@mondaydotcomorg/monday-authorization 3.3.0-feature-bashanye-navigate-can-action-in-scope-to-graph-9ad5fa5 → 3.3.0-feature-bashanye-navigate-can-action-in-scope-to-graph-752f21a

package/DEBUG.md

@@ -0,0 +1,203 @@
+# Debugging @mondaydotcomorg/monday-authorization
+
+This guide explains how to debug the monday-authorization package when it's installed as a dependency in your project.
+
+## 🔧 Setup for Debugging
+
+### 1. Install the Package with Source Files
+
+When you install the package, it includes both compiled JavaScript and TypeScript source files:
+
+```bash
+npm install @mondaydotcomorg/monday-authorization
+```
+
+The package includes:
+
+- `dist/` - Compiled JavaScript with source maps
+- `src/` - Original TypeScript source files
+
+### 2. Configure Your Debugger
+
+#### VS Code Launch Configuration
+
+Create a `.vscode/launch.json` file in your project:
+
+```json
+{
+  "version": "0.2.0",
+  "configurations": [
+    {
+      "name": "Debug Authorization Package",
+      "type": "node",
+      "request": "launch",
+      "program": "${workspaceFolder}/your-main-file.js",
+      "sourceMaps": true,
+      "resolveSourceMapLocations": [
+        "${workspaceFolder}/**",
+        "!**/node_modules/**",
+        "**/node_modules/@mondaydotcomorg/monday-authorization/**"
+      ],
+      "skipFiles": ["<node_internals>/**", "node_modules/**"],
+      "outFiles": ["${workspaceFolder}/node_modules/@mondaydotcomorg/monday-authorization/dist/**/*.js"]
+    }
+  ]
+}
+```
+
+#### WebStorm/IntelliJ IDEA
+
+1. Go to `Run` → `Edit Configurations`
+2. Add a new `Node.js` configuration
+3. Set the JavaScript file to your main application file
+4. In the debugger settings, ensure source maps are enabled
+
+### 3. Enable Debug Logging
+
+The package includes comprehensive debug logging. To see debug logs:
+
+```bash
+# Set environment variable
+export LOG_LEVEL=debug
+
+# Or in your application
+process.env.LOG_LEVEL = 'debug';
+```
+
+### 4. Breakpoints in Source Files
+
+You can set breakpoints directly in the TypeScript source files:
+
+1. Open the source file: `node_modules/@mondaydotcomorg/monday-authorization/src/`
+2. Set breakpoints in the TypeScript code
+3. Your debugger should map them to the running JavaScript
+
+## 🔍 Debug Log Categories
+
+The package logs debug information with these tags:
+
+### Authorization Service (`authorization-service`)
+
+```
+🔍 canActionInScopeMultiple called { accountId, userId, scopedActionsCount }
+📍 Graph API routing feature flag: ENABLED/DISABLED
+🎯 Attempting Graph API authorization
+✅ Graph API authorization successful
+❌ Graph API authorization failed, falling back to Platform API
+🔄 Using Platform API directly (Graph API FF disabled)
+```
+
+### Graph API Client (`graph-api-client`)
+
+```
+🔍 Graph API Debug: Starting request { scopedActionsCount, appName, path, timeout, bodyPayloadKeys }
+✅ Graph API Debug: Request successful { responseKeys, scopedActionsCount }
+❌ Graph API Debug: Request failed { error, status, scopedActionsCount }
+```
+
+### Platform API Client (`platform-api-client`)
+
+```
+🔍 Platform API Debug: Starting request { profile, userId, scopedActionsCount, appName, path }
+✅ Platform API Debug: Request successful { hasResult, resultCount }
+❌ Platform API Debug: Request failed { error, status, profile, userId }
+```
+
+### Authorization Utils (`authorization-utils`)
+
+```
+🔍 Utils Debug: Converting scope to resource { scopeKeys, scopeValues }
+🔍 Utils Debug: Mapped to workspace/board/pulse/etc { resourceId }
+❌ Utils Debug: Unsupported scope provided { scope }
+```
+
+## 🐛 Common Debugging Scenarios
+
+### Graph API 500 Errors
+
+When you see Graph API failures, the logs will show:
+
+1. ✅ Feature flag status (enabled/disabled)
+2. 🎯 API attempt (Graph API first)
+3. ❌ Failure details (error message, status code)
+4. 🔄 Fallback trigger (automatic switch to Platform API)
+5. ✅ Fallback success (Platform API response)
+
+### Scope Mapping Issues
+
+Debug logs show how scopes are converted to resources:
+
+```
+🔍 Utils Debug: Converting scope to resource { scopeKeys: ['boardId'], scopeValues: [123] }
+🔍 Utils Debug: Mapped to board { resourceId: 123 }
+```
+
+### Authorization Flow
+
+Complete flow visibility:
+
+1. **Entry**: `canActionInScopeMultiple called`
+2. **Decision**: Feature flag check
+3. **Attempt**: API selection and request
+4. **Result**: Success/failure with details
+5. **Fallback**: Automatic recovery if needed
+
+## 📊 Source Maps
+
+The package includes source maps for both:
+
+- `dist/index.js.map` - Main CommonJS build
+- `dist/esm/index.mjs.map` - ESM build
+
+These allow your debugger to map the running JavaScript back to the original TypeScript source.
+
+## 🔧 Advanced Debugging
+
+### Custom Logger Configuration
+
+```typescript
+import { logger } from '@mondaydotcomorg/monday-authorization/src/authorization-internal-service';
+
+// Configure custom logging
+logger.level = 'debug';
+```
+
+### Inspecting Authorization Objects
+
+```typescript
+// Add this to your code to inspect authorization calls
+import { AuthorizationService } from '@mondaydotcomorg/monday-authorization';
+
+// Monkey patch for debugging
+const originalCanActionInScopeMultiple = AuthorizationService.canActionInScopeMultiple;
+AuthorizationService.canActionInScopeMultiple = async (...args) => {
+  console.log('🔍 Authorization call:', args);
+  const result = await originalCanActionInScopeMultiple.apply(AuthorizationService, args);
+  console.log('✅ Authorization result:', result);
+  return result;
+};
+```
+
+## 📝 Troubleshooting
+
+### Breakpoints Not Working
+
+1. Ensure source maps are enabled in your debugger
+2. Check that `node_modules/@mondaydotcomorg/monday-authorization/src/` files are accessible
+3. Verify the source map files exist in `dist/`
+
+### Logs Not Showing
+
+1. Set `LOG_LEVEL=debug` environment variable
+2. Check that your logger configuration includes debug level
+3. Look for logs with tags: `authorization-service`, `graph-api-client`, `platform-api-client`, `authorization-utils`
+
+### Source Files Not Found
+
+1. Clear node_modules and reinstall the package
+2. Ensure the package version includes source files
+3. Check that `src/` directory exists in `node_modules/@mondaydotcomorg/monday-authorization/`
+
+---
+
+With these debugging capabilities, you can fully inspect and understand the authorization flow in your applications! 🚀

package/dist/authorization-service.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"authorization-service.d.ts","sourceRoot":"","sources":["../src/authorization-service.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,kBAAkB,EAAE,MAAM,+BAA+B,CAAC;AAGnE,OAAO,EAAmB,YAAY,EAAE,MAAM,6BAA6B,CAAC;AAC5E,OAAO,EAAE,MAAM,EAAE,mBAAmB,EAAE,mBAAmB,EAAE,QAAQ,EAAE,MAAM,iBAAiB,CAAC;AAE7F,OAAO,EACL,YAAY,EACZ,kBAAkB,EAClB,0BAA0B,EAC1B,YAAY,EACb,MAAM,kCAAkC,CAAC;AAe1C,MAAM,WAAW,iBAAiB;IAChC,YAAY,EAAE,OAAO,CAAC;IACtB,eAAe,CAAC,EAAE,MAAM,EAAE,CAAC;IAC3B,mBAAmB,CAAC,EAAE,mBAAmB,EAAE,CAAC;CAC7C;AAED,wBAAgB,sBAAsB,CAAC,wBAAwB,EAAE,kBAAkB,QAElF;AAMD,qBAAa,oBAAoB;IAC/B,MAAM,CAAC,WAAW,CAAC,MAAC;IACpB,MAAM,CAAC,sCAAsC,CAAC,EAAE,MAAM,CAAC;IACvD,MAAM,CAAC,YAAY,CAAC,EAAE,YAAY,CAAC;IAEnC;;;OAGG;WACU,YAAY,CACvB,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,EACd,SAAS,EAAE,QAAQ,EAAE,EACrB,MAAM,EAAE,MAAM,GACb,OAAO,CAAC,iBAAiB,CAAC;WAEhB,YAAY,CACvB,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,EACd,2BAA2B,EAAE,mBAAmB,EAAE,GACjD,OAAO,CAAC,iBAAiB,CAAC;IAY7B;;;OAGG;WACU,wBAAwB,CACnC,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,EACd,WAAW,EAAE,MAAM,EACnB,OAAO,GAAE;QAAE,eAAe,CAAC,EAAE,OAAO,CAAA;KAAO,GAC1C,OAAO,CAAC,OAAO,CAAC;mBAkBE,6BAA6B;IAclD,OAAO,CAAC,MAAM,CAAC,gBAAgB;WAIlB,gBAAgB,CAC3B,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,EACd,MAAM,EAAE,MAAM,EACd,KAAK,EAAE,YAAY,GAClB,OAAO,CAAC,kBAAkB,CAAC;IAM9B,OAAO,CAAC,MAAM,CAAC,UAAU;WAsBZ,wBAAwB,CACnC,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,EACd,aAAa,EAAE,YAAY,EAAE,GAC5B,OAAO,CAAC,0BAA0B,EAAE,CAAC;mBA+DnB,oBAAoB;mBAUpB,oBAAoB;CAoF1C;AAED,wBAAgB,cAAc,CAC5B,MAAM,KAAA,EACN,sCAAsC,GAAE,MAAiD,QAY1F;AAED,wBAAsB,eAAe,kBAMpC;AAED,wBAAgB,yBAAyB,CAAC,SAAS,EAAE,QAAQ,EAAE,EAAE,MAAM,EAAE,MAAM,GAAG,mBAAmB,CAepG"}
+{"version":3,"file":"authorization-service.d.ts","sourceRoot":"","sources":["../src/authorization-service.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,kBAAkB,EAAE,MAAM,+BAA+B,CAAC;AAGnE,OAAO,EAAmB,YAAY,EAAE,MAAM,6BAA6B,CAAC;AAC5E,OAAO,EAAE,MAAM,EAAE,mBAAmB,EAAE,mBAAmB,EAAE,QAAQ,EAAE,MAAM,iBAAiB,CAAC;AAE7F,OAAO,EACL,YAAY,EACZ,kBAAkB,EAClB,0BAA0B,EAC1B,YAAY,EACb,MAAM,kCAAkC,CAAC;AAe1C,MAAM,WAAW,iBAAiB;IAChC,YAAY,EAAE,OAAO,CAAC;IACtB,eAAe,CAAC,EAAE,MAAM,EAAE,CAAC;IAC3B,mBAAmB,CAAC,EAAE,mBAAmB,EAAE,CAAC;CAC7C;AAED,wBAAgB,sBAAsB,CAAC,wBAAwB,EAAE,kBAAkB,QAElF;AAMD,qBAAa,oBAAoB;IAC/B,MAAM,CAAC,WAAW,CAAC,MAAC;IACpB,MAAM,CAAC,sCAAsC,CAAC,EAAE,MAAM,CAAC;IACvD,MAAM,CAAC,YAAY,CAAC,EAAE,YAAY,CAAC;IAEnC;;;OAGG;WACU,YAAY,CACvB,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,EACd,SAAS,EAAE,QAAQ,EAAE,EACrB,MAAM,EAAE,MAAM,GACb,OAAO,CAAC,iBAAiB,CAAC;WAEhB,YAAY,CACvB,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,EACd,2BAA2B,EAAE,mBAAmB,EAAE,GACjD,OAAO,CAAC,iBAAiB,CAAC;IAY7B;;;OAGG;WACU,wBAAwB,CACnC,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,EACd,WAAW,EAAE,MAAM,EACnB,OAAO,GAAE;QAAE,eAAe,CAAC,EAAE,OAAO,CAAA;KAAO,GAC1C,OAAO,CAAC,OAAO,CAAC;mBAkBE,6BAA6B;IAclD,OAAO,CAAC,MAAM,CAAC,gBAAgB;WAIlB,gBAAgB,CAC3B,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,EACd,MAAM,EAAE,MAAM,EACd,KAAK,EAAE,YAAY,GAClB,OAAO,CAAC,kBAAkB,CAAC;IAM9B,OAAO,CAAC,MAAM,CAAC,UAAU;WAsBZ,wBAAwB,CACnC,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,EACd,aAAa,EAAE,YAAY,EAAE,GAC5B,OAAO,CAAC,0BAA0B,EAAE,CAAC;mBA6FnB,oBAAoB;mBAUpB,oBAAoB;CAoF1C;AAED,wBAAgB,cAAc,CAC5B,MAAM,KAAA,EACN,sCAAsC,GAAE,MAAiD,QAY1F;AAED,wBAAsB,eAAe,kBAMpC;AAED,wBAAgB,yBAAyB,CAAC,SAAS,EAAE,QAAQ,EAAE,EAAE,MAAM,EAAE,MAAM,GAAG,mBAAmB,CAepG"}

package/dist/authorization-service.js

@@ -89,15 +89,19 @@ class AuthorizationService {
         return attributionsService.PlatformProfile.INTERNAL;
     }
     static async canActionInScopeMultiple(accountId, userId, scopedActions) {
+        authorizationInternalService.logger.debug({ tag: 'authorization-service', accountId, userId, scopedActionsCount: scopedActions.length }, 'canActionInScopeMultiple called');
         const shouldNavigateToGraph = Boolean(this.igniteClient?.isReleased(NAVIGATE_CAN_ACTION_IN_SCOPE_TO_GRAPH_FF, { accountId, userId }));
+        authorizationInternalService.logger.debug({ tag: 'authorization-service', accountId, userId, shouldNavigateToGraph }, `Graph API routing feature flag: ${shouldNavigateToGraph ? 'ENABLED' : 'DISABLED'}`);
         const internalAuthToken = authorizationInternalService.AuthorizationInternalService.generateInternalAuthToken(accountId, userId);
         const startTime = perf_hooks.performance.now();
         let scopedActionResponseObjects;
         let usedGraphApi = false;
         if (shouldNavigateToGraph) {
+            authorizationInternalService.logger.debug({ tag: 'authorization-service', accountId, userId }, 'Attempting Graph API authorization');
             try {
                 scopedActionResponseObjects = await clients_graphApi_client.GraphApiClient.checkPermissions(internalAuthToken, scopedActions);
                 usedGraphApi = true;
+                authorizationInternalService.logger.debug({ tag: 'authorization-service', accountId, userId, resultCount: scopedActionResponseObjects.length }, 'Graph API authorization successful');
             }
             catch (error) {
                 // Fallback to Platform API if Graph API fails
@@ -107,13 +111,18 @@ class AuthorizationService {
                     accountId,
                     userId,
                 }, 'Graph API authorization failed, falling back to Platform API');
+                authorizationInternalService.logger.debug({ tag: 'authorization-service', accountId, userId }, 'Starting Platform API fallback');
                 const profile = this.getProfile(accountId, userId);
+                authorizationInternalService.logger.debug({ tag: 'authorization-service', accountId, userId, profile }, 'Retrieved Platform API profile for fallback');
                 scopedActionResponseObjects = await clients_platformApi_client.PlatformApiClient.checkPermissions(profile, internalAuthToken, userId, scopedActions);
                 usedGraphApi = false;
+                authorizationInternalService.logger.debug({ tag: 'authorization-service', accountId, userId, resultCount: scopedActionResponseObjects.length }, 'Platform API fallback successful');
             }
         }
         else {
+            authorizationInternalService.logger.debug({ tag: 'authorization-service', accountId, userId }, 'Using Platform API directly (Graph API FF disabled)');
             const profile = this.getProfile(accountId, userId);
+            authorizationInternalService.logger.debug({ tag: 'authorization-service', accountId, userId, profile }, 'Retrieved Platform API profile');
             scopedActionResponseObjects = await clients_platformApi_client.PlatformApiClient.checkPermissions(profile, internalAuthToken, userId, scopedActions);
             usedGraphApi = false;
         }

package/dist/clients/graph-api.client.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"graph-api.client.d.ts","sourceRoot":"","sources":["../../src/clients/graph-api.client.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,YAAY,EAAE,0BAA0B,EAAsB,MAAM,mCAAmC,CAAC;AAGjH,OAAO,EACL,iBAAiB,EACjB,sBAAsB,EAIvB,MAAM,0BAA0B,CAAC;AAMlC;;GAEG;AACH,qBAAa,cAAc;IACzB;;OAEG;IACH,MAAM,CAAC,gBAAgB,CAAC,aAAa,EAAE,YAAY,EAAE,GAAG,iBAAiB;IAyBzE;;OAEG;WACU,gBAAgB,CAC3B,iBAAiB,EAAE,MAAM,EACzB,aAAa,EAAE,YAAY,EAAE,GAC5B,OAAO,CAAC,sBAAsB,CAAC;IAyClC;;OAEG;IACH,MAAM,CAAC,WAAW,CAChB,aAAa,EAAE,YAAY,EAAE,EAC7B,aAAa,EAAE,sBAAsB,GACpC,0BAA0B,EAAE;IAkB/B;;OAEG;WACU,gBAAgB,CAC3B,iBAAiB,EAAE,MAAM,EACzB,aAAa,EAAE,YAAY,EAAE,GAC5B,OAAO,CAAC,0BAA0B,EAAE,CAAC;CAIzC"}
+{"version":3,"file":"graph-api.client.d.ts","sourceRoot":"","sources":["../../src/clients/graph-api.client.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,YAAY,EAAE,0BAA0B,EAAsB,MAAM,mCAAmC,CAAC;AAGjH,OAAO,EACL,iBAAiB,EACjB,sBAAsB,EAIvB,MAAM,0BAA0B,CAAC;AAMlC;;GAEG;AACH,qBAAa,cAAc;IACzB;;OAEG;IACH,MAAM,CAAC,gBAAgB,CAAC,aAAa,EAAE,YAAY,EAAE,GAAG,iBAAiB;IAyBzE;;OAEG;WACU,gBAAgB,CAC3B,iBAAiB,EAAE,MAAM,EACzB,aAAa,EAAE,YAAY,EAAE,GAC5B,OAAO,CAAC,sBAAsB,CAAC;IA0ElC;;OAEG;IACH,MAAM,CAAC,WAAW,CAChB,aAAa,EAAE,YAAY,EAAE,EAC7B,aAAa,EAAE,sBAAsB,GACpC,0BAA0B,EAAE;IAkB/B;;OAEG;WACU,gBAAgB,CAC3B,iBAAiB,EAAE,MAAM,EACzB,aAAa,EAAE,YAAY,EAAE,GAC5B,OAAO,CAAC,0BAA0B,EAAE,CAAC;CAIzC"}

package/dist/clients/graph-api.client.js

@@ -44,6 +44,15 @@ class GraphApiClient {
         const httpClient = tridentBackendApi.Api.getPart('httpClient');
         const attributionHeaders = attributionsService.getAttributionsFromApi();
         const bodyPayload = this.buildRequestBody(scopedActions);
+        authorizationInternalService.logger.debug({
+            tag: 'graph-api-client',
+            scopedActionsCount: scopedActions.length,
+            appName: 'authorization-graph',
+            path: CAN_ACTION_IN_SCOPE_GRAPH_PATH,
+            timeout: authorizationInternalService.AuthorizationInternalService.getRequestTimeout(),
+            retryPolicy: authorizationInternalService.AuthorizationInternalService.getRetriesPolicy(),
+            bodyPayloadKeys: Object.keys(bodyPayload),
+        }, '🔍 Graph API Debug: Starting request');
         try {
             const response = await httpClient.fetch({
                 url: {
@@ -52,7 +61,7 @@ class GraphApiClient {
                 },
                 method: 'POST',
                 headers: {
-                    Authorization: internalAuthToken,
+                    Authorization: internalAuthToken.substring(0, 20) + '...', // Mask token for security
                     'Content-Type': 'application/json',
                     ...attributionHeaders,
                 },
@@ -61,10 +70,21 @@ class GraphApiClient {
                 timeout: authorizationInternalService.AuthorizationInternalService.getRequestTimeout(),
                 retryPolicy: authorizationInternalService.AuthorizationInternalService.getRetriesPolicy(),
             });
+            authorizationInternalService.logger.debug({
+                tag: 'graph-api-client',
+                responseKeys: Object.keys(response),
+                scopedActionsCount: scopedActions.length,
+            }, '✅ Graph API Debug: Request successful');
             prometheusService.setGraphAvailability(true);
             return response;
         }
         catch (err) {
+            authorizationInternalService.logger.debug({
+                tag: 'graph-api-client',
+                error: err instanceof Error ? err.message : String(err),
+                status: err instanceof mondayFetchApi.HttpFetcherError ? err.status : 'unknown',
+                scopedActionsCount: scopedActions.length,
+            }, '❌ Graph API Debug: Request failed');
             prometheusService.setGraphAvailability(false);
             if (err instanceof mondayFetchApi.HttpFetcherError) {
                 authorizationInternalService.AuthorizationInternalService.throwOnHttpError(err.status, 'canActionInScopeMultiple');

package/dist/clients/platform-api.client.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"platform-api.client.d.ts","sourceRoot":"","sources":["../../src/clients/platform-api.client.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,YAAY,EAAE,0BAA0B,EAAE,MAAM,mCAAmC,CAAC;AAE7F,OAAO,EAA0B,eAAe,EAAE,MAAM,yBAAyB,CAAC;AAOlF,KAAK,2BAA2B,GAAG,IAAI,CAAC,YAAY,EAAE,OAAO,CAAC,GAAG;IAC/D,KAAK,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;CAC/B,CAAC;AAEF,UAAU,0BAA0B;IAClC,MAAM,EAAE,0BAA0B,EAAE,CAAC;CACtC;AAED;;GAEG;AACH,qBAAa,iBAAiB;IAC5B;;OAEG;IACH,MAAM,CAAC,mBAAmB,CAAC,aAAa,EAAE,YAAY,EAAE,GAAG,2BAA2B,EAAE;IAOxF;;OAEG;WACU,gBAAgB,CAC3B,OAAO,EAAE,eAAe,EACxB,iBAAiB,EAAE,MAAM,EACzB,MAAM,EAAE,MAAM,EACd,oBAAoB,EAAE,2BAA2B,EAAE,GAClD,OAAO,CAAC,0BAA0B,CAAC;IAuCtC;;OAEG;IACH,MAAM,CAAC,WAAW,CAAC,QAAQ,EAAE,0BAA0B,GAAG,0BAA0B,EAAE;IAkBtF;;OAEG;WACU,gBAAgB,CAC3B,OAAO,EAAE,eAAe,EACxB,iBAAiB,EAAE,MAAM,EACzB,MAAM,EAAE,MAAM,EACd,aAAa,EAAE,YAAY,EAAE,GAC5B,OAAO,CAAC,0BAA0B,EAAE,CAAC;CAKzC"}
+{"version":3,"file":"platform-api.client.d.ts","sourceRoot":"","sources":["../../src/clients/platform-api.client.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,YAAY,EAAE,0BAA0B,EAAE,MAAM,mCAAmC,CAAC;AAE7F,OAAO,EAA0B,eAAe,EAAE,MAAM,yBAAyB,CAAC;AAOlF,KAAK,2BAA2B,GAAG,IAAI,CAAC,YAAY,EAAE,OAAO,CAAC,GAAG;IAC/D,KAAK,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;CAC/B,CAAC;AAEF,UAAU,0BAA0B;IAClC,MAAM,EAAE,0BAA0B,EAAE,CAAC;CACtC;AAED;;GAEG;AACH,qBAAa,iBAAiB;IAC5B;;OAEG;IACH,MAAM,CAAC,mBAAmB,CAAC,aAAa,EAAE,YAAY,EAAE,GAAG,2BAA2B,EAAE;IAOxF;;OAEG;WACU,gBAAgB,CAC3B,OAAO,EAAE,eAAe,EACxB,iBAAiB,EAAE,MAAM,EACzB,MAAM,EAAE,MAAM,EACd,oBAAoB,EAAE,2BAA2B,EAAE,GAClD,OAAO,CAAC,0BAA0B,CAAC;IA2EtC;;OAEG;IACH,MAAM,CAAC,WAAW,CAAC,QAAQ,EAAE,0BAA0B,GAAG,0BAA0B,EAAE;IAkBtF;;OAEG;WACU,gBAAgB,CAC3B,OAAO,EAAE,eAAe,EACxB,iBAAiB,EAAE,MAAM,EACzB,MAAM,EAAE,MAAM,EACd,aAAa,EAAE,YAAY,EAAE,GAC5B,OAAO,CAAC,0BAA0B,EAAE,CAAC;CAKzC"}

package/dist/clients/platform-api.client.js

@@ -27,6 +27,16 @@ class PlatformApiClient {
     static async fetchPermissions(profile, internalAuthToken, userId, scopedActionsPayload) {
         const attributionHeaders = attributionsService.getAttributionsFromApi();
         const httpClient = tridentBackendApi.Api.getPart('httpClient');
+        authorizationInternalService.logger.debug({
+            tag: 'platform-api-client',
+            profile,
+            userId,
+            scopedActionsCount: scopedActionsPayload.length,
+            appName: 'platform',
+            path: PLATFORM_CAN_ACTIONS_IN_SCOPES_PATH,
+            timeout: authorizationInternalService.AuthorizationInternalService.getRequestTimeout(),
+            retryPolicy: authorizationInternalService.AuthorizationInternalService.getRetriesPolicy(),
+        }, '🔍 Platform API Debug: Starting request');
         try {
             const response = await httpClient.fetch({
                 url: {
@@ -36,7 +46,7 @@ class PlatformApiClient {
                 },
                 method: 'POST',
                 headers: {
-                    Authorization: internalAuthToken,
+                    Authorization: internalAuthToken.substring(0, 20) + '...', // Mask token for security
                     'Content-Type': 'application/json',
                     ...attributionHeaders,
                 },
@@ -45,9 +55,22 @@ class PlatformApiClient {
                 timeout: authorizationInternalService.AuthorizationInternalService.getRequestTimeout(),
                 retryPolicy: authorizationInternalService.AuthorizationInternalService.getRetriesPolicy(),
             });
+            authorizationInternalService.logger.debug({
+                tag: 'platform-api-client',
+                hasResult: !!response.result,
+                resultCount: response.result?.length || 0,
+            }, '✅ Platform API Debug: Request successful');
             return response;
         }
         catch (err) {
+            authorizationInternalService.logger.debug({
+                tag: 'platform-api-client',
+                error: err instanceof Error ? err.message : String(err),
+                status: err instanceof mondayFetchApi.HttpFetcherError ? err.status : 'unknown',
+                profile,
+                userId,
+                scopedActionsCount: scopedActionsPayload.length,
+            }, '❌ Platform API Debug: Request failed');
             if (err instanceof mondayFetchApi.HttpFetcherError) {
                 authorizationInternalService.AuthorizationInternalService.throwOnHttpError(err.status, 'canActionInScopeMultiple');
                 prometheusService.incrementAuthorizationError(utils_authorization_utils.scopeToResource(utils_authorization_utils.toCamelCase(scopedActionsPayload[0].scope)).resourceType, scopedActionsPayload[0].action, err.status);

package/dist/esm/authorization-service.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"authorization-service.d.ts","sourceRoot":"","sources":["../../src/authorization-service.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,kBAAkB,EAAE,MAAM,+BAA+B,CAAC;AAGnE,OAAO,EAAmB,YAAY,EAAE,MAAM,6BAA6B,CAAC;AAC5E,OAAO,EAAE,MAAM,EAAE,mBAAmB,EAAE,mBAAmB,EAAE,QAAQ,EAAE,MAAM,iBAAiB,CAAC;AAE7F,OAAO,EACL,YAAY,EACZ,kBAAkB,EAClB,0BAA0B,EAC1B,YAAY,EACb,MAAM,kCAAkC,CAAC;AAe1C,MAAM,WAAW,iBAAiB;IAChC,YAAY,EAAE,OAAO,CAAC;IACtB,eAAe,CAAC,EAAE,MAAM,EAAE,CAAC;IAC3B,mBAAmB,CAAC,EAAE,mBAAmB,EAAE,CAAC;CAC7C;AAED,wBAAgB,sBAAsB,CAAC,wBAAwB,EAAE,kBAAkB,QAElF;AAMD,qBAAa,oBAAoB;IAC/B,MAAM,CAAC,WAAW,CAAC,MAAC;IACpB,MAAM,CAAC,sCAAsC,CAAC,EAAE,MAAM,CAAC;IACvD,MAAM,CAAC,YAAY,CAAC,EAAE,YAAY,CAAC;IAEnC;;;OAGG;WACU,YAAY,CACvB,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,EACd,SAAS,EAAE,QAAQ,EAAE,EACrB,MAAM,EAAE,MAAM,GACb,OAAO,CAAC,iBAAiB,CAAC;WAEhB,YAAY,CACvB,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,EACd,2BAA2B,EAAE,mBAAmB,EAAE,GACjD,OAAO,CAAC,iBAAiB,CAAC;IAY7B;;;OAGG;WACU,wBAAwB,CACnC,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,EACd,WAAW,EAAE,MAAM,EACnB,OAAO,GAAE;QAAE,eAAe,CAAC,EAAE,OAAO,CAAA;KAAO,GAC1C,OAAO,CAAC,OAAO,CAAC;mBAkBE,6BAA6B;IAclD,OAAO,CAAC,MAAM,CAAC,gBAAgB;WAIlB,gBAAgB,CAC3B,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,EACd,MAAM,EAAE,MAAM,EACd,KAAK,EAAE,YAAY,GAClB,OAAO,CAAC,kBAAkB,CAAC;IAM9B,OAAO,CAAC,MAAM,CAAC,UAAU;WAsBZ,wBAAwB,CACnC,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,EACd,aAAa,EAAE,YAAY,EAAE,GAC5B,OAAO,CAAC,0BAA0B,EAAE,CAAC;mBA+DnB,oBAAoB;mBAUpB,oBAAoB;CAoF1C;AAED,wBAAgB,cAAc,CAC5B,MAAM,KAAA,EACN,sCAAsC,GAAE,MAAiD,QAY1F;AAED,wBAAsB,eAAe,kBAMpC;AAED,wBAAgB,yBAAyB,CAAC,SAAS,EAAE,QAAQ,EAAE,EAAE,MAAM,EAAE,MAAM,GAAG,mBAAmB,CAepG"}
+{"version":3,"file":"authorization-service.d.ts","sourceRoot":"","sources":["../../src/authorization-service.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,kBAAkB,EAAE,MAAM,+BAA+B,CAAC;AAGnE,OAAO,EAAmB,YAAY,EAAE,MAAM,6BAA6B,CAAC;AAC5E,OAAO,EAAE,MAAM,EAAE,mBAAmB,EAAE,mBAAmB,EAAE,QAAQ,EAAE,MAAM,iBAAiB,CAAC;AAE7F,OAAO,EACL,YAAY,EACZ,kBAAkB,EAClB,0BAA0B,EAC1B,YAAY,EACb,MAAM,kCAAkC,CAAC;AAe1C,MAAM,WAAW,iBAAiB;IAChC,YAAY,EAAE,OAAO,CAAC;IACtB,eAAe,CAAC,EAAE,MAAM,EAAE,CAAC;IAC3B,mBAAmB,CAAC,EAAE,mBAAmB,EAAE,CAAC;CAC7C;AAED,wBAAgB,sBAAsB,CAAC,wBAAwB,EAAE,kBAAkB,QAElF;AAMD,qBAAa,oBAAoB;IAC/B,MAAM,CAAC,WAAW,CAAC,MAAC;IACpB,MAAM,CAAC,sCAAsC,CAAC,EAAE,MAAM,CAAC;IACvD,MAAM,CAAC,YAAY,CAAC,EAAE,YAAY,CAAC;IAEnC;;;OAGG;WACU,YAAY,CACvB,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,EACd,SAAS,EAAE,QAAQ,EAAE,EACrB,MAAM,EAAE,MAAM,GACb,OAAO,CAAC,iBAAiB,CAAC;WAEhB,YAAY,CACvB,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,EACd,2BAA2B,EAAE,mBAAmB,EAAE,GACjD,OAAO,CAAC,iBAAiB,CAAC;IAY7B;;;OAGG;WACU,wBAAwB,CACnC,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,EACd,WAAW,EAAE,MAAM,EACnB,OAAO,GAAE;QAAE,eAAe,CAAC,EAAE,OAAO,CAAA;KAAO,GAC1C,OAAO,CAAC,OAAO,CAAC;mBAkBE,6BAA6B;IAclD,OAAO,CAAC,MAAM,CAAC,gBAAgB;WAIlB,gBAAgB,CAC3B,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,EACd,MAAM,EAAE,MAAM,EACd,KAAK,EAAE,YAAY,GAClB,OAAO,CAAC,kBAAkB,CAAC;IAM9B,OAAO,CAAC,MAAM,CAAC,UAAU;WAsBZ,wBAAwB,CACnC,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,EACd,aAAa,EAAE,YAAY,EAAE,GAC5B,OAAO,CAAC,0BAA0B,EAAE,CAAC;mBA6FnB,oBAAoB;mBAUpB,oBAAoB;CAoF1C;AAED,wBAAgB,cAAc,CAC5B,MAAM,KAAA,EACN,sCAAsC,GAAE,MAAiD,QAY1F;AAED,wBAAsB,eAAe,kBAMpC;AAED,wBAAgB,yBAAyB,CAAC,SAAS,EAAE,QAAQ,EAAE,EAAE,MAAM,EAAE,MAAM,GAAG,mBAAmB,CAepG"}

package/dist/esm/authorization-service.mjs

@@ -87,15 +87,19 @@ class AuthorizationService {
         return PlatformProfile.INTERNAL;
     }
     static async canActionInScopeMultiple(accountId, userId, scopedActions) {
+        logger.debug({ tag: 'authorization-service', accountId, userId, scopedActionsCount: scopedActions.length }, 'canActionInScopeMultiple called');
         const shouldNavigateToGraph = Boolean(this.igniteClient?.isReleased(NAVIGATE_CAN_ACTION_IN_SCOPE_TO_GRAPH_FF, { accountId, userId }));
+        logger.debug({ tag: 'authorization-service', accountId, userId, shouldNavigateToGraph }, `Graph API routing feature flag: ${shouldNavigateToGraph ? 'ENABLED' : 'DISABLED'}`);
         const internalAuthToken = AuthorizationInternalService.generateInternalAuthToken(accountId, userId);
         const startTime = performance.now();
         let scopedActionResponseObjects;
         let usedGraphApi = false;
         if (shouldNavigateToGraph) {
+            logger.debug({ tag: 'authorization-service', accountId, userId }, 'Attempting Graph API authorization');
             try {
                 scopedActionResponseObjects = await GraphApiClient.checkPermissions(internalAuthToken, scopedActions);
                 usedGraphApi = true;
+                logger.debug({ tag: 'authorization-service', accountId, userId, resultCount: scopedActionResponseObjects.length }, 'Graph API authorization successful');
             }
             catch (error) {
                 // Fallback to Platform API if Graph API fails
@@ -105,13 +109,18 @@ class AuthorizationService {
                     accountId,
                     userId,
                 }, 'Graph API authorization failed, falling back to Platform API');
+                logger.debug({ tag: 'authorization-service', accountId, userId }, 'Starting Platform API fallback');
                 const profile = this.getProfile(accountId, userId);
+                logger.debug({ tag: 'authorization-service', accountId, userId, profile }, 'Retrieved Platform API profile for fallback');
                 scopedActionResponseObjects = await PlatformApiClient.checkPermissions(profile, internalAuthToken, userId, scopedActions);
                 usedGraphApi = false;
+                logger.debug({ tag: 'authorization-service', accountId, userId, resultCount: scopedActionResponseObjects.length }, 'Platform API fallback successful');
             }
         }
         else {
+            logger.debug({ tag: 'authorization-service', accountId, userId }, 'Using Platform API directly (Graph API FF disabled)');
             const profile = this.getProfile(accountId, userId);
+            logger.debug({ tag: 'authorization-service', accountId, userId, profile }, 'Retrieved Platform API profile');
             scopedActionResponseObjects = await PlatformApiClient.checkPermissions(profile, internalAuthToken, userId, scopedActions);
             usedGraphApi = false;
         }

package/dist/esm/clients/graph-api.client.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"graph-api.client.d.ts","sourceRoot":"","sources":["../../../src/clients/graph-api.client.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,YAAY,EAAE,0BAA0B,EAAsB,MAAM,mCAAmC,CAAC;AAGjH,OAAO,EACL,iBAAiB,EACjB,sBAAsB,EAIvB,MAAM,0BAA0B,CAAC;AAMlC;;GAEG;AACH,qBAAa,cAAc;IACzB;;OAEG;IACH,MAAM,CAAC,gBAAgB,CAAC,aAAa,EAAE,YAAY,EAAE,GAAG,iBAAiB;IAyBzE;;OAEG;WACU,gBAAgB,CAC3B,iBAAiB,EAAE,MAAM,EACzB,aAAa,EAAE,YAAY,EAAE,GAC5B,OAAO,CAAC,sBAAsB,CAAC;IAyClC;;OAEG;IACH,MAAM,CAAC,WAAW,CAChB,aAAa,EAAE,YAAY,EAAE,EAC7B,aAAa,EAAE,sBAAsB,GACpC,0BAA0B,EAAE;IAkB/B;;OAEG;WACU,gBAAgB,CAC3B,iBAAiB,EAAE,MAAM,EACzB,aAAa,EAAE,YAAY,EAAE,GAC5B,OAAO,CAAC,0BAA0B,EAAE,CAAC;CAIzC"}
+{"version":3,"file":"graph-api.client.d.ts","sourceRoot":"","sources":["../../../src/clients/graph-api.client.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,YAAY,EAAE,0BAA0B,EAAsB,MAAM,mCAAmC,CAAC;AAGjH,OAAO,EACL,iBAAiB,EACjB,sBAAsB,EAIvB,MAAM,0BAA0B,CAAC;AAMlC;;GAEG;AACH,qBAAa,cAAc;IACzB;;OAEG;IACH,MAAM,CAAC,gBAAgB,CAAC,aAAa,EAAE,YAAY,EAAE,GAAG,iBAAiB;IAyBzE;;OAEG;WACU,gBAAgB,CAC3B,iBAAiB,EAAE,MAAM,EACzB,aAAa,EAAE,YAAY,EAAE,GAC5B,OAAO,CAAC,sBAAsB,CAAC;IA0ElC;;OAEG;IACH,MAAM,CAAC,WAAW,CAChB,aAAa,EAAE,YAAY,EAAE,EAC7B,aAAa,EAAE,sBAAsB,GACpC,0BAA0B,EAAE;IAkB/B;;OAEG;WACU,gBAAgB,CAC3B,iBAAiB,EAAE,MAAM,EACzB,aAAa,EAAE,YAAY,EAAE,GAC5B,OAAO,CAAC,0BAA0B,EAAE,CAAC;CAIzC"}

package/dist/esm/clients/graph-api.client.mjs

@@ -1,6 +1,6 @@
 import { Api } from '@mondaydotcomorg/trident-backend-api';
 import { HttpFetcherError } from '@mondaydotcomorg/monday-fetch-api';
-import { AuthorizationInternalService } from '../authorization-internal-service.mjs';
+import { logger, AuthorizationInternalService } from '../authorization-internal-service.mjs';
 import { getAttributionsFromApi } from '../attributions-service.mjs';
 import { scopeToResource } from '../utils/authorization.utils.mjs';
 import { setGraphAvailability, incrementAuthorizationError } from '../prometheus-service.mjs';
@@ -42,6 +42,15 @@ class GraphApiClient {
         const httpClient = Api.getPart('httpClient');
         const attributionHeaders = getAttributionsFromApi();
         const bodyPayload = this.buildRequestBody(scopedActions);
+        logger.debug({
+            tag: 'graph-api-client',
+            scopedActionsCount: scopedActions.length,
+            appName: 'authorization-graph',
+            path: CAN_ACTION_IN_SCOPE_GRAPH_PATH,
+            timeout: AuthorizationInternalService.getRequestTimeout(),
+            retryPolicy: AuthorizationInternalService.getRetriesPolicy(),
+            bodyPayloadKeys: Object.keys(bodyPayload),
+        }, '🔍 Graph API Debug: Starting request');
         try {
             const response = await httpClient.fetch({
                 url: {
@@ -50,7 +59,7 @@ class GraphApiClient {
                 },
                 method: 'POST',
                 headers: {
-                    Authorization: internalAuthToken,
+                    Authorization: internalAuthToken.substring(0, 20) + '...', // Mask token for security
                     'Content-Type': 'application/json',
                     ...attributionHeaders,
                 },
@@ -59,10 +68,21 @@ class GraphApiClient {
                 timeout: AuthorizationInternalService.getRequestTimeout(),
                 retryPolicy: AuthorizationInternalService.getRetriesPolicy(),
             });
+            logger.debug({
+                tag: 'graph-api-client',
+                responseKeys: Object.keys(response),
+                scopedActionsCount: scopedActions.length,
+            }, '✅ Graph API Debug: Request successful');
             setGraphAvailability(true);
             return response;
         }
         catch (err) {
+            logger.debug({
+                tag: 'graph-api-client',
+                error: err instanceof Error ? err.message : String(err),
+                status: err instanceof HttpFetcherError ? err.status : 'unknown',
+                scopedActionsCount: scopedActions.length,
+            }, '❌ Graph API Debug: Request failed');
             setGraphAvailability(false);
             if (err instanceof HttpFetcherError) {
                 AuthorizationInternalService.throwOnHttpError(err.status, 'canActionInScopeMultiple');

package/dist/esm/clients/platform-api.client.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"platform-api.client.d.ts","sourceRoot":"","sources":["../../../src/clients/platform-api.client.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,YAAY,EAAE,0BAA0B,EAAE,MAAM,mCAAmC,CAAC;AAE7F,OAAO,EAA0B,eAAe,EAAE,MAAM,yBAAyB,CAAC;AAOlF,KAAK,2BAA2B,GAAG,IAAI,CAAC,YAAY,EAAE,OAAO,CAAC,GAAG;IAC/D,KAAK,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;CAC/B,CAAC;AAEF,UAAU,0BAA0B;IAClC,MAAM,EAAE,0BAA0B,EAAE,CAAC;CACtC;AAED;;GAEG;AACH,qBAAa,iBAAiB;IAC5B;;OAEG;IACH,MAAM,CAAC,mBAAmB,CAAC,aAAa,EAAE,YAAY,EAAE,GAAG,2BAA2B,EAAE;IAOxF;;OAEG;WACU,gBAAgB,CAC3B,OAAO,EAAE,eAAe,EACxB,iBAAiB,EAAE,MAAM,EACzB,MAAM,EAAE,MAAM,EACd,oBAAoB,EAAE,2BAA2B,EAAE,GAClD,OAAO,CAAC,0BAA0B,CAAC;IAuCtC;;OAEG;IACH,MAAM,CAAC,WAAW,CAAC,QAAQ,EAAE,0BAA0B,GAAG,0BAA0B,EAAE;IAkBtF;;OAEG;WACU,gBAAgB,CAC3B,OAAO,EAAE,eAAe,EACxB,iBAAiB,EAAE,MAAM,EACzB,MAAM,EAAE,MAAM,EACd,aAAa,EAAE,YAAY,EAAE,GAC5B,OAAO,CAAC,0BAA0B,EAAE,CAAC;CAKzC"}
+{"version":3,"file":"platform-api.client.d.ts","sourceRoot":"","sources":["../../../src/clients/platform-api.client.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,YAAY,EAAE,0BAA0B,EAAE,MAAM,mCAAmC,CAAC;AAE7F,OAAO,EAA0B,eAAe,EAAE,MAAM,yBAAyB,CAAC;AAOlF,KAAK,2BAA2B,GAAG,IAAI,CAAC,YAAY,EAAE,OAAO,CAAC,GAAG;IAC/D,KAAK,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;CAC/B,CAAC;AAEF,UAAU,0BAA0B;IAClC,MAAM,EAAE,0BAA0B,EAAE,CAAC;CACtC;AAED;;GAEG;AACH,qBAAa,iBAAiB;IAC5B;;OAEG;IACH,MAAM,CAAC,mBAAmB,CAAC,aAAa,EAAE,YAAY,EAAE,GAAG,2BAA2B,EAAE;IAOxF;;OAEG;WACU,gBAAgB,CAC3B,OAAO,EAAE,eAAe,EACxB,iBAAiB,EAAE,MAAM,EACzB,MAAM,EAAE,MAAM,EACd,oBAAoB,EAAE,2BAA2B,EAAE,GAClD,OAAO,CAAC,0BAA0B,CAAC;IA2EtC;;OAEG;IACH,MAAM,CAAC,WAAW,CAAC,QAAQ,EAAE,0BAA0B,GAAG,0BAA0B,EAAE;IAkBtF;;OAEG;WACU,gBAAgB,CAC3B,OAAO,EAAE,eAAe,EACxB,iBAAiB,EAAE,MAAM,EACzB,MAAM,EAAE,MAAM,EACd,aAAa,EAAE,YAAY,EAAE,GAC5B,OAAO,CAAC,0BAA0B,EAAE,CAAC;CAKzC"}

package/dist/esm/clients/platform-api.client.mjs

@@ -1,6 +1,6 @@
 import { Api } from '@mondaydotcomorg/trident-backend-api';
 import { HttpFetcherError } from '@mondaydotcomorg/monday-fetch-api';
-import { AuthorizationInternalService, logger } from '../authorization-internal-service.mjs';
+import { logger, AuthorizationInternalService } from '../authorization-internal-service.mjs';
 import { getAttributionsFromApi } from '../attributions-service.mjs';
 import { toSnakeCase, scopeToResource, toCamelCase } from '../utils/authorization.utils.mjs';
 import { incrementAuthorizationError } from '../prometheus-service.mjs';
@@ -25,6 +25,16 @@ class PlatformApiClient {
     static async fetchPermissions(profile, internalAuthToken, userId, scopedActionsPayload) {
         const attributionHeaders = getAttributionsFromApi();
         const httpClient = Api.getPart('httpClient');
+        logger.debug({
+            tag: 'platform-api-client',
+            profile,
+            userId,
+            scopedActionsCount: scopedActionsPayload.length,
+            appName: 'platform',
+            path: PLATFORM_CAN_ACTIONS_IN_SCOPES_PATH,
+            timeout: AuthorizationInternalService.getRequestTimeout(),
+            retryPolicy: AuthorizationInternalService.getRetriesPolicy(),
+        }, '🔍 Platform API Debug: Starting request');
         try {
             const response = await httpClient.fetch({
                 url: {
@@ -34,7 +44,7 @@ class PlatformApiClient {
                 },
                 method: 'POST',
                 headers: {
-                    Authorization: internalAuthToken,
+                    Authorization: internalAuthToken.substring(0, 20) + '...', // Mask token for security
                     'Content-Type': 'application/json',
                     ...attributionHeaders,
                 },
@@ -43,9 +53,22 @@ class PlatformApiClient {
                 timeout: AuthorizationInternalService.getRequestTimeout(),
                 retryPolicy: AuthorizationInternalService.getRetriesPolicy(),
             });
+            logger.debug({
+                tag: 'platform-api-client',
+                hasResult: !!response.result,
+                resultCount: response.result?.length || 0,
+            }, '✅ Platform API Debug: Request successful');
             return response;
         }
         catch (err) {
+            logger.debug({
+                tag: 'platform-api-client',
+                error: err instanceof Error ? err.message : String(err),
+                status: err instanceof HttpFetcherError ? err.status : 'unknown',
+                profile,
+                userId,
+                scopedActionsCount: scopedActionsPayload.length,
+            }, '❌ Platform API Debug: Request failed');
             if (err instanceof HttpFetcherError) {
                 AuthorizationInternalService.throwOnHttpError(err.status, 'canActionInScopeMultiple');
                 incrementAuthorizationError(scopeToResource(toCamelCase(scopedActionsPayload[0].scope)).resourceType, scopedActionsPayload[0].action, err.status);

package/dist/esm/utils/authorization.utils.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"authorization.utils.d.ts","sourceRoot":"","sources":["../../../src/utils/authorization.utils.ts"],"names":[],"mappings":"AAGA,OAAO,EAAE,YAAY,EAAE,MAAM,mCAAmC,CAAC;AACjE,OAAO,EAAE,YAAY,EAAE,UAAU,EAAE,MAAM,0BAA0B,CAAC;AAEpE,MAAM,MAAM,SAAS,CAAC,CAAC,SAAS,MAAM,IAAI,CAAC,SAAS,GAAG,MAAM,CAAC,IAAI,MAAM,CAAC,EAAE,GAAG,GAAG,CAAC,GAAG,UAAU,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC;AACpH,MAAM,MAAM,aAAa,CAAC,CAAC,IAAI,CAAC,SAAS,MAAM,GAC3C;KAAG,CAAC,IAAI,MAAM,CAAC,IAAI,CAAC,SAAS,MAAM,GAAG,SAAS,CAAC,CAAC,CAAC,GAAG,CAAC,GAAG,aAAa,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;CAAE,GAC9E,CAAC,CAAC;AAEN;;GAEG;AACH,wBAAgB,eAAe,CAAC,KAAK,EAAE,YAAY,GAAG;IAAE,YAAY,EAAE,YAAY,CAAC;IAAC,UAAU,EAAE,UAAU,CAAA;CAAE,CAiB3G;AAED;;GAEG;AACH,wBAAgB,WAAW,CAAC,CAAC,SAAS,MAAM,EAAE,GAAG,EAAE,CAAC,GAAG,aAAa,CAAC,CAAC,CAAC,CAEtE;AAED;;GAEG;AACH,wBAAgB,WAAW,CAAC,CAAC,SAAS,MAAM,EAAE,GAAG,EAAE,CAAC,GAAG,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,CAEzE"}
+{"version":3,"file":"authorization.utils.d.ts","sourceRoot":"","sources":["../../../src/utils/authorization.utils.ts"],"names":[],"mappings":"AAGA,OAAO,EAAE,YAAY,EAAE,MAAM,mCAAmC,CAAC;AACjE,OAAO,EAAE,YAAY,EAAE,UAAU,EAAE,MAAM,0BAA0B,CAAC;AAGpE,MAAM,MAAM,SAAS,CAAC,CAAC,SAAS,MAAM,IAAI,CAAC,SAAS,GAAG,MAAM,CAAC,IAAI,MAAM,CAAC,EAAE,GAAG,GAAG,CAAC,GAAG,UAAU,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC;AACpH,MAAM,MAAM,aAAa,CAAC,CAAC,IAAI,CAAC,SAAS,MAAM,GAC3C;KAAG,CAAC,IAAI,MAAM,CAAC,IAAI,CAAC,SAAS,MAAM,GAAG,SAAS,CAAC,CAAC,CAAC,GAAG,CAAC,GAAG,aAAa,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;CAAE,GAC9E,CAAC,CAAC;AAEN;;GAEG;AACH,wBAAgB,eAAe,CAAC,KAAK,EAAE,YAAY,GAAG;IAAE,YAAY,EAAE,YAAY,CAAC;IAAC,UAAU,EAAE,UAAU,CAAA;CAAE,CAoC3G;AAED;;GAEG;AACH,wBAAgB,WAAW,CAAC,CAAC,SAAS,MAAM,EAAE,GAAG,EAAE,CAAC,GAAG,aAAa,CAAC,CAAC,CAAC,CAEtE;AAED;;GAEG;AACH,wBAAgB,WAAW,CAAC,CAAC,SAAS,MAAM,EAAE,GAAG,EAAE,CAAC,GAAG,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,CAEzE"}

package/dist/esm/utils/authorization.utils.mjs

@@ -1,26 +1,38 @@
 import snakeCase from 'lodash/snakeCase.js';
 import camelCase from 'lodash/camelCase.js';
 import mapKeys from 'lodash/mapKeys.js';
+import { logger } from '../authorization-internal-service.mjs';
 
 /**
  * Converts a scope object to resource type and resource ID
  */
 function scopeToResource(scope) {
+    logger.debug({
+        tag: 'authorization-utils',
+        scopeKeys: Object.keys(scope),
+        scopeValues: Object.values(scope),
+    }, '🔍 Utils Debug: Converting scope to resource');
     if ('workspaceId' in scope) {
+        logger.debug({ tag: 'authorization-utils', resourceId: scope.workspaceId }, '🔍 Utils Debug: Mapped to workspace');
         return { resourceType: 'workspace', resourceId: scope.workspaceId };
     }
     if ('boardId' in scope) {
+        logger.debug({ tag: 'authorization-utils', resourceId: scope.boardId }, '🔍 Utils Debug: Mapped to board');
         return { resourceType: 'board', resourceId: scope.boardId };
     }
     if ('pulseId' in scope) {
+        logger.debug({ tag: 'authorization-utils', resourceId: scope.pulseId }, '🔍 Utils Debug: Mapped to pulse');
         return { resourceType: 'pulse', resourceId: scope.pulseId };
     }
     if ('accountProductId' in scope) {
+        logger.debug({ tag: 'authorization-utils', resourceId: scope.accountProductId }, '🔍 Utils Debug: Mapped to account_product');
         return { resourceType: 'account_product', resourceId: scope.accountProductId };
     }
     if ('accountId' in scope) {
+        logger.debug({ tag: 'authorization-utils', resourceId: scope.accountId }, '🔍 Utils Debug: Mapped to account');
         return { resourceType: 'account', resourceId: scope.accountId };
     }
+    logger.debug({ tag: 'authorization-utils', scope }, '❌ Utils Debug: Unsupported scope provided');
     throw new Error('Unsupported scope provided');
 }
 /**

package/dist/utils/authorization.utils.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"authorization.utils.d.ts","sourceRoot":"","sources":["../../src/utils/authorization.utils.ts"],"names":[],"mappings":"AAGA,OAAO,EAAE,YAAY,EAAE,MAAM,mCAAmC,CAAC;AACjE,OAAO,EAAE,YAAY,EAAE,UAAU,EAAE,MAAM,0BAA0B,CAAC;AAEpE,MAAM,MAAM,SAAS,CAAC,CAAC,SAAS,MAAM,IAAI,CAAC,SAAS,GAAG,MAAM,CAAC,IAAI,MAAM,CAAC,EAAE,GAAG,GAAG,CAAC,GAAG,UAAU,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC;AACpH,MAAM,MAAM,aAAa,CAAC,CAAC,IAAI,CAAC,SAAS,MAAM,GAC3C;KAAG,CAAC,IAAI,MAAM,CAAC,IAAI,CAAC,SAAS,MAAM,GAAG,SAAS,CAAC,CAAC,CAAC,GAAG,CAAC,GAAG,aAAa,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;CAAE,GAC9E,CAAC,CAAC;AAEN;;GAEG;AACH,wBAAgB,eAAe,CAAC,KAAK,EAAE,YAAY,GAAG;IAAE,YAAY,EAAE,YAAY,CAAC;IAAC,UAAU,EAAE,UAAU,CAAA;CAAE,CAiB3G;AAED;;GAEG;AACH,wBAAgB,WAAW,CAAC,CAAC,SAAS,MAAM,EAAE,GAAG,EAAE,CAAC,GAAG,aAAa,CAAC,CAAC,CAAC,CAEtE;AAED;;GAEG;AACH,wBAAgB,WAAW,CAAC,CAAC,SAAS,MAAM,EAAE,GAAG,EAAE,CAAC,GAAG,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,CAEzE"}
+{"version":3,"file":"authorization.utils.d.ts","sourceRoot":"","sources":["../../src/utils/authorization.utils.ts"],"names":[],"mappings":"AAGA,OAAO,EAAE,YAAY,EAAE,MAAM,mCAAmC,CAAC;AACjE,OAAO,EAAE,YAAY,EAAE,UAAU,EAAE,MAAM,0BAA0B,CAAC;AAGpE,MAAM,MAAM,SAAS,CAAC,CAAC,SAAS,MAAM,IAAI,CAAC,SAAS,GAAG,MAAM,CAAC,IAAI,MAAM,CAAC,EAAE,GAAG,GAAG,CAAC,GAAG,UAAU,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC;AACpH,MAAM,MAAM,aAAa,CAAC,CAAC,IAAI,CAAC,SAAS,MAAM,GAC3C;KAAG,CAAC,IAAI,MAAM,CAAC,IAAI,CAAC,SAAS,MAAM,GAAG,SAAS,CAAC,CAAC,CAAC,GAAG,CAAC,GAAG,aAAa,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;CAAE,GAC9E,CAAC,CAAC;AAEN;;GAEG;AACH,wBAAgB,eAAe,CAAC,KAAK,EAAE,YAAY,GAAG;IAAE,YAAY,EAAE,YAAY,CAAC;IAAC,UAAU,EAAE,UAAU,CAAA;CAAE,CAoC3G;AAED;;GAEG;AACH,wBAAgB,WAAW,CAAC,CAAC,SAAS,MAAM,EAAE,GAAG,EAAE,CAAC,GAAG,aAAa,CAAC,CAAC,CAAC,CAEtE;AAED;;GAEG;AACH,wBAAgB,WAAW,CAAC,CAAC,SAAS,MAAM,EAAE,GAAG,EAAE,CAAC,GAAG,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,CAEzE"}

package/dist/utils/authorization.utils.js

@@ -3,6 +3,7 @@ Object.defineProperty(exports, Symbol.toStringTag, { value: 'Module' });
 const snakeCase = require('lodash/snakeCase.js');
 const camelCase = require('lodash/camelCase.js');
 const mapKeys = require('lodash/mapKeys.js');
+const authorizationInternalService = require('../authorization-internal-service.js');
 
 const _interopDefault = e => e && e.__esModule ? e : { default: e };
 
@@ -14,21 +15,32 @@ const mapKeys__default = /*#__PURE__*/_interopDefault(mapKeys);
  * Converts a scope object to resource type and resource ID
  */
 function scopeToResource(scope) {
+    authorizationInternalService.logger.debug({
+        tag: 'authorization-utils',
+        scopeKeys: Object.keys(scope),
+        scopeValues: Object.values(scope),
+    }, '🔍 Utils Debug: Converting scope to resource');
     if ('workspaceId' in scope) {
+        authorizationInternalService.logger.debug({ tag: 'authorization-utils', resourceId: scope.workspaceId }, '🔍 Utils Debug: Mapped to workspace');
         return { resourceType: 'workspace', resourceId: scope.workspaceId };
     }
     if ('boardId' in scope) {
+        authorizationInternalService.logger.debug({ tag: 'authorization-utils', resourceId: scope.boardId }, '🔍 Utils Debug: Mapped to board');
         return { resourceType: 'board', resourceId: scope.boardId };
     }
     if ('pulseId' in scope) {
+        authorizationInternalService.logger.debug({ tag: 'authorization-utils', resourceId: scope.pulseId }, '🔍 Utils Debug: Mapped to pulse');
         return { resourceType: 'pulse', resourceId: scope.pulseId };
     }
     if ('accountProductId' in scope) {
+        authorizationInternalService.logger.debug({ tag: 'authorization-utils', resourceId: scope.accountProductId }, '🔍 Utils Debug: Mapped to account_product');
         return { resourceType: 'account_product', resourceId: scope.accountProductId };
     }
     if ('accountId' in scope) {
+        authorizationInternalService.logger.debug({ tag: 'authorization-utils', resourceId: scope.accountId }, '🔍 Utils Debug: Mapped to account');
         return { resourceType: 'account', resourceId: scope.accountId };
     }
+    authorizationInternalService.logger.debug({ tag: 'authorization-utils', scope }, '❌ Utils Debug: Unsupported scope provided');
     throw new Error('Unsupported scope provided');
 }
 /**