sap-adt-mcp 0.8.0 → 0.8.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +76 -19
- package/config.example.json +6 -1
- package/package.json +3 -2
- package/skills/abap-clean-core/SKILL.md +285 -0
- package/skills/abap-clean-core/references/abap-cloud-rules.md +172 -0
- package/skills/abap-clean-core/references/decision-framework.md +142 -0
- package/skills/abap-clean-core/references/governance.md +163 -0
- package/skills/abap-clean-core/references/levels-detailed.md +135 -0
- package/skills/dump-triage/SKILL.md +98 -0
- package/skills/legacy-code-doc/SKILL.md +97 -0
- package/skills/transport-release-gate/SKILL.md +101 -0
- package/src/adt-client.js +35 -1
- package/src/audit.js +54 -0
- package/src/config.js +21 -0
- package/src/data-preview.js +57 -14
- package/src/dump-feed.js +10 -0
- package/src/object-uris.js +11 -0
- package/src/reporter.js +176 -22
- package/src/result.js +17 -1
- package/src/server.js +25 -3
- package/src/tools/quality.js +67 -5
- package/src/tools/report.js +72 -0
- package/src/tools/runtime.js +14 -7
- package/src/tools/source.js +25 -2
package/README.md
CHANGED
|
@@ -159,34 +159,66 @@ Recommended: set `readOnly: true` for QAS and PRD profiles. Keep DEV writable.
|
|
|
159
159
|
Many internal SAP systems use self-signed certs. `"rejectUnauthorized": false`
|
|
160
160
|
disables TLS validation for that profile only. Don't set this on PRD.
|
|
161
161
|
|
|
162
|
+
### Audit log
|
|
163
|
+
|
|
164
|
+
Every **write** the server performs against SAP (POST/PUT/DELETE/PATCH — locks,
|
|
165
|
+
source updates, activations, transport operations) is appended to a local JSONL
|
|
166
|
+
file, including which MCP tool triggered it and, for blocked attempts in
|
|
167
|
+
read-only mode, the violation itself. Reads and read-only queries are not
|
|
168
|
+
logged. Nothing leaves your machine — this is your local answer to "what exactly
|
|
169
|
+
did the AI change?".
|
|
170
|
+
|
|
171
|
+
Default location: `~/.sap-adt-mcp/audit.log`. One JSON object per line:
|
|
172
|
+
|
|
173
|
+
```json
|
|
174
|
+
{"ts":"2026-06-11T12:00:00.000Z","tool":"adt_set_source","host":"https://...","sapUser":"DEVELOPER","method":"PUT","path":"/sap/bc/adt/programs/programs/ztest/source/main","status":200,"ok":true,"transport":"E4DK900123"}
|
|
175
|
+
```
|
|
176
|
+
|
|
177
|
+
Configure or disable:
|
|
178
|
+
|
|
179
|
+
```json
|
|
180
|
+
{ "audit": { "enabled": false, "path": "/var/log/sap-adt-mcp/audit.log" } }
|
|
181
|
+
```
|
|
182
|
+
|
|
183
|
+
…or set `SAP_ADT_MCP_AUDIT=0` (also accepts `false`/`no`/`off`).
|
|
184
|
+
|
|
162
185
|
### Automatic error reporting
|
|
163
186
|
|
|
164
|
-
|
|
165
|
-
|
|
166
|
-
|
|
187
|
+
The server sends small, **redacted** reports to the maintainer so defects get
|
|
188
|
+
found and fixed. This is **on by default** and the server prints a notice saying
|
|
189
|
+
so on startup. There are three channels:
|
|
167
190
|
|
|
168
|
-
|
|
169
|
-
error
|
|
170
|
-
|
|
171
|
-
|
|
172
|
-
|
|
173
|
-
the
|
|
191
|
+
1. **Crash** — a tool handler throws an unexpected error.
|
|
192
|
+
2. **ADT error** — a tool returns a non-2xx ADT response that the classifier
|
|
193
|
+
flags as a likely tool bug (406/415 content negotiation, malformed requests,
|
|
194
|
+
server dispatcher blow-ups). User/business-side responses (401/403/404, lock
|
|
195
|
+
and enqueue conflicts, data-preview SQL errors) are **not** reported.
|
|
196
|
+
3. **Agent-reported** — the calling agent files a defect the other two channels
|
|
197
|
+
can't see (wrong data in a successful response, an ignored parameter, a
|
|
198
|
+
missing capability) via the **`adt_report_issue`** tool.
|
|
174
199
|
|
|
175
|
-
What is
|
|
176
|
-
|
|
200
|
+
What is sent: the sap-adt-mcp version, Node version, OS, the tool name, and the
|
|
201
|
+
error/finding with a fingerprint for de-duplication. Before anything leaves your
|
|
202
|
+
machine it is scrubbed of **hostnames, users, passwords, tokens, IPs, and
|
|
203
|
+
emails**; tool arguments and free-text fields are redacted the same way. Reports
|
|
204
|
+
go to a relay the maintainer owns, which files/de-dups a GitHub issue — the
|
|
205
|
+
relay holds the GitHub credentials, never this package.
|
|
177
206
|
|
|
178
|
-
Turn it off
|
|
207
|
+
Turn it all off:
|
|
179
208
|
|
|
180
209
|
```json
|
|
181
|
-
{
|
|
182
|
-
"reporting": { "enabled": false }
|
|
183
|
-
}
|
|
210
|
+
{ "reporting": { "enabled": false } }
|
|
184
211
|
```
|
|
185
212
|
|
|
186
|
-
…or set `SAP_ADT_MCP_REPORT=0` (also accepts `false`/`no`/`off`).
|
|
187
|
-
|
|
188
|
-
|
|
189
|
-
|
|
213
|
+
…or set `SAP_ADT_MCP_REPORT=0` (also accepts `false`/`no`/`off`). Finer control:
|
|
214
|
+
|
|
215
|
+
| Key | Default | Effect |
|
|
216
|
+
| --- | --- | --- |
|
|
217
|
+
| `reporting.enabled` | `true` | Master switch for all three channels. |
|
|
218
|
+
| `reporting.adtErrors` | `true` | Channel 2 (auto-report flagged ADT errors). |
|
|
219
|
+
| `reporting.allowManual` | `true` | Channel 3 (the `adt_report_issue` tool). |
|
|
220
|
+
| `reporting.includeArgs` | `true` | Include redacted tool args / repro args. Note: object names can appear here. |
|
|
221
|
+
| `reporting.endpoint` | relay URL | Point at your own relay (see [`worker/`](worker/)). |
|
|
190
222
|
|
|
191
223
|
## Connect a client
|
|
192
224
|
|
|
@@ -322,6 +354,31 @@ Friendly aliases (any of either column work):
|
|
|
322
354
|
| behaviordef / bdef | BDEF |
|
|
323
355
|
| messageclass / msag | MSAG |
|
|
324
356
|
|
|
357
|
+
## Skills (packaged workflows)
|
|
358
|
+
|
|
359
|
+
The raw tools are building blocks; [`skills/`](skills/) ships ready-made
|
|
360
|
+
workflows for Claude Code that orchestrate them. Each SKILL.md lists its own
|
|
361
|
+
prerequisites (minimum NetWeaver release, required authorizations, read-only
|
|
362
|
+
compatibility).
|
|
363
|
+
|
|
364
|
+
| Skill | What it does | Read-only OK? | Min. system |
|
|
365
|
+
| --- | --- | --- | --- |
|
|
366
|
+
| [`transport-release-gate`](skills/transport-release-gate/SKILL.md) | Pre-release quality gate over a TR: inactive objects, locks, syntax, ATC, unit tests → go/no-go report. Release stays a human decision. | Mostly (unit tests + release need write) | NW 7.50+, ATC configured |
|
|
367
|
+
| [`dump-triage`](skills/dump-triage/SKILL.md) | ST22 triage: group dumps into families, deep-read top offenders, root cause + fix per family. | Yes — safe on PRD | NW 7.50+ (dumps feed) |
|
|
368
|
+
| [`legacy-code-doc`](skills/legacy-code-doc/SKILL.md) | Reverse-document legacy Z code: structure, DB touchpoints, callers, risks, S/4 migration notes. | Yes — safe on PRD | NW 7.4x+ (data samples 7.55+) |
|
|
369
|
+
| [`abap-clean-core`](skills/abap-clean-core/SKILL.md) | SAP Clean Core framework knowledge: levels, decision framework, governance. | Yes (knowledge-only) | none |
|
|
370
|
+
|
|
371
|
+
To use one, copy its folder into your project's `.claude/skills/` (or
|
|
372
|
+
`~/.claude/skills/` for all projects):
|
|
373
|
+
|
|
374
|
+
```bash
|
|
375
|
+
cp -r node_modules/sap-adt-mcp/skills/dump-triage .claude/skills/
|
|
376
|
+
# or from a clone: cp -r sap-adt-mcp/skills/dump-triage .claude/skills/
|
|
377
|
+
```
|
|
378
|
+
|
|
379
|
+
Claude Code picks them up automatically; they trigger when the conversation
|
|
380
|
+
matches (e.g. "is E4DK900123 safe to release?" → transport-release-gate).
|
|
381
|
+
|
|
325
382
|
## Clean Core: prompts + reference
|
|
326
383
|
|
|
327
384
|
The server ships an opt-in **Clean Core** layer for SAP S/4HANA work.
|
package/config.example.json
CHANGED
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "sap-adt-mcp",
|
|
3
|
-
"version": "0.8.
|
|
3
|
+
"version": "0.8.2",
|
|
4
4
|
"description": "MCP server giving Claude live access to SAP systems via ADT (ABAP Development Tools) REST. Read source, search, run syntax checks, and edit ABAP objects from any MCP-compatible client.",
|
|
5
5
|
"type": "module",
|
|
6
6
|
"main": "src/server.js",
|
|
@@ -10,6 +10,7 @@
|
|
|
10
10
|
},
|
|
11
11
|
"files": [
|
|
12
12
|
"src",
|
|
13
|
+
"skills",
|
|
13
14
|
"config.example.json",
|
|
14
15
|
"README.md",
|
|
15
16
|
"LICENSE"
|
|
@@ -19,7 +20,7 @@
|
|
|
19
20
|
},
|
|
20
21
|
"scripts": {
|
|
21
22
|
"start": "node src/server.js",
|
|
22
|
-
"test": "node --test test/adt-error.test.js test/atc-bulk.test.js test/cds.test.js test/data-preview.test.js test/diff.test.js test/dump-feed.test.js test/grep-source.test.js test/jobs.test.js test/lifecycle-activate.test.js test/lock.test.js test/mcp-bug-fixes.test.js test/node-structure.test.js test/notes.test.js test/object-create.test.js test/object-references.test.js test/object-uris.test.js test/prompts.test.js test/provenance.test.js test/rap-scaffold.test.js test/reporter.test.js test/security.test.js test/source-chunked.test.js test/source-guard.test.js test/source-pagination.test.js test/tools-shape.test.js test/versions.test.js test/worklist.test.js",
|
|
23
|
+
"test": "node --test test/adt-error.test.js test/atc-bulk.test.js test/audit.test.js test/cds.test.js test/data-preview.test.js test/diff.test.js test/dump-feed.test.js test/grep-source.test.js test/jobs.test.js test/lifecycle-activate.test.js test/lock.test.js test/mcp-bug-fixes.test.js test/node-structure.test.js test/notes.test.js test/object-create.test.js test/object-references.test.js test/object-uris.test.js test/prompts.test.js test/provenance.test.js test/rap-scaffold.test.js test/reporter.test.js test/security.test.js test/source-chunked.test.js test/source-guard.test.js test/source-pagination.test.js test/syntax-context.test.js test/tools-shape.test.js test/versions.test.js test/worklist.test.js",
|
|
23
24
|
"lint": "eslint src test"
|
|
24
25
|
},
|
|
25
26
|
"keywords": [
|
|
@@ -0,0 +1,285 @@
|
|
|
1
|
+
---
|
|
2
|
+
name: abap-clean-core
|
|
3
|
+
description: Apply SAP Clean Core extensibility principles whenever the user writes, reviews, refactors, or designs ABAP code for SAP S/4HANA — any deployment (Public Cloud, Private Cloud, on-premise). Use this skill any time the conversation involves ABAP extensions, custom Z-code, BAdIs, BAPIs, user exits, CDS views, RAP services, custom fields or business objects, modifications, enhancements, ATC findings, the Cloudification Repository, ABAP Cloud vs classic ABAP, on-stack vs side-by-side architecture, RISE/GROW with SAP, BTP extensions, or migrating legacy ABAP toward ABAP Cloud. Trigger generously — even when the user just mentions terms like "modification," "user exit," "enhancement spot," "implicit enhancement," "Z-program," "Z-table," "released API," "internal SAP object," "upgrade-safe," "S/4HANA migration," "clean core," "fit-to-standard," "BTP first," or "technical debt in ABAP," this skill is almost certainly relevant. Better to load it and stay quiet than to miss the context.
|
|
4
|
+
---
|
|
5
|
+
|
|
6
|
+
# ABAP Clean Core
|
|
7
|
+
|
|
8
|
+
This skill encodes SAP's official Clean Core extensibility framework. Apply it when guiding the user through ABAP development, code review, refactoring, or architecture decisions for SAP S/4HANA.
|
|
9
|
+
|
|
10
|
+
## Prerequisites
|
|
11
|
+
|
|
12
|
+
None — this is a knowledge skill: it needs no SAP connection and works in any
|
|
13
|
+
ABAP conversation. When sap-adt-mcp **is** connected it gets sharper:
|
|
14
|
+
`adt_run_atc` / `adt_run_atc_package` verify findings against the system's real
|
|
15
|
+
check variant, `adt_list_released_apis` confirms what is actually released on
|
|
16
|
+
that release level, and `adt_where_used` measures the blast radius of a Level
|
|
17
|
+
C/D dependency before recommending a replacement. Cloud-readiness ATC checks
|
|
18
|
+
require an S/4HANA system (or a recent ATC content update on NW 7.5x).
|
|
19
|
+
|
|
20
|
+
## Why Clean Core matters
|
|
21
|
+
|
|
22
|
+
Every extension that touches SAP-internal objects, modifies standard code, or relies on undocumented APIs becomes a maintenance liability. It blocks upgrades, breaks unpredictably, and accumulates as technical debt that compounds over years.
|
|
23
|
+
|
|
24
|
+
Clean Core is the discipline of building extensions that survive SAP upgrades automatically — by isolating custom code from the standard through stable, released interfaces. It's not theoretical: SAP's entire cloud strategy (RISE, GROW, S/4HANA Cloud) assumes customer extensions are decoupled. Code that ignores Clean Core is code that will eventually be rewritten.
|
|
25
|
+
|
|
26
|
+
Clean Core spans **five principles** — Processes, Data, Integration, Operations, and Extensibility. This skill focuses on Extensibility (the code and architecture side), but be aware: when a user asks about "clean core data" or "clean core integration," they're asking about the other four principles, not about extensions.
|
|
27
|
+
|
|
28
|
+
When you help with ABAP, your job is to nudge the user toward extensions that will still work after the next upgrade — without lecturing, without refusing classic-ABAP work when it's needed, but always making the trade-off visible.
|
|
29
|
+
|
|
30
|
+
## Two strategic tracks: Stay Clean & Get Clean
|
|
31
|
+
|
|
32
|
+
All clean core work falls into one of two efforts. Naming which one the user is in helps frame the advice.
|
|
33
|
+
|
|
34
|
+
### Stay Clean — preventing new technical debt
|
|
35
|
+
|
|
36
|
+
Applies to **new development**. The goal is zero unnecessary debt: every new extension at the highest achievable level, governed by a process that catches violations before they ship. When the user is writing or designing something new, you're in Stay Clean mode — enforcement-heavy, with quality gates blocking transport on Level 1–2 ATC findings.
|
|
37
|
+
|
|
38
|
+
### Get Clean — reducing existing technical debt
|
|
39
|
+
|
|
40
|
+
Applies to **existing custom code**. Realistic, prioritized reduction over years — eliminate Level D first ("Level D zero" is a year-one goal), then chip away at C and B. When the user is reviewing legacy or planning remediation, you're in Get Clean mode — prioritization-heavy, with tactics like the boy scout principle (every developer leaves code cleaner than they found it), the lighthouse approach (clean during major rework anyway), and a 10% annual reduction target.
|
|
41
|
+
|
|
42
|
+
For the full Stay Clean / Get Clean playbook, KPI calculations, and exemption process, see `references/governance.md`.
|
|
43
|
+
|
|
44
|
+
## The four cleanliness levels
|
|
45
|
+
|
|
46
|
+
Every ABAP extension sits in exactly one of four "cleanliness levels." Identifying the level — and pushing it upward when possible — is the entire framework.
|
|
47
|
+
|
|
48
|
+
### Level A — Released APIs (the goal)
|
|
49
|
+
- Uses publicly released APIs with formal stability contracts
|
|
50
|
+
- ABAP Cloud development model on-stack, or SAP Build / CAP / ABAP Cloud on BTP side-by-side
|
|
51
|
+
- ATC behavior: no finding
|
|
52
|
+
- Upgrade-safe by SAP guarantee
|
|
53
|
+
|
|
54
|
+
**Examples:** released CDS views, business object interfaces, released BAdIs, RAP services, OData APIs documented in the SAP Business Accelerator Hub, custom fields via the Custom Fields app or extension framework.
|
|
55
|
+
|
|
56
|
+
### Level B — Classic APIs (acceptable when needed)
|
|
57
|
+
- Documented, historically stable APIs without a formal stability contract
|
|
58
|
+
- Examples: BAPIs (e.g., `BAPI_PO_CREATE1`), released user exits, classic ALV grid (`CL_GUI_ALV_GRID`), traditional Web Dynpro
|
|
59
|
+
- ATC behavior: priority 3 (informational)
|
|
60
|
+
|
|
61
|
+
Use Level B when no Level A equivalent exists. Whenever possible, **wrap Level B calls in a Level A ABAP Cloud wrapper** so the rest of the codebase stays clean.
|
|
62
|
+
|
|
63
|
+
### Level C — Internal SAP objects (risky, mitigate)
|
|
64
|
+
- Reading internal tables, calling non-released function modules or classes
|
|
65
|
+
- The *default* state of any SAP object not explicitly released — internal until proven otherwise
|
|
66
|
+
- ATC behavior: priority 2 (warning)
|
|
67
|
+
- Reclassification risk: SAP can move internal objects to `classic` (better) or `noAPI` (worse) at any release
|
|
68
|
+
|
|
69
|
+
When unavoidable, mitigate by:
|
|
70
|
+
- Enabling **Changelog for SAP Objects** in ATC, which proactively detects upcoming incompatible changes
|
|
71
|
+
- Encapsulating the access in a small, well-named wrapper class
|
|
72
|
+
- Tracking it in the team's technical-debt log with a planned refactor window
|
|
73
|
+
|
|
74
|
+
### Level D — Modifications & noAPI (eliminate)
|
|
75
|
+
- Modifications to SAP standard code (changes via modification key)
|
|
76
|
+
- Direct write access to SAP core tables (UPDATE/INSERT/MODIFY on `MARA`, `VBAK`, `BSEG`, etc.)
|
|
77
|
+
- Implicit enhancements that intercept SAP method behavior
|
|
78
|
+
- Objects flagged as `noAPI` in the Cloudification Repository
|
|
79
|
+
- ATC behavior: priority 1 (error)
|
|
80
|
+
|
|
81
|
+
**Level D is the top refactoring priority.** Treat any new Level D code in code review as something that needs explicit, time-bound justification.
|
|
82
|
+
|
|
83
|
+
For deep-dive on Cloudification Repository state values (`released`, `classic`, `internal`, `noAPI`, `internalAPI` with successor), released local vs remote APIs, reclassification dynamics, and per-anti-pattern remediation, see `references/levels-detailed.md`.
|
|
84
|
+
|
|
85
|
+
## Decision framework
|
|
86
|
+
|
|
87
|
+
Two layers: fit-to-standard first, then the SAP Application Extension Methodology if extension is justified.
|
|
88
|
+
|
|
89
|
+
### Fit-to-standard ordering
|
|
90
|
+
|
|
91
|
+
Before deciding *how* to extend, decide whether to extend *at all*:
|
|
92
|
+
|
|
93
|
+
1. **SAP standard** — does the standard cover it?
|
|
94
|
+
2. **Certified add-on** — does an SAP-validated partner solution cover it? Look for "SAP-certified for clean core" designation.
|
|
95
|
+
3. **Configuration** — can configuration achieve it (SPRO, business configuration)?
|
|
96
|
+
4. **Custom extension** — only when 1–3 don't cover it and the requirement is genuinely differentiating.
|
|
97
|
+
|
|
98
|
+
Many "we need an extension" conversations should pause here. Building custom code for something the standard already does is the most common form of unnecessary technical debt.
|
|
99
|
+
|
|
100
|
+
### SAP Application Extension Methodology (3 phases)
|
|
101
|
+
|
|
102
|
+
Once an extension is justified, the official methodology structures the technology choice:
|
|
103
|
+
|
|
104
|
+
- **Phase 1 — Assess Use Case.** What's the business need, what SAP data and processes does it touch, is transactional consistency required, what's the data volume, who consumes the output?
|
|
105
|
+
- **Phase 2 — Assess Technology.** Map the use case to extension styles (on-stack / side-by-side / hybrid), tasks (UI, business logic, integration), and the available technologies for each, with their clean core levels.
|
|
106
|
+
- **Phase 3 — Define Target Solution.** Pick the highest-Level combination that satisfies the use case. Document why anything below Level A was chosen.
|
|
107
|
+
|
|
108
|
+
### "BTP first"
|
|
109
|
+
|
|
110
|
+
Default to **side-by-side**. Choose on-stack only when one of these is true:
|
|
111
|
+
- Transactional consistency with SAP core data is required (writing custom + standard tables in one LUW)
|
|
112
|
+
- High-volume reads with complex joins on SAP standard tables
|
|
113
|
+
- Frequent reads/writes to SAP standard data (latency would dominate)
|
|
114
|
+
- Extension of core SAP UI / data model / business object behavior with tight coupling
|
|
115
|
+
|
|
116
|
+
If neither applies clearly, side-by-side is the right answer. If both apply, you have a hybrid candidate (on-stack ABAP service exposing a released remote API, consumed by a side-by-side BTP UI/orchestration layer).
|
|
117
|
+
|
|
118
|
+
For the full decision matrix, on-stack vs side-by-side criteria, hybrid deployment patterns, and worked scenarios, see `references/decision-framework.md`.
|
|
119
|
+
|
|
120
|
+
## Code-level guidance
|
|
121
|
+
|
|
122
|
+
### When writing new ABAP
|
|
123
|
+
|
|
124
|
+
Default to ABAP Cloud syntax and patterns:
|
|
125
|
+
|
|
126
|
+
- Use **CDS views** for data modeling, never raw `SELECT` chains on SAP standard tables
|
|
127
|
+
- Use the **ABAP RESTful Application Programming Model (RAP)** for stateful business services — behaviors, validations, determinations
|
|
128
|
+
- Use **released business object interfaces** rather than directly writing to SAP standard tables
|
|
129
|
+
- Use modern ABAP language (7.40+): inline declarations, constructor expressions (`NEW`, `VALUE`, `FOR`, `REDUCE`)
|
|
130
|
+
- For UI, use **SAP Fiori / SAPUI5**, not SE38 reports
|
|
131
|
+
- For custom fields on SAP entities, prefer the **Custom Fields app** (key user extensibility) over ABAP-level append structures
|
|
132
|
+
- **Avoid** Dynpro, Web Dynpro, classic ALV reports — they are not cloud-ready
|
|
133
|
+
|
|
134
|
+
ABAP Cloud is enforced at the compiler level — code that violates the rules doesn't compile. There's no escape hatch. For the explicit allowed/forbidden lists, prebuilt services available without extra license (logging, change docs, number ranges, jobs, currency, UOM, factory calendar, XLSX), and core building blocks (RAP, CDS, business object interfaces, Custom Fields), see `references/abap-cloud-rules.md`.
|
|
135
|
+
|
|
136
|
+
### When reviewing existing ABAP
|
|
137
|
+
|
|
138
|
+
Flag clearly with the level. Tone: descriptive, not judgmental.
|
|
139
|
+
|
|
140
|
+
**Likely Level D — flag as error:**
|
|
141
|
+
- Direct `UPDATE` / `INSERT` / `MODIFY` on SAP standard tables
|
|
142
|
+
- Modifications (changes via modification key)
|
|
143
|
+
- Implicit enhancements (`ENHANCEMENT-POINT ... INCLUDE BOUND` patterns)
|
|
144
|
+
- Field-symbol tricks reaching into SAP internal structures
|
|
145
|
+
- Hardcoded references to `noAPI` objects from the Cloudification Repository
|
|
146
|
+
|
|
147
|
+
**Likely Level C — flag as warning:**
|
|
148
|
+
- `SELECT` from SAP standard tables that have a released CDS view equivalent
|
|
149
|
+
- `CALL FUNCTION` to internal (non-released) function modules
|
|
150
|
+
- `TYPE REF TO` to SAP internal classes
|
|
151
|
+
- Use of internal types from non-released DDIC structures
|
|
152
|
+
|
|
153
|
+
**Likely Level B — flag as informational:**
|
|
154
|
+
- BAPI calls from new code (suggest: wrap them in a Level A class)
|
|
155
|
+
- Classic ALV usage (acceptable for legacy reports, not for new development)
|
|
156
|
+
- Web Dynpro (legacy acceptable, no new development)
|
|
157
|
+
|
|
158
|
+
### Concrete refactoring patterns
|
|
159
|
+
|
|
160
|
+
**Pattern 1 — Wrap a classic API to expose Level A surface:**
|
|
161
|
+
|
|
162
|
+
```abap
|
|
163
|
+
" Anti-pattern: BAPI called directly from cloud-namespace code
|
|
164
|
+
CALL FUNCTION 'BAPI_PO_CREATE1'
|
|
165
|
+
EXPORTING
|
|
166
|
+
poheader = ls_header
|
|
167
|
+
TABLES
|
|
168
|
+
poitem = lt_items
|
|
169
|
+
return = lt_return.
|
|
170
|
+
|
|
171
|
+
" Better: wrap in a released-style local API
|
|
172
|
+
CLASS zcl_po_service DEFINITION PUBLIC FINAL CREATE PUBLIC.
|
|
173
|
+
PUBLIC SECTION.
|
|
174
|
+
INTERFACES zif_po_service.
|
|
175
|
+
ENDCLASS.
|
|
176
|
+
|
|
177
|
+
CLASS zcl_po_service IMPLEMENTATION.
|
|
178
|
+
METHOD zif_po_service~create.
|
|
179
|
+
" BAPI call lives here, isolated.
|
|
180
|
+
" Callers consume only the released interface — Level A from their perspective.
|
|
181
|
+
ENDMETHOD.
|
|
182
|
+
ENDCLASS.
|
|
183
|
+
```
|
|
184
|
+
|
|
185
|
+
The dependency on the BAPI (Level B) is now localized. Consumers stay at Level A. When a successor RAP-based equivalent appears, you change one file.
|
|
186
|
+
|
|
187
|
+
**Pattern 2 — Replace internal table read with released CDS view:**
|
|
188
|
+
|
|
189
|
+
```abap
|
|
190
|
+
" Anti-pattern: direct SELECT on internal SAP table
|
|
191
|
+
SELECT matnr, mtart, ersda
|
|
192
|
+
FROM mara
|
|
193
|
+
INTO TABLE @DATA(lt_materials)
|
|
194
|
+
WHERE mtart = 'FERT'.
|
|
195
|
+
|
|
196
|
+
" Better: use released CDS view (lookup in Business Accelerator Hub)
|
|
197
|
+
SELECT material, materialtype, creationdate
|
|
198
|
+
FROM i_product
|
|
199
|
+
INTO TABLE @DATA(lt_materials)
|
|
200
|
+
WHERE materialtype = 'FERT'.
|
|
201
|
+
```
|
|
202
|
+
|
|
203
|
+
The released view (`I_*` namespace pattern is common) carries SAP's stability contract. Field renames during upgrades become SAP's problem, not yours.
|
|
204
|
+
|
|
205
|
+
**Pattern 3 — Replace modification with extension point:**
|
|
206
|
+
|
|
207
|
+
When you find a modification of SAP standard:
|
|
208
|
+
1. Identify the business behavior it changes
|
|
209
|
+
2. Search for a **released BAdI**, **enhancement point**, or **business object interface** that exposes the same hook
|
|
210
|
+
3. Reimplement the logic via that extension point
|
|
211
|
+
4. If no released hook exists, file a SAP Customer Influence request, and as a bridge use a Level B classic user exit if available — never leave it as a Level D modification
|
|
212
|
+
|
|
213
|
+
## "I know this is Level D, just need to ship"
|
|
214
|
+
|
|
215
|
+
Respect the constraint. Deliver the working code. But:
|
|
216
|
+
|
|
217
|
+
- State the level explicitly in your response
|
|
218
|
+
- Note what stops working: "this will need to be revisited at the next upgrade because direct writes to `VBAK` are not upgrade-safe"
|
|
219
|
+
- Sketch the Level A refactor in a few lines so it's captured for later
|
|
220
|
+
- Don't refuse, don't moralize, don't repeat the lecture
|
|
221
|
+
|
|
222
|
+
The user is the engineer of record. Your job is to make the trade-off visible, not to override it.
|
|
223
|
+
|
|
224
|
+
## Measurement: how to know if we're winning
|
|
225
|
+
|
|
226
|
+
Four KPIs make clean core progress quantifiable. Reach for these when the user asks "how is the system doing?" or wants to set targets.
|
|
227
|
+
|
|
228
|
+
- **Clean Core Share** — percentage distribution of custom objects across Levels A/B/C/D. The shape of the distribution is more informative than any single number.
|
|
229
|
+
- **Technical Debt Score** — weighted ATC-finding total: errors × 10 + warnings × 5 + info × 1. Use to prioritize which packages to clean up next.
|
|
230
|
+
- **Unused Code Share** — percentage of custom objects with zero runtime calls (per ABAP Call Monitor / SCMON / SUSG). Cheapest cleanup target — no business risk to deletion.
|
|
231
|
+
- **Business Modifications Count** — entries in `SMODILOG`. Direct count of Level D modifications.
|
|
232
|
+
|
|
233
|
+
For calculation details, governance practices, and the exemption process, see `references/governance.md`.
|
|
234
|
+
|
|
235
|
+
## Tooling
|
|
236
|
+
|
|
237
|
+
- **ABAP Test Cockpit (ATC)** with the **ABAP Cloud Readiness** variant — automated detection of Level B/C/D issues, integrated with transport release. Priority 1–2 findings block transport by default.
|
|
238
|
+
- **Cloudification Repository** — searchable catalog with state values: `released` (A), `classic` (B), `internal` (C, default), `noAPI` (D), and `internalAPI` (with successor — points you to the released replacement).
|
|
239
|
+
- **Changelog for SAP Objects** (ATC check) — proactively warns when a referenced internal object is scheduled for an incompatible change in an upcoming release.
|
|
240
|
+
- **SAP Business Accelerator Hub** — canonical source for released remote APIs (OData, REST, RFC, events) with documentation and code samples.
|
|
241
|
+
- **SAP Note 3578329** — framework/technology classification guide.
|
|
242
|
+
- **SAP Cloud ALM** — requirements management, traceability, governance for what extensions exist and why.
|
|
243
|
+
- **ABAP Development Tools (ADT in Eclipse)** — required for ABAP Cloud development; classic SE80 cannot drive cloud-compliant code.
|
|
244
|
+
- **Joule** — SAP AI copilot for code generation and classic-to-cloud migration assistance.
|
|
245
|
+
|
|
246
|
+
## Anti-patterns to surface immediately
|
|
247
|
+
|
|
248
|
+
When you see these in code under review, name the pattern and the level:
|
|
249
|
+
|
|
250
|
+
- "Quick" modifications "we'll fix later" — Level D, never gets fixed
|
|
251
|
+
- Copy-pasting SAP standard code into a Z-namespace ("forking the standard") — diverges over time, double maintenance burden
|
|
252
|
+
- Extending SAP tables by appending custom fields directly — use the Custom Fields framework instead
|
|
253
|
+
- New SE38 reports for fresh requirements — use Fiori + RAP
|
|
254
|
+
- Implicit enhancements intercepting SAP method behavior — Level D, brittle, not allowed in ABAP Cloud at all
|
|
255
|
+
- Direct DB updates "because we know it's safe" — never safe across upgrades
|
|
256
|
+
- BAPI calls scattered through new code without wrappers — pins the codebase to Level B forever
|
|
257
|
+
- ABAP-level append structures for what could be a Custom Fields app — over-engineering, transfers ownership to dev team unnecessarily
|
|
258
|
+
|
|
259
|
+
## What this skill does NOT do
|
|
260
|
+
|
|
261
|
+
- It does not refuse work on classic ABAP. Many real systems run on it; people need help. Provide the help, mark the level honestly.
|
|
262
|
+
- It does not require the user to refactor everything immediately. The realistic playbook is: stop adding Level D, eliminate existing Level D first, then chip away at C and B over years.
|
|
263
|
+
- It does not assume the user is on S/4HANA Public Cloud. Most guidance applies to Private Cloud and on-premise too; only call out edition-specific differences when they matter (e.g., on-premise still allows classic ABAP technically, but ABAP Cloud is the recommended path everywhere).
|
|
264
|
+
|
|
265
|
+
## Quick reference card
|
|
266
|
+
|
|
267
|
+
| Symptom in code | Likely level | First-line fix |
|
|
268
|
+
|---|---|---|
|
|
269
|
+
| `MODIFY mara FROM ...` | D | Use Custom Fields framework or business object interface |
|
|
270
|
+
| `CALL FUNCTION 'BAPI_*'` in new code | B | Wrap in Level A class |
|
|
271
|
+
| `SELECT ... FROM <SAP standard table>` | C (often) | Find released CDS view in Business Accelerator Hub |
|
|
272
|
+
| `ENHANCEMENT-POINT ... INCLUDE BOUND` (implicit) | D | Use released BAdI / extension point |
|
|
273
|
+
| Modification key dialog appears | D | Stop; find an extension point |
|
|
274
|
+
| New SE38 report | B (classic) | Use Fiori + RAP |
|
|
275
|
+
| New Web Dynpro | B (classic) | Use SAPUI5 / Fiori Elements |
|
|
276
|
+
| `TYPE REF TO CL_<internal>` | C | Find released class or use released business object |
|
|
277
|
+
| Custom Z-table written from custom code | A | Fine — your own namespace |
|
|
278
|
+
| Custom field on SAP entity via append structure | D (often) | Use Custom Fields app (key user extensibility) |
|
|
279
|
+
|
|
280
|
+
## When to load reference files
|
|
281
|
+
|
|
282
|
+
- Object level uncertainty, Cloudification Repository state values, released local vs remote APIs, reclassification → `references/levels-detailed.md`
|
|
283
|
+
- Architecture decisions, on-stack vs side-by-side, hybrid patterns, SAP Application Extension Methodology in detail, worked scenarios → `references/decision-framework.md`
|
|
284
|
+
- Stay Clean / Get Clean playbook, KPI calculations, ATC exemption process, key user vs developer extensibility, maturity assessment → `references/governance.md`
|
|
285
|
+
- ABAP Cloud allowed/forbidden lists, compiler enforcement, RAP / CDS / business object interfaces / Custom Fields, prebuilt services, classic-to-cloud migration → `references/abap-cloud-rules.md`
|
|
@@ -0,0 +1,172 @@
|
|
|
1
|
+
# ABAP Cloud Rules & Building Blocks
|
|
2
|
+
|
|
3
|
+
This file expands on what's allowed and not allowed in ABAP Cloud, and covers the core building blocks (RAP, CDS, business object interfaces, custom fields, prebuilt services). Load it when:
|
|
4
|
+
- The user is writing new ABAP and needs to know what's permitted
|
|
5
|
+
- A code review needs to check ABAP Cloud compliance specifically
|
|
6
|
+
- The user is asking about RAP, CDS, business object interfaces, or custom fields
|
|
7
|
+
- The conversation involves migrating classic ABAP to ABAP Cloud
|
|
8
|
+
|
|
9
|
+
## Why ABAP Cloud is the new default
|
|
10
|
+
|
|
11
|
+
ABAP Cloud isn't just "ABAP with new syntax." It's a different language version with **enforced cloud-readiness and clean core compliance built into the compiler**. Code that violates the rules doesn't compile — there's no way to bypass the checks short of leaving ABAP Cloud entirely.
|
|
12
|
+
|
|
13
|
+
This is intentional. In classic ABAP, clean core was advisory; you could write Level D code and the system happily ran it. In ABAP Cloud, the language itself prevents most Level D anti-patterns at compile time. That's the point.
|
|
14
|
+
|
|
15
|
+
For SAP S/4HANA Cloud Private Edition, ABAP Cloud is **mandatory** for new on-stack development. For on-premise S/4HANA, classic ABAP still runs, but ABAP Cloud is the recommended path for everything new.
|
|
16
|
+
|
|
17
|
+
## What's allowed in ABAP Cloud
|
|
18
|
+
|
|
19
|
+
### Released local APIs
|
|
20
|
+
- **Released CDS views** — read access to SAP business data with stable field names and semantics
|
|
21
|
+
- **Business object interfaces** — programmatic create/read/update/delete on SAP entities, with validations and authorizations enforced by SAP standard
|
|
22
|
+
- **Released BAdIs and extension points** — documented hooks for plugging custom logic into standard processes
|
|
23
|
+
- **Released ABAP classes and interfaces** — the catalog of released `CL_*`/`IF_*` artifacts
|
|
24
|
+
|
|
25
|
+
### Modeling and services
|
|
26
|
+
- **CDS** — for data models (`@AbapCatalog.sqlViewName`, projections, annotations, calculated fields)
|
|
27
|
+
- **RAP — ABAP RESTful Application Programming Model** — for services and business behaviors
|
|
28
|
+
- **Web services and OData** — exposing services for remote consumption
|
|
29
|
+
- **Event-based integration** via released events (raise, consume)
|
|
30
|
+
|
|
31
|
+
### Prebuilt services (no extra license, no setup)
|
|
32
|
+
- **Application logging** (BAL successor in cloud-friendly form)
|
|
33
|
+
- **Change documents**
|
|
34
|
+
- **Number ranges**
|
|
35
|
+
- **Background jobs and scheduling**
|
|
36
|
+
- **Factory calendar** (working days, holidays)
|
|
37
|
+
- **Currency conversion** (`CL_ABAP_CURRENCY_CONV` and friends)
|
|
38
|
+
- **Unit of measure conversion**
|
|
39
|
+
- **XLSX processing** (read/write Excel files)
|
|
40
|
+
- **Printing**
|
|
41
|
+
- **Translations / internationalization** (i18n primitives)
|
|
42
|
+
|
|
43
|
+
These exist precisely so that custom code doesn't reach into internal SAP services for these common needs.
|
|
44
|
+
|
|
45
|
+
### Custom data
|
|
46
|
+
- **Read/write access to your own custom tables** in your Z-namespace
|
|
47
|
+
- **Custom CDS views** built on top of released views or your own tables
|
|
48
|
+
- **Custom RAP services** exposing your own business objects
|
|
49
|
+
|
|
50
|
+
### Modern ABAP language
|
|
51
|
+
- Inline declarations (`DATA(...)`)
|
|
52
|
+
- Constructor expressions (`NEW`, `VALUE`, `FOR`, `REDUCE`, `COND`, `SWITCH`)
|
|
53
|
+
- Type-safe Open SQL with strict mode
|
|
54
|
+
- Functional method calls and chaining
|
|
55
|
+
- ABAP Unit testing framework
|
|
56
|
+
|
|
57
|
+
## What's NOT allowed in ABAP Cloud
|
|
58
|
+
|
|
59
|
+
The compiler rejects all of these:
|
|
60
|
+
|
|
61
|
+
### Direct access to SAP standard
|
|
62
|
+
- **Direct write to SAP standard tables** — `UPDATE MARA`, `INSERT VBAK`, `MODIFY BSEG`, etc. Use the business object interface instead.
|
|
63
|
+
- **Read access to SAP-internal tables** without going through a released CDS view
|
|
64
|
+
- **Calls to SAP-internal function modules or classes** — anything not in the released catalog
|
|
65
|
+
- **Any reference to a `noAPI` object** from the Cloudification Repository
|
|
66
|
+
|
|
67
|
+
### Non-cloud extension techniques
|
|
68
|
+
- **Modifications** to SAP standard objects via modification key
|
|
69
|
+
- **Implicit enhancements** (`ENHANCEMENT-POINT ... INCLUDE BOUND` patterns intercepting method behavior)
|
|
70
|
+
- **Field-symbol tricks** that reach into SAP-internal structures
|
|
71
|
+
- **Code copy-paste from SAP standard** with subsequent modification
|
|
72
|
+
|
|
73
|
+
### Non-cloud-ready frameworks
|
|
74
|
+
- **Classic Dynpro** (SAP GUI screens) — not cloud-ready, not allowed for new code
|
|
75
|
+
- **Web Dynpro ABAP** — superseded by SAPUI5 / Fiori Elements
|
|
76
|
+
- **Classic ALV grid** with internal class references — `CL_GUI_ALV_GRID` and friends
|
|
77
|
+
- **SE38 reports** — use Fiori + RAP for new development
|
|
78
|
+
|
|
79
|
+
### Untyped Open SQL
|
|
80
|
+
- **Native SQL** without type safety
|
|
81
|
+
- **Dynamic SQL** that bypasses the type system
|
|
82
|
+
|
|
83
|
+
## Compiler enforcement is structural
|
|
84
|
+
|
|
85
|
+
The above list isn't a code review checklist — it's a compile-time check. ABAP Cloud sources are compiled in a stricter mode that fails on these patterns. There's no `#pragma` to disable the checks, no escape hatch.
|
|
86
|
+
|
|
87
|
+
This has two consequences:
|
|
88
|
+
- **You can't accidentally violate the rules.** Code that compiles is, by construction, free of these specific anti-patterns.
|
|
89
|
+
- **Migration from classic ABAP requires real work.** A classic ABAP report that uses `SELECT * FROM MARA` won't compile as ABAP Cloud — it needs to be rewritten against released CDS views.
|
|
90
|
+
|
|
91
|
+
For migration assistance, **Joule** (the SAP AI copilot) provides classic-ABAP-to-ABAP-Cloud transformation suggestions; the SAP-recommended migration path uses it as the starting point.
|
|
92
|
+
|
|
93
|
+
## Core building blocks
|
|
94
|
+
|
|
95
|
+
### CDS views
|
|
96
|
+
|
|
97
|
+
CDS (Core Data Services) is the modeling language for data and services. A CDS view defines:
|
|
98
|
+
- A logical data model (entities, fields, relationships)
|
|
99
|
+
- Annotations that enrich the model (UI hints, authorization, semantics)
|
|
100
|
+
- Optionally, projection logic over base entities
|
|
101
|
+
|
|
102
|
+
```abap
|
|
103
|
+
@AccessControl.authorizationCheck: #CHECK
|
|
104
|
+
@EndUserText.label: 'Active products only'
|
|
105
|
+
define view entity ZI_ProductActive
|
|
106
|
+
as select from I_Product
|
|
107
|
+
{
|
|
108
|
+
key Product,
|
|
109
|
+
ProductType,
|
|
110
|
+
CreationDate,
|
|
111
|
+
LastChangeDate
|
|
112
|
+
}
|
|
113
|
+
where ProductIsArchived = ' ';
|
|
114
|
+
```
|
|
115
|
+
|
|
116
|
+
The view consumes released entity `I_Product` (Level A) and exposes a filtered projection. No direct table access; SAP's stability contract on `I_Product` carries through.
|
|
117
|
+
|
|
118
|
+
### RAP — RESTful Application Programming Model
|
|
119
|
+
|
|
120
|
+
RAP is the framework for stateful business services. A RAP business object has three layers:
|
|
121
|
+
|
|
122
|
+
- **Data model** (CDS views, including projection layer for the API surface)
|
|
123
|
+
- **Behavior definition** (which actions, validations, determinations apply)
|
|
124
|
+
- **Behavior implementation** (the ABAP classes implementing the behavior)
|
|
125
|
+
|
|
126
|
+
RAP enforces strict logical-unit-of-work control: the framework manages transaction boundaries, no manual `COMMIT WORK` scattered through the code. Services are stateless from the caller's perspective; state lives in the LUW.
|
|
127
|
+
|
|
128
|
+
When the user is building a new on-stack business service, RAP is the answer.
|
|
129
|
+
|
|
130
|
+
### Business object interfaces
|
|
131
|
+
|
|
132
|
+
For consuming SAP business objects (Sales Order, Purchase Order, Material Master, Customer, etc.) programmatically, the released business object interface is the entry point. It's the Level A replacement for direct table writes and BAPI calls.
|
|
133
|
+
|
|
134
|
+
The pattern: import the released interface, call its methods. Validations, authorizations, change documents, and integration events are all triggered by the interface — no manual implementation needed.
|
|
135
|
+
|
|
136
|
+
### Custom Fields framework
|
|
137
|
+
|
|
138
|
+
For adding fields to standard SAP entities (customer, material, sales order, etc.), the Custom Fields app is the Level A path:
|
|
139
|
+
- Business user adds the field through a low-code UI
|
|
140
|
+
- Field is automatically available in standard UIs, reports, OData services, and integration scenarios
|
|
141
|
+
- Lifecycle is managed by SAP — upgrades preserve the field
|
|
142
|
+
|
|
143
|
+
Reach for ABAP only when the field needs business logic that the framework doesn't cover (uncommon).
|
|
144
|
+
|
|
145
|
+
## Migration from classic ABAP
|
|
146
|
+
|
|
147
|
+
Migration is rarely a mechanical translation. Common patterns:
|
|
148
|
+
|
|
149
|
+
- **`SELECT FROM <SAP table>` → released CDS view** — find the released equivalent in Business Accelerator Hub
|
|
150
|
+
- **`CALL FUNCTION 'BAPI_*'` → business object interface** — most BAPIs have a successor in the BO interface catalog
|
|
151
|
+
- **Modification → released BAdI / extension point** — find the documented hook
|
|
152
|
+
- **SE38 report → Fiori Elements analytical / list-report app** — RAP service + Fiori Elements UI
|
|
153
|
+
- **Web Dynpro screen → SAPUI5 / Fiori Elements** — typically a re-architecture, not a port
|
|
154
|
+
|
|
155
|
+
The realistic plan is incremental. A single classic report doesn't migrate in an afternoon — but each piece touched during normal development can move one step toward Level A.
|
|
156
|
+
|
|
157
|
+
## Quick allowed/forbidden table
|
|
158
|
+
|
|
159
|
+
| Pattern | ABAP Cloud verdict | Replacement |
|
|
160
|
+
|---|---|---|
|
|
161
|
+
| `SELECT * FROM MARA` | Forbidden | `SELECT FROM I_Product` |
|
|
162
|
+
| `UPDATE VBAK SET ...` | Forbidden | Sales Order business object interface |
|
|
163
|
+
| `CALL FUNCTION 'BAPI_PO_CREATE1'` | Forbidden directly; allowed via wrapper from classic | Purchase Order business object interface |
|
|
164
|
+
| `CL_GUI_ALV_GRID` | Forbidden | Fiori Elements list-report |
|
|
165
|
+
| `ENHANCEMENT-POINT ... INCLUDE BOUND` | Forbidden | Released BAdI |
|
|
166
|
+
| Modification with key | Forbidden | Extension point or BAdI |
|
|
167
|
+
| `SELECT FROM Z_MY_TABLE` | Allowed | — |
|
|
168
|
+
| `SELECT FROM I_Product` | Allowed | — |
|
|
169
|
+
| Inline `DATA(lt_x) = ...` | Allowed | — |
|
|
170
|
+
| `NEW` / `VALUE` / `FOR` constructor expressions | Allowed | — |
|
|
171
|
+
| Native SQL via `EXEC SQL` | Forbidden | Use type-safe Open SQL or CDS |
|
|
172
|
+
| `CALL FUNCTION 'Z_*'` (custom RFC) | Allowed | — |
|