feat(checkin): checkin via batch lock session — E08

Push local abapGit/gCTS files back into SAP. Counterpart to `adt checkout`
/ `adt import package` (which read SAP → disk). Format-agnostic via the
E05 FormatPlugin registry: CheckinService calls loadFormatPlugin(id),
same code path for abapgit and gcts.

## @abapify/adt-locks — BatchLockSession

New primitive: acquires N locks sequentially, on failure releases the
ones already acquired in reverse order. release() is idempotent so
`try { begin(); … } finally { release(); }` is always safe. SAP has no
transactional multi-object save, so this is best-effort rollback; single
-use session.

API:
  createBatchLockSession(lockService, targets, { rollbackOnError? }):
    BatchLockSession { begin(), release(), handles(), active }

## @abapify/adt-cli — CheckinService

Services:
  - diff.ts      file-tree vs remote → {create, update, unchanged, skip}
  - plan.ts      tier classification DEVC → DDIC → app → CDS → other,
                 uses getMainType() from @abapify/adk for subtype resolution
  - apply.ts     pre-flight batch lock → ADK save({mode:'update'}) per tier
  - filetree.ts  FsFileTree (avoids adt-export dep cycle)
  - service.ts   orchestrator exported from adt-cli public API

CLI:  adt checkin <directory> [--format abapgit|gcts] [--transport TR] [--dry-run]
MCP:  checkin tool (parity)

## gcts vs abapgit

FormatPlugin dispatch is transparent — both --format abapgit and
--format gcts go through loadFormatPlugin(id) → plugin.format.export().
Today gcts.format.export is not yet implemented (E06 deferral); CLI and
MCP both surface a consistent capability error. Once E06 v0.2 ships
deserialisation, checkin works for gcts with zero adt-cli changes.

## Tests
  adt-locks: 37 → 46 (+9)
  adt-cli:   +19 (5 parity + 11 plan + 3 apply)
  adt-mcp:   parity via adt-cli harness

## Known follow-ups (in epic)
  - FormatPlugin.diff() for finer-grained change detection
  - gcts format.export (E06 v0.2)
  - Mock server PUT coverage for true checkout+checkin round-trip
  - Dependency tier list is pragmatic, not exhaustive

Reference: jfilak/sapcli sap/cli/checkin.py.
Roadmap: docs/roadmap/epics/e08-checkin.md ✅

Generated with [Devin](https://cli.devin.ai/docs)

Co-Authored-By: Devin <158243242+devin-ai-integration[bot]@users.noreply.github.com>

Author: ThePlenkov

docs/roadmap/epics/e08-checkin.md

@@ -98,3 +98,15 @@ Do NOT commit without approval.
 
 - SAP doesn't expose an atomic "transactional" object save. True rollback is a best-effort: release locks + log "manual cleanup needed" for partially-applied PUTs. Acceptable?
 - Should `checkin` honor `.gitignore`-style excludes in the source directory?
+
+## Follow-ups discovered during implementation (v0.1)
+
+- **`CheckinService.diff` is coarse-grained.** `diffObject()` currently treats "remote exists + local had pending sources" as `update`, and "remote 404" as `create`. No per-field comparison (SAP returns ETags which ADK's save() uses to short-circuit identical content on the server side — so `unchanged` via ETag still works, just post-PUT rather than in the plan). Revisit when `FormatPlugin.diff()` lands (see E05 follow-ups) to compute true file-level diffs up-front.
+
+- **Batch pre-flight lock then release.** `apply.ts` acquires all tier locks in a `BatchLockSession` purely to surface conflicts early, then releases and lets ADK's per-object `save({mode:'upsert'})` re-lock. This double-lock is cheap because the security session's CSRF token survives both cycles, but it means BatchLockSession is really a **validation primitive**, not an execution one. When ADK exposes a way to thread pre-acquired lock handles into `save()`, we can collapse the two cycles into one.
+
+- **gCTS format plugin currently rejects checkin.** `@abapify/adt-plugin-gcts` does not yet implement `format.export` (Git → SAP). `CheckinService` correctly surfaces this as a plugin-capability error on both CLI and MCP — proving the dispatch is format-agnostic — but a real gCTS checkin needs that plugin method (see E06 v0.1 follow-ups: "Git → SAP direction […] deferred alongside E08 checkin"). Adding it lights up gCTS checkin with zero further changes to `CheckinService`.
+
+- **E2E parity coverage is shallow for apply paths.** The mock server in `@abapify/adt-fixtures` doesn't yet model PUT-with-lock-handle + activation for every object type. The parity tests (`parity.checkin.test.ts`) therefore validate discovery + format dispatch + dry-run + MCP tool advertisement; lock/ETag/PUT apply paths are validated through the `tests/services/checkin/apply.test.ts` unit tests with mocked `LockService`. Extending the mock server with object-specific write routes is a separate epic-sized follow-up.
+
+- **Dependency tier list is pragmatic, not exhaustive.** `plan.ts` covers DDIC primitives, packages, app code, and CDS/RAP. Rare types (BAdI impl, XSLT, MSAG, etc.) fall into `other` and are applied last-tier. Extend `TIER_FOR_TYPE` as new object types get ADK/abapGit support.

packages/adt-cli/src/index.ts

@@ -10,3 +10,21 @@ export {
   type TransportImportOptions,
   type ImportResult,
 } from './lib/services/import/service';
+
+// Checkin (E08) — inverse of checkout; pushes local abapGit/gCTS files → SAP.
+export {
+  CheckinService,
+  type CheckinOptions,
+  type CheckinResult,
+  type ChangePlan,
+  type ChangePlanEntry,
+  type ChangeAction,
+  type DependencyTier,
+  type ApplyResult,
+  type ApplyTierResult,
+  buildPlan,
+  classifyTier,
+  flattenPlanObjects,
+  diffObject,
+  applyPlan,
+} from './lib/services/checkin';

packages/adt-cli/src/lib/cli.ts

@@ -37,6 +37,7 @@ import {
   userCommand,
   sourceCommand,
   strustCommand,
+  checkinCommand,
 } from './commands';
 import { createPackageCommand } from './commands/package';
 import {
@@ -286,6 +287,9 @@ export async function createCLI(options?: {
   // Checkout command (download SAP objects to abapgit-compatible files)
   program.addCommand(createCheckoutCommand());
 
+  // Checkin command (push local abapGit/gCTS directory into SAP — inverse of checkout)
+  program.addCommand(checkinCommand);
+
   // REPL - Interactive hypermedia navigator
   program.addCommand(createReplCommand());
 

packages/adt-cli/src/lib/commands/checkin.ts

@@ -0,0 +1,105 @@
+/**
+ * `adt checkin <directory>` — push a local abapGit/gCTS-formatted directory
+ * into SAP (the inverse of `adt checkout`).
+ *
+ * Thin commander wrapper — all orchestration lives in `CheckinService`.
+ */
+import { Command } from 'commander';
+import { CheckinService } from '../services/checkin';
+import { getAdtClientV2 } from '../utils/adt-client-v2';
+
+export const checkinCommand = new Command('checkin')
+  .description(
+    'Push a local abapGit/gCTS-formatted directory into SAP (inverse of checkout)',
+  )
+  .argument('<directory>', 'Source directory containing serialised files')
+  .option(
+    '--format <format>',
+    "Format plugin id (default 'abapgit'; try 'gcts' for AFF layout)",
+    'abapgit',
+  )
+  .option('-p, --package <package>', 'Target root SAP package for the checkin')
+  .option(
+    '-t, --transport <transport>',
+    'Transport request to use for lock/save operations',
+  )
+  .option(
+    '--types <types>',
+    'Filter by object types (comma-separated, e.g. CLAS,INTF)',
+  )
+  .option('--dry-run', 'Validate & plan only — no writes to SAP', false)
+  .option(
+    '--no-activate',
+    'Skip activation after save (objects remain inactive)',
+  )
+  .option(
+    '--unlock',
+    'Force-unlock objects already locked by the current user before applying',
+    false,
+  )
+  .option(
+    '--abap-language-version <version>',
+    "ABAP language version for new objects (e.g. '5' for Cloud)",
+  )
+  .option('--json', 'Emit the CheckinResult as JSON (machine-readable)', false)
+  .action(async (directory, options) => {
+    try {
+      // Ensure auth + ADK bootstrap.
+      await getAdtClientV2();
+
+      const service = new CheckinService();
+      const types = options.types
+        ? options.types
+            .split(',')
+            .map((t: string) => t.trim().toUpperCase())
+            .filter(Boolean)
+        : undefined;
+
+      if (!options.json) {
+        console.log(`🚀 Checkin: ${directory}`);
+        console.log(`📦 Format: ${options.format}`);
+        if (options.package) console.log(`📁 Root package: ${options.package}`);
+        if (options.transport)
+          console.log(`🚚 Transport: ${options.transport}`);
+        if (options.dryRun) console.log(`🔍 Dry run (no SAP writes)`);
+      }
+
+      const result = await service.checkin({
+        sourceDir: directory,
+        format: options.format,
+        rootPackage: options.package,
+        transport: options.transport,
+        objectTypes: types,
+        dryRun: options.dryRun,
+        activate: options.activate,
+        unlock: options.unlock,
+        abapLanguageVersion: options.abapLanguageVersion,
+        onLog: (_level, msg) => {
+          if (!options.json) console.log(`   ${msg}`);
+        },
+        onObject: (obj, status) => {
+          if (!options.json)
+            console.log(`      • ${obj.type} ${obj.name} (${status})`);
+        },
+      });
+
+      if (options.json) {
+        console.log(JSON.stringify(result, null, 2));
+      } else {
+        console.log(`\n📊 ${result.summary}`);
+        if (result.aborted) {
+          console.error(
+            '⚠️  Checkin aborted before completing all tiers — inspect errors above.',
+          );
+          process.exit(1);
+        }
+        if (result.apply.totals.failed > 0) {
+          process.exit(1);
+        }
+      }
+    } catch (error) {
+      const msg = error instanceof Error ? error.message : String(error);
+      console.error(`❌ Checkin failed: ${msg}`);
+      process.exit(1);
+    }
+  });

packages/adt-cli/src/lib/commands/index.ts

@@ -27,3 +27,4 @@ export { checkCommand } from './check';
 export { userCommand } from './user';
 export { sourceCommand } from './source';
 export { strustCommand } from './strust';
+export { checkinCommand } from './checkin';

packages/adt-cli/src/lib/services/checkin/apply.ts

@@ -0,0 +1,190 @@
+/**
+ * Apply stage — executes a ChangePlan against SAP.
+ *
+ * Each tier is deployed as its own `AdkObjectSet` so that DDIC objects are
+ * saved + activated before the application-code tier starts. Within a tier,
+ * objects are saved with `mode: 'upsert'` — SAP's PUT endpoints auto-detect
+ * whether the object already exists so we don't need separate create/update
+ * paths here.
+ *
+ * Locking:
+ *   - Before each tier, an outer `BatchLockSession` pre-acquires locks to
+ *     catch conflicts early (e.g. another user editing). Because ADK's
+ *     `save()` also lock/unlocks per object, we release the batch session
+ *     immediately after pre-flight — the CSRF security session is preserved
+ *     so the subsequent per-object re-lock is cheap.
+ *   - If the batch pre-flight fails, the tier is aborted and all locks
+ *     acquired so far (in that tier) are rolled back; partial state from
+ *     previous tiers is documented to the caller.
+ */
+import type { AdkObject, AdkContext } from '@abapify/adk';
+import { AdkObjectSet } from '@abapify/adk';
+import {
+  createBatchLockSession,
+  type BatchLockTarget,
+} from '@abapify/adt-locks';
+import type { ChangePlan, DependencyTier } from './plan';
+
+export interface ApplyOptions {
+  /** Transport request used for lock + save operations. */
+  transport?: string;
+  /** Dry run — build plan but don't touch SAP. */
+  dryRun?: boolean;
+  /** Activate saved objects after each tier. Default: true. */
+  activate?: boolean;
+  /**
+   * Force-unlock objects currently locked by the authenticated user before
+   * the batch lock session begins. Mirrors `adt export --unlock`.
+   */
+  unlock?: boolean;
+  /** Per-tier progress hook. */
+  onTierStart?: (tier: DependencyTier, size: number) => void;
+  /** Per-object progress hook. */
+  onObject?: (object: AdkObject, status: string) => void;
+}
+
+export interface ApplyTierResult {
+  tier: DependencyTier;
+  size: number;
+  saved: number;
+  failed: number;
+  unchanged: number;
+  activated: number;
+  errors: Array<{ name: string; type: string; error: string }>;
+}
+
+export interface ApplyResult {
+  /** Per-tier stats in the order they were applied. */
+  tiers: ApplyTierResult[];
+  /** Aggregate totals. */
+  totals: {
+    saved: number;
+    failed: number;
+    unchanged: number;
+    activated: number;
+  };
+  /** True if the caller aborted before all tiers ran (lock conflict). */
+  aborted: boolean;
+}
+
+/** Execute the change plan. Always returns a result — caller decides exit. */
+export async function applyPlan(
+  plan: ChangePlan,
+  ctx: AdkContext,
+  options: ApplyOptions = {},
+): Promise<ApplyResult> {
+  const activate = options.activate ?? true;
+  const result: ApplyResult = {
+    tiers: [],
+    totals: { saved: 0, failed: 0, unchanged: 0, activated: 0 },
+    aborted: false,
+  };
+
+  for (const group of plan.groups) {
+    const tierResult: ApplyTierResult = {
+      tier: group.tier,
+      size: group.entries.length,
+      saved: 0,
+      failed: 0,
+      unchanged: 0,
+      activated: 0,
+      errors: [],
+    };
+    options.onTierStart?.(group.tier, group.entries.length);
+
+    if (options.dryRun) {
+      // Pretend everything succeeded for reporting only.
+      for (const entry of group.entries) {
+        options.onObject?.(entry.object, 'dry-run');
+        tierResult.saved++;
+      }
+      result.tiers.push(tierResult);
+      result.totals.saved += tierResult.saved;
+      continue;
+    }
+
+    // Optional: force-unlock stale locks owned by the current user.
+    if (options.unlock && ctx.lockService) {
+      for (const entry of group.entries) {
+        try {
+          await ctx.lockService.forceUnlock(entry.object.objectUri);
+        } catch {
+          /* not locked or locked by another user — ignore */
+        }
+      }
+    }
+
+    // Pre-flight: batch-lock to surface conflicts BEFORE we start mutating.
+    // We release immediately afterwards because ADK's save() will re-lock
+    // per object within the same security session (CSRF survives unlock).
+    let preflightFailed = false;
+    if (ctx.lockService) {
+      const targets: BatchLockTarget[] = group.entries.map((e) => ({
+        objectUri: e.object.objectUri,
+        options: {
+          transport: options.transport,
+          objectName: e.object.name,
+          objectType: e.object.type,
+        },
+      }));
+      const batch = createBatchLockSession(ctx.lockService, targets);
+      try {
+        await batch.begin();
+      } catch (err) {
+        const msg = err instanceof Error ? err.message : String(err);
+        tierResult.errors.push({
+          name: '(batch)',
+          type: group.tier,
+          error: `batch lock pre-flight failed: ${msg}`,
+        });
+        tierResult.failed = group.entries.length;
+        preflightFailed = true;
+      } finally {
+        await batch.release();
+      }
+    }
+
+    if (preflightFailed) {
+      result.tiers.push(tierResult);
+      result.totals.failed += tierResult.failed;
+      result.aborted = true;
+      // Stop applying further tiers — the caller sees a partial-apply state.
+      break;
+    }
+
+    // Build the tier's AdkObjectSet and deploy.
+    const set = new AdkObjectSet(ctx);
+    for (const entry of group.entries) set.add(entry.object);
+
+    const deployResult = await set.deploy({
+      transport: options.transport,
+      activate,
+      mode: 'upsert',
+      onProgress: (_processed, _total, current) => {
+        options.onObject?.(current, 'saved');
+      },
+    });
+
+    tierResult.saved = deployResult.save.success;
+    tierResult.failed = deployResult.save.failed;
+    tierResult.unchanged = deployResult.save.unchanged;
+    tierResult.activated = deployResult.activation?.success ?? 0;
+    for (const r of deployResult.save.results) {
+      if (!r.success && !r.unchanged) {
+        tierResult.errors.push({
+          name: r.object.name,
+          type: r.object.type,
+          error: r.error ?? 'unknown error',
+        });
+      }
+    }
+
+    result.tiers.push(tierResult);
+    result.totals.saved += tierResult.saved;
+    result.totals.failed += tierResult.failed;
+    result.totals.unchanged += tierResult.unchanged;
+    result.totals.activated += tierResult.activated;
+  }
+
+  return result;
+}