kGAAkG;wBAClG,YAAY;wBACZ,sFAAsF;wBACtF,sFAAsF;wBACtF,4FAA4F;wBAC5F,EAAE;wBACF,qCAAqC;wBACrC,uDAAuD;wBACvD,uDAAuD;wBACvD,EAAE;wBACF,uCAAuC;wBACvC,sFAAsF;wBACtF,EAAE;wBACF,2CAA2C;wBAC3C,8DAA8D;wBAC9D,qEAAqE;wBACrE,qEAAqE;wBACrE,4EAA4E;wBAC5E,EAAE;wBACF,yCAAyC;wBACzC,+BAA+B;wBAC/B,gDAAgD;wBAChD,gDAAgD;wBAChD,yGAAyG;wBACzG,sFAAsF;wBACtF,uFAAuF;wBACvF,iGAAiG;wBACjG,wFAAwF;wBACxF,EAAE;wBACF,0BAA0B;wBAC1B,gDAAgD;wBAChD,oEAAoE;wBACpE,6EAA6E;wBAC7E,EAAE;wBACF,8CAA8C;wBAC9C,qCAAqC;wBACrC,EAAE;wBACF,qBAAqB;wBACrB,wEAAwE;wBACxE,uGAAuG;wBACvG,8EAA8E;wBAC9E,kGAAkG;wBAClG,EAAE;wBACF,6BAA6B;wBAC7B,8CAA8C;wBAC9C,6EAA6E;wBAC7E,wEAAwE;wBACxE,yFAAyF;wBACzF,oEAAoE;wBACpE,EAAE;wBACF,sBAAsB;wBACtB,SAAS;wBACT,GAAG;wBACH,eAAe;wBACf,0BAA0B;wBAC1B,sBAAsB;wBACtB,eAAe;wBACf,qBAAqB;wBACrB,oBAAoB;wBACpB,oBAAoB;wBACpB,2DAA2D;wBAC3D,OAAO;wBACP,KAAK;wBACL,GAAG;wBACH,KAAK;wBACL,EAAE;wBACF,4BAA4B;wBAC5B,SAAS;wBACT,GAAG;wBACH,cAAc;wBACd,oCAAoC;wBACpC,wDAAwD;wBACxD,yBAAyB;wBACzB,KAAK;wBACL,GAAG;wBACH,KAAK;wBACL,EAAE;wBACF,wCAAwC;wBACxC,sFAAsF;wBACtF,EAAE;wBACF,qCAAqC;wBACrC,oEAAoE;wBACpE,0DAA0D;wBAC1D,iEAAiE;wBACjE,oDAAoD;wBACpD,+CAA+C;wBAC/C,sDAAsD;wBACtD,oEAAoE;wBACpE,oCAAoC;wBACpC,EAAE;wBACF,uCAAuC;wBACvC,oDAAoD;wBACpD,qDAAqD;wBACrD,4DAA4D;wBAC5D,6DAA6D;wBAC7D,EAAE;wBACF,6BAA6B;wBAC7B,6CAA6C;wBAC7C,2DAA2D;wBAC3D,2DAA2D;wBAC3D,kGAAkG;wBAClG,6DAA6D;wBAC7D,4EAA4E;wBAC5E,EAAE;wBACF,gCAAgC;wBAChC,eAAe;wBACf,+EAA+E;wBAC/E,oCAAoC;wBACpC,+BAA+B;wBAC/B,yCAAyC;wBACzC,0BAA0B;wBAC1B,wCAAwC;wBACxC,wBAAwB;wBACxB,KAAK;wBACL,EAAE;wBACF,oCAAoC;wBACpC,oDAAoD;wBACpD,kDAAkD;wBAClD,uDAAuD;wBACvD,kDAAkD;wBAClD,8DAA8D;wBAC9D,iDAAiD;wBACjD,0FAA0F;wBAC1F,EAAE;wBACF,uDAAuD;wBACvD,6BAA6B;wBAC7B,EAAE;wBACF,sCAAsC;wBACtC,kFAAkF;wBAClF,4FAA4F;wBAC5F,0GAA0G;wBAC1G,4FAA4F;wBAC5F,EAAE;wBACF,uCAAuC;wBACvC,uFAAuF;wBACvF,wFAAwF;wBACxF,uGAAuG;wBACvG,gFAAgF;wBAChF,uHAAuH;wBACvH,EAAE;wBACF,yBAAyB;wBACzB,8EAA8E;wBAC9E,4EAA4E;wBAC5E,qDAAqD;wBACrD,EAAE;wBACF,iCAAiC;wBACjC,yCAAyC;wBACzC,EAAE;wBACF,2BAA2B;wBAC3B,kCAAkC;wBAClC,kCAAkC;wBAClC,oCAAoC;wBACpC,qCAAqC;wBACrC,0CAA0C;wBAC1C,gEAAgE;wBAChE,4DAA4D;wBAC5D,uEAAuE;wBACvE,6CAA6C;wBAC7C,2EAA2E;wBAC3E,kEAAkE;wBAClE,sEAAsE;wBACtE,2EAA2E;wBAC3E,mDAAmD;wBACnD,0FAA0F;wBAC1F,EAAE;wBACF,oCAAoC;wBACpC,2DAA2D;wBAC3D,0EAA0E;wBAC1E,4FAA4F;wBAC5F,sEAAsE;wBACtE,sGAAsG;wBACtG,EAAE;wBACF,yDAAyD;wBACzD,wEAAwE;wBACxE,EAAE;wBACF,gEAAgE;wBAChE,yCAAyC;wBACzC,0CAA0C;wBAC1C,yBAAyB;wBACzB,EAAE;wBACF,mDAAmD;wBACnD,sDAAsD;wBACtD,kCAAkC;wBAClC,4CAA4C;wBAC5C,qDAAqD;wBACrD,EAAE;wBACF,uDAAuD;wBACvD,kCAAkC;wBAClC,+BAA+B;wBAC/B,2DAA2D;wBAC3D,EAAE;wBACF,uDAAuD;wBACvD,EAAE;wBACF,4DAA4D;wBAC5D,EAAE;wBACF,wBAAwB;wBACxB,wCAAwC;wBACxC,KAAK;wBACL,aAAa;wBACb,0CAA0C;wBAC1C,0BAA0B;wBAC1B,gCAAgC;wBAChC,EAAE;wBACF,YAAY;wBACZ,mCAAmC;wBACnC,uBAAuB;wBACvB,wBAAwB;wBACxB,oCAAoC;wBACpC,KAAK;wBACL,EAAE;wBACF,qBAAqB;wBACrB,sCAAsC;wBACtC,sFAAsF;wBACtF,sFAAsF;wBACtF,qBAAqB;wBACrB,mCAAmC;wBACnC,iCAAiC;wBACjC,+BAA+B;wBAC/B,0BAA0B;wBAC1B,8BAA8B;wBAC9B,gCAAgC;wBAChC,oCAAoC;wBACpC,iEAAiE;wBACjE,6CAA6C;wBAC7C,8DAA8D;wBAC9D,qDAAqD;wBACrD,gCAAgC;wBAChC,mCAAmC;qBACpC,CAAC,IAAI,CAAC,IAAI,CAAC;iBACb;aACF;SACF,CAAC;IACJ,CAAC;CACF,CAAC;AAEF,eAAe,UAAU,CAAC"}

package/dist/prompts/capabilities/build-test-plan.d.ts

@@ -0,0 +1,4 @@
+import type { CapabilityDefinition } from '../types.js';
+declare const capability: CapabilityDefinition;
+export default capability;
+//# sourceMappingURL=build-test-plan.d.ts.map

package/dist/prompts/capabilities/build-test-plan.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"build-test-plan.d.ts","sourceRoot":"","sources":["../../../src/prompts/capabilities/build-test-plan.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,oBAAoB,EAAE,MAAM,aAAa,CAAC;AAExD,QAAA,MAAM,UAAU,EAAE,oBAkKjB,CAAC;AAEF,eAAe,UAAU,CAAC"}

package/dist/prompts/capabilities/build-test-plan.js

@@ -0,0 +1,162 @@
+const capability = {
+    name: 'build-test-plan',
+    title: 'Build Test Plan',
+    description: 'Generate comprehensive ATF test suites from requirements or existing artifacts — covers all testable ServiceNow components',
+    category: 'build',
+    arguments: [
+        {
+            name: 'target',
+            description: 'business rule name/sys_id, script include, client script, flow, or describe the feature to test',
+            required: true,
+        },
+        {
+            name: 'type',
+            description: 'unit, integration, regression, smoke. Default: integration',
+            required: false,
+        },
+    ],
+    recommendedTools: [
+        'run_atf_suite',
+        'run_atf_test',
+        'list_atf_suites',
+        'list_atf_tests',
+        'get_business_rule',
+        'get_script_include',
+        'get_client_script',
+        'query_records',
+        'get_table_schema',
+    ],
+    buildPrompt(args = {}) {
+        const target = args.target ?? '<not provided>';
+        const type = args.type ?? 'integration';
+        return [
+            {
+                role: 'user',
+                content: {
+                    type: 'text',
+                    text: [
+                        `Generate a comprehensive **${type}** test plan for: **${target}**`,
+                        '',
+                        'Follow these steps:',
+                        '',
+                        '### Step 1 — Identify the Artifact(s) Under Test',
+                        `Determine what "${target}" refers to. Use the appropriate tool to retrieve details:`,
+                        '- **get_business_rule** if it is a business rule name or sys_id.',
+                        '- **get_script_include** if it is a script include.',
+                        '- **get_client_script** if it is a client script.',
+                        '- **query_records** on sys_hub_flow for flows, sys_ui_policy for UI policies, sys_security_acl for ACLs, sc_cat_item for catalog items.',
+                        '- If the target is a plain-language feature description, identify ALL artifacts that implement the feature.',
+                        '',
+                        'Retrieve the full source code and configuration of each artifact. Use **get_table_schema** for tables involved.',
+                        '',
+                        '### Step 2 — Analyze Test Coverage Requirements',
+                        `Based on the artifact type(s), apply the relevant test strategy below. Test type: **${type}**.`,
+                        '',
+                        '---',
+                        '',
+                        '#### Business Rules',
+                        '- **Before rules (validation):** test that `setAbortAction` fires for invalid data and does NOT fire for valid data.',
+                        '- **Before rules (data manipulation):** verify field values are correctly set/transformed before insert/update.',
+                        '- **After rules:** verify downstream effects (related record updates, events generated, notifications sent).',
+                        '- **Async rules:** verify the event is registered and the async processing completes correctly.',
+                        '- **Condition evaluation:** test with records that match AND do not match the condition.',
+                        '- **Update vs Insert:** test both operations if the rule fires on both.',
+                        '',
+                        '#### Script Includes',
+                        '- Test each **public method** individually.',
+                        '- Test with valid inputs, invalid inputs, null/undefined inputs, and boundary values.',
+                        '- Test error handling paths — verify exceptions are thrown or handled gracefully.',
+                        '- If the Script Include extends AbstractAjaxProcessor, test via GlideAjax simulation.',
+                        '- Test any caching behavior or state management.',
+                        '',
+                        '#### Client Scripts',
+                        '- **onChange:** test with various newValue/oldValue combinations including empty string and null.',
+                        '- **onLoad:** verify form state after load (field visibility, mandatory states, default values).',
+                        '- **onSubmit:** test that valid submissions proceed and invalid submissions are blocked.',
+                        '- Use ATF **client-side test steps** (UI interaction steps) to simulate user behavior.',
+                        '- Test with different user roles (admin vs non-admin) if behavior is role-dependent.',
+                        '',
+                        '#### UI Policies',
+                        '- Verify field **visibility** states (visible/hidden) based on condition.',
+                        '- Verify field **mandatory** states based on condition.',
+                        '- Verify field **read-only** states based on condition.',
+                        '- Test condition boundaries — one record that matches, one that does not.',
+                        '- Test reverse behavior when condition becomes false (if "reverse if false" is enabled).',
+                        '',
+                        '#### Flows / Flow Designer',
+                        '- Test **trigger conditions** — verify the flow fires for matching records and does NOT fire for non-matching.',
+                        '- Test each **flow step/action** in isolation where possible.',
+                        '- Test the **end-to-end flow** with realistic data.',
+                        '- Test **error handling** — what happens when a step fails (fault handler, error output).',
+                        '- Test **subflow** invocations with various inputs.',
+                        '- Test **approval steps** with approve and reject paths.',
+                        '',
+                        '#### ACLs (Access Control Lists)',
+                        '- Build a role matrix and test every combination:',
+                        '  - Admin user (should bypass ACLs).',
+                        '  - User with the required role(s).',
+                        '  - User WITHOUT the required role(s).',
+                        '  - User with partial roles (if multiple roles are required).',
+                        '- Test all operations the ACL governs: read, write, create, delete.',
+                        '- Test row-level conditions if the ACL has a script or condition.',
+                        '',
+                        '#### Catalog Items',
+                        '- Test **variable validation** — mandatory variables, regex validators, reference qualifiers.',
+                        '- Test **catalog client scripts** and **variable sets**.',
+                        '- Test **approval flow** — verify approval is requested from the correct group/user.',
+                        '- Test **fulfillment** — verify the requested item is provisioned correctly.',
+                        '- Test **order guides** if the item is part of one.',
+                        '',
+                        '#### REST API (Scripted REST)',
+                        '- Test each endpoint with valid payloads — verify response status and body.',
+                        '- Test with invalid/malformed payloads — verify appropriate error responses.',
+                        '- Test authentication — unauthenticated, basic auth, OAuth, API key.',
+                        '- Test authorization — verify role enforcement.',
+                        '- Test rate limiting and pagination if applicable.',
+                        '',
+                        '---',
+                        '',
+                        '### Step 3 — Generate the Test Suite Specification',
+                        'For EACH test case, provide:',
+                        '',
+                        '| Field | Description |',
+                        '|-------|-------------|',
+                        '| **Test ID** | Unique identifier (e.g., TC-BR-001) |',
+                        '| **Test Name** | Descriptive name |',
+                        '| **Artifact** | The specific artifact under test |',
+                        '| **Category** | unit / integration / regression / smoke |',
+                        '| **Priority** | P1 (critical) / P2 (important) / P3 (nice-to-have) |',
+                        '| **Setup Steps** | Create test data, impersonate users, set system properties |',
+                        '| **Test Steps** | Step-by-step actions to trigger and verify behavior |',
+                        '| **Expected Result** | Precise, verifiable assertion(s) |',
+                        '| **Teardown Steps** | Delete test records, restore impersonation, reset properties |',
+                        '| **Edge Cases** | Boundary conditions, null values, concurrent modifications |',
+                        '',
+                        '### Step 4 — Check for Existing Tests',
+                        'Use **list_atf_suites** and **list_atf_tests** to find any existing tests for these artifacts. Report overlap and recommend whether to extend existing tests or create new ones.',
+                        '',
+                        '### Step 5 — Create and Run the ATF Suite',
+                        'If the user wants to proceed with creation:',
+                        '1. Use the ServiceNow ATF tools to create the test suite and individual test cases.',
+                        '2. Use **run_atf_suite** to execute the suite.',
+                        '3. Report results — pass/fail per test, execution time, any failures with details.',
+                        '',
+                        '### Step 6 — Output Summary',
+                        'Provide a final summary table:',
+                        '',
+                        '| Metric | Value |',
+                        '|--------|-------|',
+                        '| Total test cases | N |',
+                        '| P1 (critical) | N |',
+                        '| P2 (important) | N |',
+                        '| P3 (nice-to-have) | N |',
+                        '| Artifact types covered | list |',
+                        '| Estimated execution time | N min |',
+                    ].join('\n'),
+                },
+            },
+        ];
+    },
+};
+export default capability;
+//# sourceMappingURL=build-test-plan.js.map

package/dist/prompts/capabilities/build-test-plan.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"build-test-plan.js","sourceRoot":"","sources":["../../../src/prompts/capabilities/build-test-plan.ts"],"names":[],"mappings":"AAEA,MAAM,UAAU,GAAyB;IACvC,IAAI,EAAE,iBAAiB;IACvB,KAAK,EAAE,iBAAiB;IACxB,WAAW,EACT,4HAA4H;IAC9H,QAAQ,EAAE,OAAO;IACjB,SAAS,EAAE;QACT;YACE,IAAI,EAAE,QAAQ;YACd,WAAW,EACT,iGAAiG;YACnG,QAAQ,EAAE,IAAI;SACf;QACD;YACE,IAAI,EAAE,MAAM;YACZ,WAAW,EAAE,4DAA4D;YACzE,QAAQ,EAAE,KAAK;SAChB;KACF;IACD,gBAAgB,EAAE;QAChB,eAAe;QACf,cAAc;QACd,iBAAiB;QACjB,gBAAgB;QAChB,mBAAmB;QACnB,oBAAoB;QACpB,mBAAmB;QACnB,eAAe;QACf,kBAAkB;KACnB;IACD,WAAW,CAAC,IAAI,GAAG,EAAE;QACnB,MAAM,MAAM,GAAG,IAAI,CAAC,MAAM,IAAI,gBAAgB,CAAC;QAC/C,MAAM,IAAI,GAAG,IAAI,CAAC,IAAI,IAAI,aAAa,CAAC;QAExC,OAAO;YACL;gBACE,IAAI,EAAE,MAAM;gBACZ,OAAO,EAAE;oBACP,IAAI,EAAE,MAAM;oBACZ,IAAI,EAAE;wBACJ,8BAA8B,IAAI,uBAAuB,MAAM,IAAI;wBACnE,EAAE;wBACF,qBAAqB;wBACrB,EAAE;wBACF,kDAAkD;wBAClD,mBAAmB,MAAM,4DAA4D;wBACrF,kEAAkE;wBAClE,qDAAqD;wBACrD,mDAAmD;wBACnD,yIAAyI;wBACzI,6GAA6G;wBAC7G,EAAE;wBACF,iHAAiH;wBACjH,EAAE;wBACF,iDAAiD;wBACjD,uFAAuF,IAAI,KAAK;wBAChG,EAAE;wBACF,KAAK;wBACL,EAAE;wBACF,qBAAqB;wBACrB,sHAAsH;wBACtH,iHAAiH;wBACjH,8GAA8G;wBAC9G,iGAAiG;wBACjG,0FAA0F;wBAC1F,yEAAyE;wBACzE,EAAE;wBACF,sBAAsB;wBACtB,6CAA6C;wBAC7C,uFAAuF;wBACvF,mFAAmF;wBACnF,uFAAuF;wBACvF,kDAAkD;wBAClD,EAAE;wBACF,qBAAqB;wBACrB,mGAAmG;wBACnG,kGAAkG;wBAClG,0FAA0F;wBAC1F,wFAAwF;wBACxF,sFAAsF;wBACtF,EAAE;wBACF,kBAAkB;wBAClB,2EAA2E;wBAC3E,yDAAyD;wBACzD,yDAAyD;wBACzD,2EAA2E;wBAC3E,0FAA0F;wBAC1F,EAAE;wBACF,4BAA4B;wBAC5B,gHAAgH;wBAChH,+DAA+D;wBAC/D,qDAAqD;wBACrD,2FAA2F;wBAC3F,qDAAqD;wBACrD,0DAA0D;wBAC1D,EAAE;wBACF,kCAAkC;wBAClC,mDAAmD;wBACnD,sCAAsC;wBACtC,qCAAqC;wBACrC,wCAAwC;wBACxC,+DAA+D;wBAC/D,qEAAqE;wBACrE,mEAAmE;wBACnE,EAAE;wBACF,oBAAoB;wBACpB,+FAA+F;wBAC/F,0DAA0D;wBAC1D,sFAAsF;wBACtF,8EAA8E;wBAC9E,qDAAqD;wBACrD,EAAE;wBACF,+BAA+B;wBAC/B,6EAA6E;wBAC7E,8EAA8E;wBAC9E,sEAAsE;wBACtE,iDAAiD;wBACjD,oDAAoD;wBACpD,EAAE;wBACF,KAAK;wBACL,EAAE;wBACF,oDAAoD;wBACpD,8BAA8B;wBAC9B,EAAE;wBACF,yBAAyB;wBACzB,yBAAyB;wBACzB,uDAAuD;wBACvD,sCAAsC;wBACtC,qDAAqD;wBACrD,4DAA4D;wBAC5D,uEAAuE;wBACvE,kFAAkF;wBAClF,0EAA0E;wBAC1E,4DAA4D;wBAC5D,uFAAuF;wBACvF,iFAAiF;wBACjF,EAAE;wBACF,uCAAuC;wBACvC,kLAAkL;wBAClL,EAAE;wBACF,2CAA2C;wBAC3C,6CAA6C;wBAC7C,qFAAqF;wBACrF,gDAAgD;wBAChD,oFAAoF;wBACpF,EAAE;wBACF,6BAA6B;wBAC7B,gCAAgC;wBAChC,EAAE;wBACF,oBAAoB;wBACpB,oBAAoB;wBACpB,0BAA0B;wBAC1B,uBAAuB;wBACvB,wBAAwB;wBACxB,2BAA2B;wBAC3B,mCAAmC;wBACnC,sCAAsC;qBACvC,CAAC,IAAI,CAAC,IAAI,CAAC;iBACb;aACF;SACF,CAAC;IACJ,CAAC;CACF,CAAC;AAEF,eAAe,UAAU,CAAC"}

package/dist/prompts/capabilities/build-uib.d.ts

@@ -0,0 +1,4 @@
+import type { CapabilityDefinition } from '../types.js';
+declare const capability: CapabilityDefinition;
+export default capability;
+//# sourceMappingURL=build-uib.d.ts.map

package/dist/prompts/capabilities/build-uib.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"build-uib.d.ts","sourceRoot":"","sources":["../../../src/prompts/capabilities/build-uib.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,oBAAoB,EAAE,MAAM,aAAa,CAAC;AAExD,QAAA,MAAM,UAAU,EAAE,oBAoTjB,CAAC;AAEF,eAAe,UAAU,CAAC"}