@anton.andrusenko/shopify-mcp-admin 2.2.1 → 2.3.0

package/dist/{chunk-LMFNHULG.js → chunk-RBXQOPVF.js}

@@ -1308,12 +1308,704 @@ var zodToJsonSchema = (schema, options) => {
   return combined;
 };
 
+// src/logging/correlation.ts
+import { randomUUID } from "crypto";
+
+// src/types/context.ts
+import { AsyncLocalStorage } from "async_hooks";
+function createSingleTenantContext(client, shopDomain) {
+  return {
+    client,
+    shopDomain
+    // userId and apiKeyId are undefined in single-tenant mode
+  };
+}
+function createMultiTenantContext(client, shopDomain, tenantId, apiKeyId, allowedShops, options) {
+  return {
+    client,
+    shopDomain,
+    userId: tenantId,
+    // Map tenantId to userId for compatibility
+    apiKeyId,
+    tenantId,
+    allowedShops,
+    correlationId: options?.correlationId,
+    oauthClientId: options?.oauthClientId,
+    oauthClientName: options?.oauthClientName
+  };
+}
+var requestContextStorage = new AsyncLocalStorage();
+var fallbackContextStorage = /* @__PURE__ */ new Map();
+function setFallbackContext(key, context) {
+  fallbackContextStorage.set(key, context);
+}
+function clearFallbackContext(key) {
+  fallbackContextStorage.delete(key);
+}
+var currentContextKey;
+function setCurrentContextKey(key) {
+  currentContextKey = key;
+}
+function getRequestContext() {
+  const asyncContext = requestContextStorage.getStore();
+  if (asyncContext) {
+    return asyncContext;
+  }
+  if (currentContextKey) {
+    return fallbackContextStorage.get(currentContextKey);
+  }
+  return void 0;
+}
+function isMultiTenantContext(context) {
+  return "tenantId" in context && typeof context.tenantId === "string";
+}
+
+// src/logging/correlation.ts
+var CORRELATION_ID_HEADER = "X-Correlation-ID";
+var UUID_V4_REGEX = /^[0-9a-f]{8}-[0-9a-f]{4}-4[0-9a-f]{3}-[89ab][0-9a-f]{3}-[0-9a-f]{12}$/i;
+function generateCorrelationId() {
+  return randomUUID();
+}
+function isValidCorrelationId(id) {
+  return UUID_V4_REGEX.test(id);
+}
+function correlationMiddleware(req, res, next) {
+  const headerValue = req.headers[CORRELATION_ID_HEADER.toLowerCase()];
+  let correlationId;
+  if (headerValue && isValidCorrelationId(headerValue)) {
+    correlationId = headerValue;
+  } else {
+    correlationId = generateCorrelationId();
+  }
+  res.locals.correlationId = correlationId;
+  if (typeof res.set === "function") {
+    res.set(
+      CORRELATION_ID_HEADER,
+      correlationId
+    );
+  } else {
+    res.setHeader(CORRELATION_ID_HEADER, correlationId);
+  }
+  next();
+}
+
+// src/logging/structured-logger.ts
+import {
+  pino as createPino,
+  destination as pinoDestination,
+  transport as pinoTransport
+} from "pino";
+
+// src/monitoring/sentry.ts
+import * as Sentry from "@sentry/node";
+function initSentry(options) {
+  const { dsn, environment = "production", release } = options;
+  if (!dsn) {
+    return;
+  }
+  Sentry.init({
+    dsn,
+    environment,
+    // Sample 10% of transactions for performance monitoring (AC-13.7.4)
+    tracesSampleRate: 0.1,
+    // Release tracking for deployment correlation
+    release: release || "unknown",
+    // Sanitize sensitive data before sending to Sentry
+    beforeSend(event) {
+      if (event.request?.headers) {
+        const sensitiveHeaders = [
+          "authorization",
+          "x-api-key",
+          "cookie",
+          "x-shopify-access-token",
+          "x-shopify-hmac-sha256"
+        ];
+        for (const header of sensitiveHeaders) {
+          delete event.request.headers[header];
+        }
+      }
+      if (event.request?.data) {
+        const data = event.request.data;
+        const sensitiveKeys = ["token", "password", "secret", "key", "access_token"];
+        for (const key of Object.keys(data)) {
+          if (sensitiveKeys.some((sensitive) => key.toLowerCase().includes(sensitive))) {
+            data[key] = "[REDACTED]";
+          }
+        }
+      }
+      if (event.message) {
+        event.message = sanitizeErrorMessage(event.message);
+      }
+      if (event.exception?.values) {
+        for (const exception of event.exception.values) {
+          if (exception.value) {
+            exception.value = sanitizeErrorMessage(exception.value);
+          }
+        }
+      }
+      return event;
+    },
+    // Integrations
+    integrations: [
+      // Capture uncaught exceptions and unhandled rejections
+      Sentry.onUncaughtExceptionIntegration(),
+      Sentry.onUnhandledRejectionIntegration(),
+      // Capture HTTP request data
+      Sentry.requestDataIntegration(),
+      // Deduplicate similar errors
+      Sentry.dedupeIntegration()
+    ]
+  });
+}
+function sanitizeErrorMessage(message) {
+  const patterns = [
+    /shpat_[a-zA-Z0-9]+/g,
+    /shpua_[a-zA-Z0-9]+/g,
+    /Bearer\s+[a-zA-Z0-9_-]+/g,
+    /access_token[=:]\s*[a-zA-Z0-9_-]+/gi,
+    /client_secret[=:]\s*[a-zA-Z0-9_-]+/gi,
+    /sk_live_[a-zA-Z0-9_-]+/g
+  ];
+  let sanitized = message;
+  for (const pattern of patterns) {
+    sanitized = sanitized.replace(pattern, "[REDACTED]");
+  }
+  return sanitized;
+}
+function sentryRequestMiddleware(req, res, next) {
+  const context = getRequestContext();
+  if (context) {
+    if (context.correlationId) {
+      Sentry.setTag("correlationId", context.correlationId);
+      Sentry.setContext("request", {
+        correlationId: context.correlationId
+      });
+    }
+    if (isMultiTenantContext(context) && context.tenantId) {
+      Sentry.setTag("tenantId", context.tenantId);
+      Sentry.setContext("tenant", {
+        tenantId: context.tenantId
+      });
+    }
+    if (context.shopDomain) {
+      Sentry.setTag("shopDomain", context.shopDomain);
+    }
+  }
+  Sentry.setContext("http", {
+    method: req.method,
+    url: req.url,
+    path: req.path,
+    query: req.query,
+    userAgent: req.get("user-agent"),
+    ip: req.ip
+  });
+  Sentry.addBreadcrumb({
+    category: "http",
+    message: `${req.method} ${req.path}`,
+    level: "info",
+    data: {
+      method: req.method,
+      path: req.path
+      // statusCode will be updated when response finishes (see below)
+    }
+  });
+  res.on("finish", () => {
+    Sentry.addBreadcrumb({
+      category: "http",
+      message: `${req.method} ${req.path} - ${res.statusCode}`,
+      level: res.statusCode >= 400 ? "error" : "info",
+      data: {
+        method: req.method,
+        path: req.path,
+        statusCode: res.statusCode
+      }
+    });
+  });
+  next();
+}
+function sentryErrorHandler(error, req, _res, next) {
+  Sentry.captureException(error, {
+    tags: {
+      path: req.path,
+      method: req.method
+    },
+    extra: {
+      url: req.url,
+      query: req.query,
+      body: req.body
+    }
+  });
+  next(error);
+}
+function captureError(error, context) {
+  const requestContext = getRequestContext();
+  Sentry.withScope((scope) => {
+    if (requestContext?.correlationId) {
+      scope.setTag("correlationId", requestContext.correlationId);
+      scope.setContext("request", {
+        correlationId: requestContext.correlationId
+      });
+    }
+    if (requestContext && isMultiTenantContext(requestContext) && requestContext.tenantId) {
+      scope.setTag("tenantId", requestContext.tenantId);
+      scope.setContext("tenant", {
+        tenantId: requestContext.tenantId
+      });
+    }
+    if (requestContext?.shopDomain) {
+      scope.setTag("shopDomain", requestContext.shopDomain);
+    }
+    if (context) {
+      scope.setContext("additional", context);
+    }
+    Sentry.captureException(error);
+  });
+}
+
+// src/logging/structured-logger.ts
+var SANITIZATION_PATTERNS = [
+  { pattern: /shpat_[a-zA-Z0-9]+/g, replacement: "[REDACTED]" },
+  { pattern: /shpua_[a-zA-Z0-9]+/g, replacement: "[REDACTED]" },
+  { pattern: /Bearer\s+[a-zA-Z0-9_-]+/g, replacement: "Bearer [REDACTED]" },
+  { pattern: /access_token[=:]\s*[a-zA-Z0-9_-]+/gi, replacement: "access_token=[REDACTED]" },
+  { pattern: /client_secret[=:]\s*[a-zA-Z0-9_-]+/gi, replacement: "client_secret=[REDACTED]" },
+  { pattern: /sk_live_[a-zA-Z0-9_-]+/g, replacement: "[REDACTED]" }
+];
+function sanitizeText(text) {
+  let result = text;
+  for (const { pattern, replacement } of SANITIZATION_PATTERNS) {
+    result = result.replace(pattern, replacement);
+  }
+  return result;
+}
+function sanitizeObject(obj, seen = /* @__PURE__ */ new WeakSet()) {
+  if (typeof obj === "string") {
+    return sanitizeText(obj);
+  }
+  if (obj === null || typeof obj !== "object") {
+    return obj;
+  }
+  if (seen.has(obj)) {
+    return "[Circular]";
+  }
+  seen.add(obj);
+  if (Array.isArray(obj)) {
+    return obj.map((item) => sanitizeObject(item, seen));
+  }
+  const result = {};
+  for (const [key, value] of Object.entries(obj)) {
+    result[key] = sanitizeObject(value, seen);
+  }
+  return result;
+}
+function getInstanceId() {
+  return process.env.INSTANCE_ID || process.env.HOSTNAME || "unknown";
+}
+function getLogLevel() {
+  const level = process.env.LOG_LEVEL?.toLowerCase();
+  if (level === "debug" || level === "info" || level === "warn" || level === "error") {
+    return level;
+  }
+  return "info";
+}
+function isDevelopment() {
+  return process.env.NODE_ENV === "development";
+}
+function createTransport() {
+  if (isDevelopment()) {
+    try {
+      return {
+        target: "pino-pretty",
+        options: {
+          destination: 2,
+          // stderr (fd 2)
+          colorize: true,
+          translateTime: "HH:MM:ss.l",
+          ignore: "pid,hostname"
+        }
+      };
+    } catch {
+      return void 0;
+    }
+  }
+  return void 0;
+}
+function createBasePinoLogger() {
+  const level = getLogLevel();
+  const transport = createTransport();
+  const instanceId = getInstanceId();
+  const options = {
+    level,
+    // ISO 8601 timestamp format (AC-13.1.3)
+    timestamp: () => `,"time":"${(/* @__PURE__ */ new Date()).toISOString()}"`,
+    // Format level as string instead of number
+    formatters: {
+      level: (label) => ({ level: label })
+    },
+    // Base bindings (can be overridden by child loggers)
+    // Story 13.5: Add instance ID for multi-instance deployment identification
+    base: {
+      instanceId
+      // AC-13.5.1: Instance ID for load balancer distribution verification
+    }
+  };
+  if (transport) {
+    return createPino(options, pinoTransport(transport));
+  }
+  return createPino(options, pinoDestination({ dest: 2, sync: false }));
+}
+var basePinoLogger = createBasePinoLogger();
+function createLogger(module) {
+  function getContextFields() {
+    const context = getRequestContext();
+    const fields = { module };
+    if (context) {
+      if (context.correlationId) {
+        fields.correlationId = context.correlationId;
+      }
+      if (context.shopDomain) {
+        fields.shopDomain = context.shopDomain;
+      }
+      if (isMultiTenantContext(context)) {
+        fields.tenantId = context.tenantId;
+      }
+    }
+    return fields;
+  }
+  function mergeData(data) {
+    const contextFields = getContextFields();
+    if (data) {
+      const sanitizedData = sanitizeObject(data);
+      return { ...contextFields, ...sanitizedData };
+    }
+    return contextFields;
+  }
+  function formatError(error) {
+    return {
+      error: {
+        name: error.name,
+        message: sanitizeText(error.message),
+        stack: error.stack ? sanitizeText(error.stack) : void 0
+      }
+    };
+  }
+  const logger2 = {
+    debug: (msg, data) => {
+      basePinoLogger.debug(mergeData(data), sanitizeText(msg));
+    },
+    info: (msg, data) => {
+      basePinoLogger.info(mergeData(data), sanitizeText(msg));
+    },
+    warn: (msg, data) => {
+      basePinoLogger.warn(mergeData(data), sanitizeText(msg));
+    },
+    error: (msg, error, data) => {
+      const merged = mergeData(data);
+      if (error) {
+        Object.assign(merged, formatError(error));
+        captureError(error, data);
+      }
+      basePinoLogger.error(merged, sanitizeText(msg));
+    },
+    child: (bindings) => {
+      const childModule = bindings.module || module;
+      const childLogger = createLogger(childModule);
+      const originalMergeData = mergeData;
+      const enhancedMergeData = (data) => {
+        const base = originalMergeData(data);
+        const sanitizedBindings = sanitizeObject(bindings);
+        return { ...base, ...sanitizedBindings };
+      };
+      return {
+        debug: (msg, data) => {
+          basePinoLogger.debug(enhancedMergeData(data), sanitizeText(msg));
+        },
+        info: (msg, data) => {
+          basePinoLogger.info(enhancedMergeData(data), sanitizeText(msg));
+        },
+        warn: (msg, data) => {
+          basePinoLogger.warn(enhancedMergeData(data), sanitizeText(msg));
+        },
+        error: (msg, error, data) => {
+          const merged = enhancedMergeData(data);
+          if (error) {
+            Object.assign(merged, formatError(error));
+          }
+          basePinoLogger.error(merged, sanitizeText(msg));
+        },
+        child: childLogger.child
+      };
+    }
+  };
+  return logger2;
+}
+function flushLogs() {
+  basePinoLogger.flush();
+}
+
+// src/logging/tool-execution-logger.ts
+import { Prisma } from "@prisma/client";
+
+// src/logging/sanitize.ts
+var MAX_STRING_LENGTH = 1e3;
+var MAX_ARRAY_ITEMS = 10;
+var MAX_RECURSION_DEPTH = 5;
+var MAX_OUTPUT_BYTES = 5e3;
+var TOKEN_PATTERNS = [
+  // Shopify access tokens (shpat_xxx, shpua_xxx) - include underscores in the pattern
+  { pattern: /shpat_[a-zA-Z0-9_]+/g, replacement: "[REDACTED]" },
+  { pattern: /shpua_[a-zA-Z0-9_]+/g, replacement: "[REDACTED]" },
+  // Bearer tokens
+  { pattern: /Bearer\s+[a-zA-Z0-9_.-]+/g, replacement: "Bearer [REDACTED]" },
+  // OAuth access tokens (mcp_access_xxx)
+  { pattern: /mcp_access_[a-zA-Z0-9_-]+/g, replacement: "[REDACTED]" },
+  // Live/test API keys (sk_live_xxx, sk_test_xxx)
+  { pattern: /sk_live_[a-zA-Z0-9_-]+/g, replacement: "[REDACTED]" },
+  { pattern: /sk_test_[a-zA-Z0-9_-]+/g, replacement: "[REDACTED]" },
+  // Generic access_token and client_secret patterns
+  { pattern: /access_token[=:]\s*[a-zA-Z0-9_.-]+/gi, replacement: "access_token=[REDACTED]" },
+  { pattern: /client_secret[=:]\s*[a-zA-Z0-9_.-]+/gi, replacement: "client_secret=[REDACTED]" }
+];
+function redactTokens(text) {
+  let result = text;
+  for (const { pattern, replacement } of TOKEN_PATTERNS) {
+    result = result.replace(pattern, replacement);
+  }
+  return result;
+}
+function truncateString(text, maxLength = MAX_STRING_LENGTH) {
+  if (text.length <= maxLength) {
+    return text;
+  }
+  return `${text.substring(0, maxLength)}...[TRUNCATED]`;
+}
+function sanitizeParams(params, depth = 0) {
+  if (depth > MAX_RECURSION_DEPTH) {
+    return "[TRUNCATED]";
+  }
+  if (params === null || params === void 0) {
+    return params;
+  }
+  if (typeof params === "string") {
+    const redacted = redactTokens(params);
+    return truncateString(redacted);
+  }
+  if (typeof params !== "object") {
+    return params;
+  }
+  if (Array.isArray(params)) {
+    const limited = params.slice(0, MAX_ARRAY_ITEMS);
+    return limited.map((item) => sanitizeParams(item, depth + 1));
+  }
+  const result = {};
+  for (const [key, value] of Object.entries(params)) {
+    result[key] = sanitizeParams(value, depth + 1);
+  }
+  return result;
+}
+function getByteSize(value) {
+  try {
+    return JSON.stringify(value).length;
+  } catch {
+    return 0;
+  }
+}
+function truncateOutput(output, maxBytes = MAX_OUTPUT_BYTES) {
+  const sanitized = sanitizeParams(output);
+  const size = getByteSize(sanitized);
+  if (size <= maxBytes) {
+    return sanitized;
+  }
+  if (typeof sanitized === "object" && sanitized !== null && !Array.isArray(sanitized)) {
+    const obj = sanitized;
+    if ("data" in obj || "errors" in obj) {
+      const result = {};
+      if (obj.errors) {
+        result.errors = obj.errors;
+      }
+      if (obj.data) {
+        result.data = "[TRUNCATED - output exceeded 5KB]";
+      }
+      if (obj.extensions && getByteSize(obj.extensions) < 200) {
+        result.extensions = obj.extensions;
+      }
+      return result;
+    }
+    return {
+      _truncated: true,
+      _message: `Output truncated: ${size} bytes exceeded ${maxBytes} byte limit`,
+      _keys: Object.keys(obj).slice(0, 10)
+    };
+  }
+  if (Array.isArray(sanitized)) {
+    return {
+      _truncated: true,
+      _message: `Array truncated: ${sanitized.length} items, ${size} bytes exceeded ${maxBytes} byte limit`,
+      _sample: sanitized.slice(0, 3)
+    };
+  }
+  return "[TRUNCATED - output exceeded 5KB]";
+}
+function sanitizeErrorMessage2(error) {
+  if (error instanceof Error) {
+    return truncateString(redactTokens(error.message), 500);
+  }
+  if (typeof error === "string") {
+    return truncateString(redactTokens(error), 500);
+  }
+  return "Unknown error";
+}
+
+// src/logging/tool-execution-logger.ts
+var logger = createLogger("logging/tool-execution-logger");
+var VALIDATION_ERROR_KEYWORDS = [
+  "validation failed",
+  "required",
+  "must be",
+  "expected",
+  "cannot be empty",
+  "is not allowed",
+  "malformed",
+  "parse error",
+  "zod"
+];
+var AUTH_ERROR_KEYWORDS = [
+  "unauthorized",
+  "unauthenticated",
+  "forbidden",
+  "access denied",
+  "not authorized",
+  "authentication required",
+  "authentication failed",
+  "permission denied",
+  "invalid api key",
+  "invalid token",
+  "token expired"
+];
+var TIMEOUT_KEYWORDS = ["timeout", "timed out", "deadline exceeded", "econnreset", "socket hang"];
+function classifyError(error) {
+  let message;
+  if (error instanceof Error) {
+    message = error.message.toLowerCase();
+  } else if (error !== null && typeof error === "object" && "message" in error && typeof error.message === "string") {
+    message = error.message.toLowerCase();
+  } else {
+    message = String(error).toLowerCase();
+  }
+  const errorName = error instanceof Error ? error.name : typeof error === "object" && error !== null ? "Object" : "Error";
+  const isToolError = error !== null && typeof error === "object" && "name" in error && error.name === "ToolError";
+  if (AUTH_ERROR_KEYWORDS.some((kw) => message.includes(kw))) {
+    return {
+      status: "AUTH_ERROR",
+      errorCode: isToolError ? "TOOL_AUTH_ERROR" : "AUTH_ERROR"
+    };
+  }
+  if (VALIDATION_ERROR_KEYWORDS.some((kw) => message.includes(kw))) {
+    return {
+      status: "VALIDATION_ERROR",
+      errorCode: isToolError ? "TOOL_VALIDATION_ERROR" : "VALIDATION_ERROR"
+    };
+  }
+  if (isToolError) {
+    return { status: "ERROR", errorCode: "TOOL_ERROR" };
+  }
+  if (TIMEOUT_KEYWORDS.some((kw) => message.includes(kw))) {
+    return { status: "TIMEOUT", errorCode: "TIMEOUT" };
+  }
+  if (message.includes("graphql") || errorName === "GraphqlQueryError") {
+    return { status: "ERROR", errorCode: "GRAPHQL_ERROR" };
+  }
+  return { status: "ERROR", errorCode: "UNKNOWN_ERROR" };
+}
+var ToolExecutionLogger = class {
+  prisma;
+  /**
+   * Create a new ToolExecutionLogger
+   *
+   * @param prisma - Prisma client for database access
+   */
+  constructor(prisma) {
+    this.prisma = prisma;
+  }
+  /**
+   * Log a tool execution (fire-and-forget)
+   *
+   * This method does NOT await the database insert. The insert runs
+   * asynchronously and any errors are caught and logged, not thrown.
+   *
+   * AC-16.2.7: Fire-and-forget pattern with max 5ms overhead.
+   *
+   * @param entry - Tool execution entry to log
+   *
+   * @example
+   * ```typescript
+   * logger.logExecution({
+   *   tenantId: 'tenant-uuid',
+   *   toolName: 'create-product',
+   *   toolModule: 'products',
+   *   clientType: 'api_key',
+   *   apiKeyId: 'apikey-uuid',
+   *   inputParams: { title: 'New Product' },
+   *   output: { productId: '123' },
+   *   status: 'SUCCESS',
+   *   durationMs: 150,
+   * });
+   * // Returns immediately, database insert happens async
+   * ```
+   */
+  logExecution(entry) {
+    if (!entry.tenantId) {
+      logger.debug("Skipping tool execution log: no tenantId", { toolName: entry.toolName });
+      return;
+    }
+    const sanitizedInput = entry.inputParams ? sanitizeParams(entry.inputParams) : void 0;
+    const sanitizedOutput = entry.output ? truncateOutput(entry.output) : void 0;
+    const sanitizedErrorMessage = entry.errorMessage ? sanitizeErrorMessage2(entry.errorMessage) : void 0;
+    const logData = {
+      tenant: { connect: { id: entry.tenantId } },
+      toolName: entry.toolName,
+      toolModule: entry.toolModule,
+      sessionId: entry.sessionId,
+      correlationId: entry.correlationId,
+      clientType: entry.clientType,
+      apiKey: entry.apiKeyId ? { connect: { id: entry.apiKeyId } } : void 0,
+      oauthClientId: entry.oauthClientId,
+      shop: entry.shopId ? { connect: { id: entry.shopId } } : void 0,
+      shopDomain: entry.shopDomain,
+      inputParams: sanitizedInput ?? Prisma.JsonNull,
+      outputSummary: sanitizedOutput ?? Prisma.JsonNull,
+      status: entry.status,
+      errorCode: entry.errorCode,
+      errorMessage: sanitizedErrorMessage,
+      durationMs: entry.durationMs,
+      ipAddress: entry.ipAddress,
+      userAgent: entry.userAgent
+    };
+    this.prisma.toolExecutionLog.create({ data: logData }).catch((err) => {
+      logger.error("Failed to log tool execution", err, {
+        toolName: entry.toolName,
+        tenantId: entry.tenantId?.substring(0, 8)
+      });
+    });
+  }
+};
+var toolExecutionLoggerInstance = null;
+function getToolExecutionLogger(prisma) {
+  if (!toolExecutionLoggerInstance) {
+    if (!prisma) {
+      throw new Error("ToolExecutionLogger not initialized. Call with Prisma client first.");
+    }
+    toolExecutionLoggerInstance = new ToolExecutionLogger(prisma);
+  }
+  return toolExecutionLoggerInstance;
+}
+
 // src/shopify/client.ts
 import "@shopify/shopify-api/adapters/node";
 import { shopifyApi } from "@shopify/shopify-api";
 
 // src/utils/errors.ts
-var sanitizeErrorMessage = sanitizeLogMessage;
+var sanitizeErrorMessage3 = sanitizeLogMessage;
 var ToolError = class _ToolError extends Error {
   /** AI-friendly suggestion for error recovery */
   suggestion;
@@ -1343,8 +2035,8 @@ function extractErrorMessage(error) {
 }
 function createToolError(error, suggestion) {
   const message = extractErrorMessage(error);
-  const safeMessage = sanitizeErrorMessage(message);
-  const safeSuggestion = sanitizeErrorMessage(suggestion);
+  const safeMessage = sanitizeErrorMessage3(message);
+  const safeSuggestion = sanitizeErrorMessage3(suggestion);
   return {
     isError: true,
     content: [
@@ -1787,52 +2479,6 @@ async function validateShopifyToken(shopDomain, accessToken) {
   }
 }
 
-// src/types/context.ts
-import { AsyncLocalStorage } from "async_hooks";
-function createSingleTenantContext(client, shopDomain) {
-  return {
-    client,
-    shopDomain
-    // userId and apiKeyId are undefined in single-tenant mode
-  };
-}
-function createMultiTenantContext(client, shopDomain, tenantId, apiKeyId, allowedShops) {
-  return {
-    client,
-    shopDomain,
-    userId: tenantId,
-    // Map tenantId to userId for compatibility
-    apiKeyId,
-    tenantId,
-    allowedShops
-  };
-}
-var requestContextStorage = new AsyncLocalStorage();
-var fallbackContextStorage = /* @__PURE__ */ new Map();
-function setFallbackContext(key, context) {
-  fallbackContextStorage.set(key, context);
-}
-function clearFallbackContext(key) {
-  fallbackContextStorage.delete(key);
-}
-var currentContextKey;
-function setCurrentContextKey(key) {
-  currentContextKey = key;
-}
-function getRequestContext() {
-  const asyncContext = requestContextStorage.getStore();
-  if (asyncContext) {
-    return asyncContext;
-  }
-  if (currentContextKey) {
-    return fallbackContextStorage.get(currentContextKey);
-  }
-  return void 0;
-}
-function isMultiTenantContext(context) {
-  return "tenantId" in context && typeof context.tenantId === "string";
-}
-
 // src/tools/registration.ts
 var KEBAB_CASE_REGEX = /^[a-z][a-z0-9]*(-[a-z0-9]+)*$/;
 function deriveDefaultAnnotations(name) {
@@ -1888,18 +2534,73 @@ function validateInput(schema, input, toolName) {
   }
   return result.data;
 }
+function logToolExecution(toolName, params, result, status, startTime, error) {
+  let config;
+  try {
+    config = getConfig();
+  } catch {
+    return;
+  }
+  if (!isRemoteMode(config)) {
+    log.debug(`Tool execution logging skipped in local mode: ${toolName}`);
+    return;
+  }
+  const context = getRequestContext();
+  if (!context || !isMultiTenantContext(context)) {
+    log.debug(`Tool execution logging skipped: no multi-tenant context for ${toolName}`);
+    return;
+  }
+  const endTime = performance.now();
+  const durationMs = Math.round(endTime - startTime);
+  const multiTenantContext = context;
+  const hasOAuthClient = !!multiTenantContext.oauthClientId;
+  const clientType = hasOAuthClient ? "oauth_client" : "api_key";
+  let errorClassification;
+  if (typeof status === "object") {
+    errorClassification = status;
+  } else if (error) {
+    errorClassification = classifyError(error);
+  }
+  const entry = {
+    tenantId: multiTenantContext.tenantId,
+    toolName,
+    correlationId: context.correlationId,
+    clientType,
+    apiKeyId: !hasOAuthClient ? multiTenantContext.apiKeyId : void 0,
+    oauthClientId: hasOAuthClient ? multiTenantContext.oauthClientId : void 0,
+    shopDomain: context.shopDomain,
+    inputParams: params,
+    output: result,
+    status: errorClassification ? errorClassification.status : "SUCCESS",
+    errorCode: errorClassification?.errorCode,
+    errorMessage: error instanceof Error ? error.message : error ? String(error) : void 0,
+    durationMs
+  };
+  try {
+    const logger2 = getToolExecutionLogger();
+    logger2.logExecution(entry);
+  } catch (logError) {
+    log.debug(
+      `Tool execution logger not available: ${logError instanceof Error ? logError.message : "unknown"}`
+    );
+  }
+}
 function wrapToolHandler(toolName, schema, handler) {
   return async (params) => {
+    const startTime = performance.now();
     log.debug(`Tool invoked: ${toolName}`);
     try {
       const validatedParams = validateInput(schema, params, toolName);
       const result = await handler(validatedParams);
       log.debug(`Tool ${toolName} completed successfully`);
+      logToolExecution(toolName, params, result, "SUCCESS", startTime);
       return createToolSuccess(result);
     } catch (error) {
       log.error(
         `Tool ${toolName} failed: ${error instanceof Error ? error.message : "Unknown error"}`
       );
+      const errorClass = classifyError(error);
+      logToolExecution(toolName, params, null, errorClass, startTime, error);
       let suggestion;
       if (error instanceof ToolError) {
         suggestion = error.suggestion;
@@ -13981,7 +14682,10 @@ export {
   setCurrentContextKey,
   getRequestContext,
   isMultiTenantContext,
-  sanitizeErrorMessage,
+  initSentry,
+  sentryRequestMiddleware,
+  sentryErrorHandler,
+  sanitizeErrorMessage3 as sanitizeErrorMessage,
   createShopifyClient,
   getShopifyClient,
   validateShopifyToken,
@@ -13994,6 +14698,10 @@ export {
   getStorePolicies,
   getStoreAlerts,
   getStoreInfo,
+  generateCorrelationId,
+  correlationMiddleware,
+  createLogger,
+  flushLogs,
   deriveDefaultAnnotations,
   validateToolName,
   isValidToolName,