Skip to content

feat: full nanoflow support — CREATE, DROP, SHOW, DESCRIBE, DIFF, MERMAID, security, and agentic skill#301

Draft
retran wants to merge 8 commits intomendixlabs:mainfrom
retran:pr4-nanoflows-all
Draft

feat: full nanoflow support — CREATE, DROP, SHOW, DESCRIBE, DIFF, MERMAID, security, and agentic skill#301
retran wants to merge 8 commits intomendixlabs:mainfrom
retran:pr4-nanoflows-all

Conversation

@retran
Copy link
Copy Markdown
Contributor

@retran retran commented Apr 24, 2026
edited
Loading

Why

Nanoflows are a core Mendix document type for mobile and offline-first apps. Until this PR, mxcli had read-only nanoflow support (SHOW, DESCRIBE) but could not create, modify, or manage nanoflows — blocking agentic workflows that need to scaffold, refactor, or secure nanoflow logic.

This gap was visible in the feature matrix: nanoflows lagged far behind microflows in every dimension. This PR brings nanoflows to full feature parity with microflows across grammar, executor, SDK, validation, visualization, and security management.

Proposal: docs/11-proposals/PROPOSAL_nanoflow_support.md
Test plan: docs/15-testing/nanoflow-test-cases.md (18 sections, 123 test cases)

What Changed

New MDL commands

Command Description
CREATE [OR MODIFY] NANOFLOW Create nanoflows with body, parameters, return type, folder placement
DROP NANOFLOW Remove a nanoflow from the project
CALL NANOFLOW Call a nanoflow from within a flow body (valid in both microflows and nanoflows)
CALL JAVASCRIPT ACTION Call a JavaScript action from within a flow body
GRANT EXECUTE ON NANOFLOW Grant module role access to a nanoflow
REVOKE EXECUTE ON NANOFLOW Revoke module role access from a nanoflow
SHOW ACCESS ON NANOFLOW Display which roles have access to a nanoflow
MOVE NANOFLOW Move a nanoflow to a different module or folder
RENAME NANOFLOW Rename a nanoflow
DIFF (nanoflow support) Detect and display nanoflow changes between .mpr versions

CLI enhancements

  • describe nanoflow --format mermaid — generates Mermaid flowchart diagrams for nanoflows (same --format flag already supported for microflows and domain models)

Validation

Type-switch validation rejects 21 actions that Mendix does not allow in nanoflows (e.g., database commit, Java actions, import/export). Entity resolver errors propagate upfront — no silent failures on invalid parameter or return types.

Bug fixes and improvements

  • JavaScript action support: call javascript action Module.ActionName(params) — grammar rule, parser, AST node, visitor, builder, validation, serializer. JS actions roundtrip correctly through describe → drop → create cycle.
  • Association retrieve roundtrip: retrieve $X from $Y/Module.Association syntax preserved on roundtrip. Previously, the builder converted association retrieves to database retrieves with XPath constraints on reverse traversals.
  • Nanoflow serialization rewrite: serializeNanoflow() was incomplete — missing ReturnType, ObjectCollection, and Flows. Created nanoflows lost their body when written to .mpr.
  • Empty-then optimization: If/else blocks with empty true branches are swapped and condition negated for readable DESCRIBE output.
  • NanoflowCallAction BSON field corrected from ResultVariableName to OutputVariableName.
  • JavaScript action references validated separately from Java actions.
  • Module existence validated for SHOW NANOFLOWS/MICROFLOWS.
  • Numeric return literals no longer get spurious $ prefix.
  • Empty nanoflow/microflow names rejected at create time.
  • NanoflowCallAction error handling type resolved correctly.
  • not() expression spacing preserved on roundtrip.
  • Mermaid renderer handles NanoflowCallAction.
  • AllowedModuleRoles preserved through drop/recreate cycle.

Agentic skill

New Claude Code skill at .claude/skills/mendix/write-nanoflows.md — guides AI agents through nanoflow creation with MDL syntax, parameter types, body actions, security management, and validation rules.

Shared helpers

  • buildEntityNames extracted to eliminate duplication between microflow and nanoflow Mermaid rendering.
  • serializeNanoflow() fully rewritten to serialize body, flows, return type, and parameters.

Testing

Automated tests (all pass with make build && make test && make lint-go):

  • 33 integration tests (roundtrip_nanoflow_test.go) — CREATE, DROP, CALL, GRANT/REVOKE, SHOW, MOVE, RENAME, MERMAID, validation, error paths
  • 36 mock unit tests (cmd_nanoflows_mock_test.go) — not-connected guards, duplicate handling, idempotent grant/revoke, all 21 disallowed actions, nested body validation
  • 5 BSON roundtrip tests (roundtrip_test.go) — parse→serialize→parse cycle with activities, flows, and roles

Manual testing: 18-section test plan (123 test cases) executed against 3 App Gallery demo projects (223 nanoflows total). All tests pass except 2 inconclusive (no test data for page integration scenarios).

Known limitations

Description Status
Expression whitespace normalization (e.g. find($x,'y')find($x, 'y')) Cosmetic — accepted as canonical formatting
Security roles persist through drop/recreate By design — matches microflow behavior
Dangling call reference after callee drop renders stale name By design — no cascading deletes

Documentation updated

  • MDL_FEATURE_MATRIX.md — nanoflow row reflects implemented state
  • MDL_QUICK_REFERENCE.md — added CREATE, MOVE, GRANT/REVOKE, SHOW ACCESS nanoflow syntax
  • 01-language-reference.md — added CREATE/DROP/GRANT/REVOKE nanoflow sections
  • grammar-reference.md — added createNanoflowStatement, dropNanoflowStatement, callJavaScriptActionStatement
  • PROPOSAL_nanoflow_support.md — rewritten from proposal to feature description
  • nanoflow-test-cases.md — comprehensive QA test plan (18 sections, 123 test cases)
  • 10-bson-mapping.md — added Nanoflow Mapping section with type differences, allowed actions, JS action field mapping
  • examples/create_nanoflow/ — new Go example with 4 nanoflow patterns
  • CHANGELOG.md — unreleased entries for all nanoflow features
  • SDK_EQUIVALENCE.md — updated nanoflow CRUD feature list

Stats

79 files changed, +18,227 / −10,284 lines, 8 commits

Grammar → AST → Visitor → Executor → SDK → Tests → Docs — full pipeline coverage.

@retran retran marked this pull request as draft April 24, 2026 17:57
@retran retran force-pushed the pr4-nanoflows-all branch 3 times, most recently from 1c71d9f to 5b17c36 Compare April 24, 2026 19:51
@github-actions
Copy link
Copy Markdown

github-actions Bot commented Apr 24, 2026

AI Code Review

What Looks Good

The PR implements comprehensive nanoflow support, bringing it to full feature parity with microflows. Key strengths:

  • Complete pipeline coverage: Grammar → AST → Visitor → Executor → Backend → SDK → Tests → Docs
  • Thorough validation: Rejects 21 disallowed actions with clear error messages
  • Security management: Full GRANT/REVOKE/SHOW ACCESS support for nanoflows
  • Documentation: New skill file (write-nanoflows.md), updated quick reference, language reference, BSON mapping, and test plan
  • Examples: New Go example and doctype test file
  • Test coverage: 33 integration tests, 36 mock unit tests, 5 BSON roundtrip tests, plus 77+ manual test cases
  • Roundtrip fidelity: Properly preserves nanoflow bodies, parameters, return types, and JavaScript action calls
  • Related improvements: JavaScript action full pipeline, association retrieve roundtrip, nanoflow diff, empty-then optimization

The implementation follows all MDL syntax design guidelines:

  • Uses standard CRUD verbs (CREATE/DROP/GRANT/REVOKE/SHOW/CALL)
  • Qualified names everywhere (Module.NanoflowName)
  • Proper property format with colon separators
  • Correct use of AS for mappings (not flagged in appropriate contexts)
  • Reads as English for citizen developers
  • No keyword overloading
  • Diff-friendly syntax

Recommendation

Approve the PR. The implementation is complete, well-tested, and follows all project conventions. The nanoflow support addresses a significant gap in the feature set and enables agentic workflows for nanoflow management as intended.

No blocking issues were identified. The PR is ready to merge.

Automated review via OpenRouter (Nemotron Super 120B) — workflow source

@retran retran force-pushed the pr4-nanoflows-all branch 2 times, most recently from 2a0f486 to 3ff3064 Compare April 24, 2026 20:06
retran added 7 commits April 24, 2026 22:31
@retran
feat: add CREATE/DROP NANOFLOW support — grammar, AST, visitor, executor
02994d0
@retran
feat: add CALL NANOFLOW, GRANT/REVOKE nanoflow access, agentic skill,…
cb2c7fc 
… and proposal
@retran
feat: add SHOW ACCESS, MERMAID, diff, and describe improvements
69f5366 
- SHOW ACCESS ON NANOFLOW — query nanoflow security grants
- DESCRIBE MERMAID for nanoflows via CLI --format mermaid
- Nanoflow diff support — unified diff output for modified nanoflows
- JavaScript action BSON parsing (read path)
- NanoflowCallAction formatter for DESCRIBE output
- Hard-code nanoflow $Type to "Microflows$Nanoflow"
- Preserve AllowedModuleRoles through drop/recreate cycles
- Validate module existence, numeric return types, empty names
- Normalize empty-then branches in DESCRIBE for readable if/else
- Expression spacing fix (not() parenthesization)
@retran
docs: add nanoflow references across repo documentation
0f1a489 
- Document intentional behaviors in nanoflow test plan
- Add nanoflow references to ARCHITECTURE, CLAUDE, CHANGELOG
- Update MDL_FEATURE_MATRIX, MDL_QUICK_REFERENCE, language reference
- Add nanoflow examples to agentic skills (security, pages, validation)
- Add nanoflow MDL examples to doctype-tests
@retran
fix: error propagation, MDL output fields, isNumericLiteral hardening
f82b0c4 
- Propagate describeNanoflow errors in diff command
- Match create-or-modify pattern in diff output
- Add nanoflow-specific fields (@excluded, folder, comment) to MDL output
- Guard empty-then swap edge case in if/else normalization
- Handle missing JS action references gracefully in formatter
- Harden negation expression rendering
@retran
rewrite nanoflow test cases as QA manual test documentation
66f44b2
@retran
feat: add call javascript action MDL pipeline and association retriev…
24ea330 
…e fix

Full pipeline for `call javascript action` syntax:
- Grammar rule, AST node, visitor, builder, validator, BSON serializer
- JavaScript actions allowed in nanoflows (client-side), disallowed check
  skips them correctly
- Separate JS action reference validation from Java action validation

Association retrieve roundtrip fix:
- Preserve AssociationRetrieveSource on roundtrip instead of converting
  to DatabaseRetrieveSource with XPath for reverse traversals
@retran retran force-pushed the pr4-nanoflows-all branch from 3ff3064 to 74e5ea1 Compare April 24, 2026 20:33
@retran
docs: nanoflow BSON mapping, Go example, test cases, and validation f…
8b23f02 
…ixes

- Add Nanoflow Mapping section to BSON mapping documentation
- Add create_nanoflow Go example with 4 nanoflow patterns
- Update CHANGELOG with JS action syntax and association retrieve entries
- Add nanoflow datasource option to create-page skill
- Update SDK_EQUIVALENCE nanoflow feature list
- Exhaustive nanoflow denylist test (21 disallowed + JS action allowed)
- Document denylist ordering dependency in error handling
- Fix isNumericLiteral: reject trailing dot ("5." → false)
@retran retran force-pushed the pr4-nanoflows-all branch from 74e5ea1 to 8b23f02 Compare April 24, 2026 20:33
@github-actions
Copy link
Copy Markdown

github-actions Bot commented Apr 24, 2026

AI Code Review

Review Summary

This PR implements full nanoflow support in mxcli, closing a significant gap in the MDL feature matrix. The changes are thorough and follow the established patterns for MDL feature implementation.

Critical Issues

None found.

Moderate Issues

None found.

Minor Issues

  1. Test coverage gap for diff output: The PR's automated test coverage section explicitly notes a gap: | Diff output | None | **Gap** |. While manual testing covers this (as stated in the manual testing priority), adding automated tests for mxcli diff with nanoflow changes would strengthen confidence.

  2. LSP/VS Code extension changes not visible: The truncated diff doesn't show changes to cmd/mxcli/lsp.go or vscode-mdl/package.json. Though the PR claims full pipeline coverage including LSP, and nanoflows likely reuse existing microflow LSP capabilities (given similar structure), verification of LSP wiring for nanoflow-specific features (if any) would be ideal. However, the PR does update Mermaid diagram viewer documentation to include nanoflows, suggesting visualization support is addressed.

What Looks Good

  • Complete MDL pipeline wiring: Grammar, AST, visitor, executor, backend, and documentation are all updated for nanoflow CREATE/DROP/CALL/GRANT/REVOKE/SHOW ACCESS.
  • Strong adherence to MDL design guidelines:
    • Uses standard CRUD verbs (CREATE, DROP, GRANT, REVOKE, SHOW)
    • Qualified names everywhere (Module.Element)
    • Property format consistent (folder 'path')
    • Clear distinction between colon (property) and AS (mapping) - no misuse of AS observed
    • Statements read as English for citizen developers
    • No keyword overloading; each keyword has single consistent meaning
  • Comprehensive documentation:
    • New skill (write-nanoflows.md)
    • Updated quick reference, language reference, BSON mapping
    • Examples and changelog entries
    • Feature matrix updated to reflect implemented state
  • Robust test coverage:
    • 33 integration tests + 36 mock unit tests + 5 BSON roundtrip tests
    • Extensive manual test plan (77+ cases) executed against 3 real projects
    • Validation covers 21 disallowed actions, error handling, edge cases
  • Valuable bug fixes alongside feature work:
    • JavaScript action full pipeline (OBS-7)
    • Association retrieve roundtrip fidelity (RT-2)
    • Empty-then optimization for readable DESCRIBE
    • Nanoflow diff support
    • Security role persistence through drop/recreate (by design, matching microflows)
  • Consistency with existing patterns: Nanoflow syntax mirrors microflow where appropriate (parameters, return types, body, folder) while correctly restricting client-side actions.

Recommendation

Approve the PR. The changes are high-quality, thoroughly tested, and fully address the nanoflow support gap. The minor test coverage gap for diff output is acknowledged in the test plan and covered by manual validation; it does not block merging given the overall strength of the implementation. No blocker issues were identified.

The PR successfully enables agentic workflows to scaffold, refactor,

Automated review via OpenRouter (Nemotron Super 120B) — workflow source

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@retran