snow-flow 10.0.196 → 10.0.198

package/package.json

@@ -1,12 +1,13 @@
 {
   "$schema": "https://json.schemastore.org/package.json",
-  "version": "10.0.196",
+  "version": "10.0.198",
   "name": "snow-flow",
   "description": "Snow-Flow - ServiceNow Multi-Agent Development Framework powered by AI",
   "license": "Elastic-2.0",
   "private": false,
   "scripts": {
     "typecheck": "tsgo --noEmit",
+    "typecheck:servicenow": "tsgo --project tsconfig.servicenow.json --noEmit",
     "test": "bun test",
     "build": "bun run script/build.ts",
     "dev": "bun run --conditions=browser ./src/index.ts",

package/src/cli/cmd/tui/component/dialog-auth.tsx

@@ -1105,31 +1105,35 @@ function DialogAuthEnterprise() {
           }),
         })
 
-        if (response.ok) {
-          data = await response.json()
-          break
+        const responseData = await response.json().catch(() => ({}))
+
+        // 202 = pending approval, or explicit pending status
+        const isPending = response.status === 202 || responseData.status === "pending" || responseData.error === "pending"
+        if (isPending && attempt < maxAttempts) {
+          toast.show({ variant: "info", message: `Waiting for browser approval... (${attempt}/${maxAttempts})`, duration: 2000 })
+          await new Promise(r => setTimeout(r, 2000))
+          continue
         }
 
-        const err = await response.json().catch(() => ({}))
+        if (response.ok && !isPending) {
+          data = responseData
+          break
+        }
 
         // Billing redirect — not retryable
-        if (err.billingUrl) {
-          toast.show({ variant: "error", message: err.message || err.error || "Subscription required", duration: 8000 })
+        if (responseData.billingUrl) {
+          toast.show({ variant: "error", message: responseData.message || responseData.error || "Subscription required", duration: 8000 })
           toast.show({ variant: "info", message: "Opening billing page...", duration: 4000 })
-          tryOpenBrowser(err.billingUrl)
+          tryOpenBrowser(responseData.billingUrl)
           setStep("code")
           return
         }
 
-        // Pending approval — retry with status message
-        const isPending = err.error === "pending" || err.error === "Session not yet approved" || err.status === "pending"
-        if (isPending && attempt < maxAttempts) {
-          toast.show({ variant: "info", message: `Waiting for browser approval... (${attempt}/${maxAttempts})`, duration: 2000 })
-          await new Promise(r => setTimeout(r, 2000))
-          continue
+        if (isPending) {
+          throw new Error("Verification timed out — please approve in your browser and try again")
         }
 
-        throw new Error(err.error || "Verification failed")
+        throw new Error(responseData.error || "Verification failed")
       }
 
       if (!data) {

package/src/servicenow/servicenow-mcp-unified/tools/automation/snow_execute_script.ts

@@ -8,15 +8,15 @@
  * ES5 only! ServiceNow runs on Rhino engine.
  */
 
-import { MCPToolDefinition, ServiceNowContext, ToolResult } from "../../shared/types.js"
+import type { MCPToolDefinition, ServiceNowContext, ToolResult } from "../../shared/types.js"
 import { getAuthenticatedClient } from "../../shared/auth.js"
 import { createSuccessResult, createErrorResult, SnowFlowError, ErrorType } from "../../shared/error-handler.js"
-import crypto from "crypto"
+import { randomBytes } from "crypto"
 
 const ENDPOINT_SERVICE_ID = "snow_flow_exec"
 const ENDPOINT_PATH = "/execute"
 
-const deployed = new Map<string, boolean>()
+const endpointCache = new Map<string, { namespace: string }>()
 
 const OPERATION_SCRIPT = `(function process(request, response) {
   var body = request.body.data;
@@ -213,53 +213,85 @@ export async function execute(args: Record<string, unknown>, context: ServiceNow
   }
 }
 
+function getEndpointUrl(context: ServiceNowContext): string {
+  const cached = endpointCache.get(context.instanceUrl)
+  if (cached) return `/api/${cached.namespace}/${ENDPOINT_SERVICE_ID}${ENDPOINT_PATH}`
+  return `/api/${ENDPOINT_SERVICE_ID}${ENDPOINT_PATH}`
+}
+
 async function ensureEndpoint(context: ServiceNowContext): Promise<boolean> {
-  if (deployed.get(context.instanceUrl)) return true
+  if (endpointCache.has(context.instanceUrl)) return true
 
   const client = await getAuthenticatedClient(context)
 
   const check = await client.get("/api/now/table/sys_ws_definition", {
     params: {
       sysparm_query: `service_id=${ENDPOINT_SERVICE_ID}`,
-      sysparm_fields: "sys_id",
+      sysparm_fields: "sys_id,namespace,base_uri",
       sysparm_limit: 1,
     },
   })
 
   const existing = check.data?.result?.[0]
-  if (!existing) {
-    const svc = await client.post("/api/now/table/sys_ws_definition", {
-      name: "Snow-Flow Script Executor",
-      service_id: ENDPOINT_SERVICE_ID,
-      short_description: "Synchronous script execution endpoint for Snow-Flow",
-      active: true,
-    })
+  const svcId =
+    existing?.sys_id ||
+    (await (async () => {
+      const svc = await client.post("/api/now/table/sys_ws_definition", {
+        name: "Snow-Flow Script Executor",
+        service_id: ENDPOINT_SERVICE_ID,
+        short_description: "Synchronous script execution endpoint for Snow-Flow",
+        active: true,
+      })
 
-    const svcId = svc.data?.result?.sys_id
-    if (!svcId) return false
+      const id = svc.data?.result?.sys_id
+      if (!id) return null
 
-    const res = await client.post("/api/now/table/sys_ws_operation", {
-      name: "Execute Script",
-      web_service_definition: svcId,
-      http_method: "POST",
-      relative_path: ENDPOINT_PATH,
-      operation_script: OPERATION_SCRIPT,
-      active: true,
-    })
+      await client.post("/api/now/table/sys_ws_operation", {
+        name: "Execute Script",
+        web_service_definition: id,
+        http_method: "POST",
+        relative_path: ENDPOINT_PATH,
+        operation_script: OPERATION_SCRIPT,
+        active: true,
+      })
+
+      return id
+    })())
+
+  if (!svcId) return false
 
-    if (!res.data?.result?.sys_id) return false
+  const svcRecord =
+    existing ||
+    (
+      await client
+        .get("/api/now/table/sys_ws_definition/" + svcId, {
+          params: { sysparm_fields: "namespace,base_uri" },
+        })
+        .catch(() => null)
+    )?.data?.result
+
+  const ns = svcRecord?.namespace || ""
+
+  const candidates = ns
+    ? [`/api/${ns}/${ENDPOINT_SERVICE_ID}${ENDPOINT_PATH}`, `/api/${ENDPOINT_SERVICE_ID}${ENDPOINT_PATH}`]
+    : [`/api/${ENDPOINT_SERVICE_ID}${ENDPOINT_PATH}`]
+
+  for (const url of candidates) {
+    const ping = await client.post(url, { script: "'pong'", execution_id: "deploy_verify" }).catch(() => null)
+
+    if (ping?.data?.result?.success === true) {
+      const parts = url.replace(`/${ENDPOINT_SERVICE_ID}${ENDPOINT_PATH}`, "").replace("/api/", "")
+      endpointCache.set(context.instanceUrl, { namespace: parts || ENDPOINT_SERVICE_ID })
+      return true
+    }
   }
 
-  const ping = await client
-    .post(`/api/${ENDPOINT_SERVICE_ID}${ENDPOINT_PATH}`, {
-      script: "'pong'",
-      execution_id: "deploy_verify",
-    })
-    .catch(() => null)
+  if (ns) {
+    endpointCache.set(context.instanceUrl, { namespace: ns })
+    return true
+  }
 
-  const ok = ping?.data?.result?.success === true
-  if (ok) deployed.set(context.instanceUrl, true)
-  return ok
+  return false
 }
 
 async function executeViaSyncApi(
@@ -276,7 +308,7 @@ async function executeViaSyncApi(
   const client = await getAuthenticatedClient(context)
 
   const response = await client
-    .post(`/api/${ENDPOINT_SERVICE_ID}${ENDPOINT_PATH}`, {
+    .post(getEndpointUrl(context), {
       script: params.script,
       execution_id: params.executionId,
     })
@@ -346,7 +378,7 @@ async function executeViaScheduler(
   const escape = (str: string) =>
     str.replace(/\\/g, "\\\\").replace(/'/g, "\\'").replace(/\n/g, "\\n").replace(/\r/g, "\\r")
 
-  const executionId = `exec_${Date.now()}_${crypto.randomBytes(6).toString("hex")}`
+  const executionId = `exec_${Date.now()}_${randomBytes(6).toString("hex")}`
   const marker = `SNOW_FLOW_EXEC_${executionId}`
 
   const wrapped = `
@@ -561,7 +593,7 @@ async function executeScript(
   },
   context: ServiceNowContext,
 ): Promise<ToolResult> {
-  const executionId = `exec_${Date.now()}_${crypto.randomBytes(6).toString("hex")}`
+  const executionId = `exec_${Date.now()}_${randomBytes(6).toString("hex")}`
 
   const syncResult = await executeViaSyncApi({ ...params, executionId }, context)
   if (syncResult) return syncResult

package/src/servicenow/servicenow-mcp-unified/tools/index.ts

@@ -56,9 +56,6 @@ export * from "./lists/index.js"
 // Business Rules (2 tools)
 export * from "./business-rules/index.js"
 
-// Script Includes (1 tool)
-export * from "./script-includes/index.js"
-
 // REST API tools moved to Integration folder (see snow_rest_message_manage, snow_create_rest_message)
 
 // SLA (2 tools)
@@ -94,9 +91,6 @@ export * from "./journals/index.js"
 // Data Policies (2 tools)
 export * from "./data-policies/index.js"
 
-// UI Actions (1 tool)
-export * from "./ui-actions/index.js"
-
 // Workspace (10 tools)
 export * from "./workspace/index.js"
 
@@ -187,9 +181,6 @@ export * from "./project/index.js"
 // Performance Analytics (3 tools)
 export * from "./performance-analytics/index.js"
 
-// Predictive Intelligence (5 tools)
-export * from "./predictive-intelligence/index.js"
-
 // Service Portal (3 tools)
 export * from "./service-portal/index.js"
 
@@ -217,12 +208,6 @@ export * from "./notifications/index.js"
 // Mobile (3 tools)
 export * from "./mobile/index.js"
 
-// AI & ML (3 tools)
-export * from "./ai-ml/index.js"
-
-// Machine Learning - TensorFlow.js Neural Networks (9 tools)
-export * from "./machine-learning/index.js"
-
 // ATF (Automated Test Framework) (6 tools)
 export * from "./atf/index.js"
 
@@ -244,9 +229,6 @@ export * from "./integration/index.js"
 // Platform (8 tools)
 export * from "./platform/index.js"
 
-// Monitoring (1 tool)
-export * from "./monitoring/index.js"
-
 // Blast Radius (5 tools)
 export * from "./blast-radius/index.js"
 

package/src/servicenow/servicenow-mcp-unified/tools/platform/snow_create_ui_policy.ts

@@ -8,6 +8,7 @@
 import { MCPToolDefinition, ServiceNowContext, ToolResult } from "../../shared/types.js"
 import { getAuthenticatedClient } from "../../shared/auth.js"
 import { createSuccessResult, createErrorResult } from "../../shared/error-handler.js"
+import { linkUiPolicyReference, verifyUiPolicyLink } from "../ui-policies/link-ui-policy.js"
 
 /**
  * Extract sys_id from API response - handles both string and object formats
@@ -129,6 +130,7 @@ export async function execute(args: any, context: ServiceNowContext): Promise<To
 
     // Create UI Policy Actions
     const createdActions = []
+    const unlinkableActions: string[] = []
     for (const action of actions) {
       const actionData: any = {
         ui_policy: policySysId,
@@ -140,10 +142,20 @@ export async function execute(args: any, context: ServiceNowContext): Promise<To
       }
 
       const actionResponse = await client.post("/api/now/table/sys_ui_policy_action", actionData)
-      createdActions.push(actionResponse.data.result)
+      const actionResult = actionResponse.data.result
+      const actionSysId = extractSysId(actionResult.sys_id)
+
+      // Verify ui_policy link; if POST didn't set it, use fallback chain
+      const alreadyLinked = await verifyUiPolicyLink(client, actionSysId, policySysId)
+      if (!alreadyLinked) {
+        const linked = await linkUiPolicyReference(client, actionSysId, policySysId)
+        if (!linked) unlinkableActions.push(action.field_name)
+      }
+
+      createdActions.push(actionResult)
     }
 
-    return createSuccessResult({
+    const result: Record<string, any> = {
       created: true,
       ui_policy: {
         sys_id: policySysId,
@@ -161,7 +173,7 @@ export async function execute(args: any, context: ServiceNowContext): Promise<To
         mandatory: action.mandatory === "true",
         readonly: action.readonly === "true",
         cleared: action.cleared === "true",
-        ui_policy_reference: policySysId,
+        ui_policy_linked: !unlinkableActions.includes(action.field),
       })),
       total_actions: createdActions.length,
       best_practices: [
@@ -171,7 +183,16 @@ export async function execute(args: any, context: ServiceNowContext): Promise<To
         "Order matters when multiple policies affect same field",
         "Test with different user roles and data",
       ],
-    })
+    }
+
+    if (unlinkableActions.length > 0) {
+      result.warning =
+        "Some actions could not be linked to the UI policy: " +
+        unlinkableActions.join(", ") +
+        ". Link them manually in the ServiceNow UI."
+    }
+
+    return createSuccessResult(result)
   } catch (error: any) {
     return createErrorResult(error.message)
   }

package/src/servicenow/servicenow-mcp-unified/tools/security/snow_analyze_threat_intelligence.ts

@@ -1,6 +1,4 @@
 import { McpError, ErrorCode } from "@modelcontextprotocol/sdk/types.js"
-import type { ServiceNowClient } from "../../../../utils/servicenow-client.js"
-import type { MCPLogger } from "../../../shared/mcp-logger.js"
 import { MCPToolDefinition, ToolResult } from "../../shared/types.js"
 import { ServiceNowContext } from "../../shared/types.js"
 
@@ -66,8 +64,8 @@ export interface AnalyzeThreatIntelligenceArgs {
 
 export async function analyzeThreatIntelligence(
   args: AnalyzeThreatIntelligenceArgs,
-  client: ServiceNowClient,
-  logger: MCPLogger,
+  client: any,
+  logger: any,
 ) {
   try {
     const { ioc_value, ioc_type, threat_feed_sources = [], correlation_timeframe = "24_hours" } = args

package/src/servicenow/servicenow-mcp-unified/tools/security/snow_audit_trail_analysis.ts

@@ -1,6 +1,4 @@
 import { McpError, ErrorCode } from "@modelcontextprotocol/sdk/types.js"
-import type { ServiceNowClient } from "../../../../utils/servicenow-client.js"
-import type { MCPLogger } from "../../../shared/mcp-logger.js"
 import { MCPToolDefinition, ToolResult, ServiceNowContext } from "../../shared/types.js"
 
 export const toolDefinition: MCPToolDefinition = {
@@ -63,7 +61,7 @@ export interface AuditTrailAnalysisArgs {
   exportFormat?: "json" | "csv" | "pdf"
 }
 
-export async function auditTrailAnalysis(args: AuditTrailAnalysisArgs, client: ServiceNowClient, logger: MCPLogger) {
+export async function auditTrailAnalysis(args: AuditTrailAnalysisArgs, client: any, logger: any) {
   try {
     const timeframe = args.timeframe || "24h"
     let query = ""

package/src/servicenow/servicenow-mcp-unified/tools/security/snow_automate_threat_response.ts

@@ -1,6 +1,4 @@
 import { McpError, ErrorCode } from "@modelcontextprotocol/sdk/types.js"
-import type { ServiceNowClient } from "../../../../utils/servicenow-client.js"
-import type { MCPLogger } from "../../../shared/mcp-logger.js"
 import { MCPToolDefinition, ToolResult, ServiceNowContext } from "../../shared/types.js"
 
 export const toolDefinition: MCPToolDefinition = {
@@ -64,8 +62,8 @@ export interface AutomateThreatResponseArgs {
 
 export async function automateThreatResponse(
   args: AutomateThreatResponseArgs,
-  client: ServiceNowClient,
-  logger: MCPLogger,
+  client: any,
+  logger: any,
 ) {
   try {
     const { threat_id, response_level, automated_actions = false, notification_groups = [] } = args

package/src/servicenow/servicenow-mcp-unified/tools/security/snow_create_access_control.ts

@@ -1,6 +1,4 @@
 import { McpError, ErrorCode } from "@modelcontextprotocol/sdk/types.js"
-import type { ServiceNowClient } from "../../../../utils/servicenow-client.js"
-import type { MCPLogger } from "../../../shared/mcp-logger.js"
 import { MCPToolDefinition, ToolResult, ServiceNowContext } from "../../shared/types.js"
 
 export const toolDefinition: MCPToolDefinition = {
@@ -76,7 +74,7 @@ export interface CreateAccessControlArgs {
   active?: boolean
 }
 
-export async function createAccessControl(args: CreateAccessControlArgs, client: ServiceNowClient, logger: MCPLogger) {
+export async function createAccessControl(args: CreateAccessControlArgs, client: any, logger: any) {
   try {
     logger.info("Creating Access Control...")
 
@@ -118,7 +116,7 @@ export async function createAccessControl(args: CreateAccessControlArgs, client:
 
 async function getTableInfo(
   tableName: string,
-  client: ServiceNowClient,
+  client: any,
 ): Promise<{ name: string; label: string } | null> {
   try {
     const tableResponse = await client.searchRecords("sys_db_object", `name=${tableName}`, 1)

package/src/servicenow/servicenow-mcp-unified/tools/security/snow_create_audit_rule.ts

@@ -1,6 +1,4 @@
 import { McpError, ErrorCode } from "@modelcontextprotocol/sdk/types.js"
-import type { ServiceNowClient } from "../../../../utils/servicenow-client.js"
-import type { MCPLogger } from "../../../shared/mcp-logger.js"
 import { MCPToolDefinition, ToolResult, ServiceNowContext } from "../../shared/types.js"
 
 export const toolDefinition: MCPToolDefinition = {
@@ -79,7 +77,7 @@ export interface CreateAuditRuleArgs {
   active?: boolean
 }
 
-export async function createAuditRule(args: CreateAuditRuleArgs, client: ServiceNowClient, logger: MCPLogger) {
+export async function createAuditRule(args: CreateAuditRuleArgs, client: any, logger: any) {
   try {
     logger.info("Creating Audit Rule...")
 

package/src/servicenow/servicenow-mcp-unified/tools/ui-policies/link-ui-policy.ts

@@ -0,0 +1,84 @@
+/**
+ * Shared helper to link a sys_ui_policy_action record to its parent UI policy.
+ *
+ * ServiceNow's REST Table API POST silently ignores the "ui_policy" reference
+ * field on sys_ui_policy_action during creation. This module provides a
+ * cascading fallback (PATCH → PUT → GlideRecord) to set the reference after
+ * the record has been created.
+ */
+
+import type { AxiosInstance } from "axios"
+
+/**
+ * Verify that the ui_policy reference field is set on a sys_ui_policy_action record.
+ */
+export async function verifyUiPolicyLink(
+  client: AxiosInstance,
+  actionSysId: string,
+  expectedSysId: string,
+): Promise<boolean> {
+  try {
+    const res = await client.get(
+      "/api/now/table/sys_ui_policy_action/" + actionSysId + "?sysparm_fields=ui_policy",
+    )
+    const ref = res.data.result?.ui_policy
+    const val = typeof ref === "object" && ref !== null ? ref.value : ref
+    return !!val && val !== "" && val === expectedSysId
+  } catch {
+    return false
+  }
+}
+
+/**
+ * Attempt to link a sys_ui_policy_action record to its parent UI policy using
+ * a cascading fallback chain:
+ *   Tier 1 — PATCH (standard Table API update)
+ *   Tier 2 — PUT   (full record update)
+ *   Tier 3 — GlideRecord via Scripted REST endpoint (last resort)
+ *
+ * Returns true if the link was successfully set and verified.
+ */
+export async function linkUiPolicyReference(
+  client: AxiosInstance,
+  actionSysId: string,
+  uiPolicySysId: string,
+): Promise<boolean> {
+  const url = "/api/now/table/sys_ui_policy_action/" + actionSysId
+  const body = { ui_policy: uiPolicySysId }
+
+  // Tier 1: PATCH
+  try {
+    await client.patch(url, body)
+    if (await verifyUiPolicyLink(client, actionSysId, uiPolicySysId)) return true
+  } catch {
+    // fall through
+  }
+
+  // Tier 2: PUT
+  try {
+    await client.put(url, body)
+    if (await verifyUiPolicyLink(client, actionSysId, uiPolicySysId)) return true
+  } catch {
+    // fall through
+  }
+
+  // Tier 3: GlideRecord via Scripted REST endpoint
+  try {
+    const script =
+      "var gr = new GlideRecord('sys_ui_policy_action');\n" +
+      "gr.get('" + actionSysId + "');\n" +
+      "gr.setValue('ui_policy', '" + uiPolicySysId + "');\n" +
+      "gr.update();\n" +
+      "gs.print(gr.getValue('ui_policy'));"
+
+    await client.post("/api/snow_flow_exec/execute", {
+      script,
+      execution_id: "link_ui_policy_" + actionSysId,
+    })
+    if (await verifyUiPolicyLink(client, actionSysId, uiPolicySysId)) return true
+  } catch {
+    // all tiers exhausted
+  }
+
+  return false
+}