@optimizely-opal/opal-tool-ocp-sdk 0.0.0-beta.11 → 0.0.0-beta.13

package/dist/auth/TokenVerifier.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"TokenVerifier.d.ts","sourceRoot":"","sources":["../../src/auth/TokenVerifier.ts"],"names":[],"mappings":"AAkCA,qBAAa,aAAa;IACxB,OAAO,CAAC,MAAM,CAAC,QAAQ,CAA8B;IACrD,OAAO,CAAC,OAAO,CAAC,CAAS;IACzB,OAAO,CAAC,MAAM,CAAC,CAAS;IACxB,OAAO,CAAC,IAAI,CAAC,CAAwC;IACrD,OAAO,CAAC,WAAW,CAAkB;IAErC;;;;;OAKG;IACU,MAAM,CAAC,KAAK,EAAE,MAAM,GAAG,SAAS,GAAG,OAAO,CAAC,OAAO,CAAC;IAQhE,OAAO,CAAC,MAAM,CAAC,WAAW;IAO1B;;;OAGG;WACiB,sBAAsB,IAAI,OAAO,CAAC,aAAa,CAAC;IAQpE;;OAEG;YACW,UAAU;IAyBxB;;OAEG;YACW,sBAAsB;YAetB,WAAW;CAsB1B;AAED,eAAO,MAAM,gBAAgB,QAAa,OAAO,CAAC,aAAa,CAA2C,CAAC"}

package/dist/auth/TokenVerifier.js

@@ -0,0 +1,127 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.getTokenVerifier = exports.TokenVerifier = void 0;
+const jose_1 = require("jose");
+const app_sdk_1 = require("@zaiusinc/app-sdk");
+/**
+ * Default JWKS cache expiration time in milliseconds (1 hour)
+ */
+const DEFAULT_JWKS_EXPIRES_IN = 60 * 60 * 1000;
+/**
+ * Default clock skew tolerance in seconds
+ */
+const DEFAULT_LEEWAY = 30;
+/**
+ * Expected JWT audience for token validation
+ */
+const AUDIENCE = 'api://default';
+/**
+ * Prep Base URL for Optimizely OAuth2 endpoints
+ */
+const PREP_BASE_URL = 'https://prep.login.optimizely.com/oauth2/default';
+/**
+ * Prod Base URL for Optimizely OAuth2 endpoints
+ */
+const PROD_BASE_URL = 'https://login.optimizely.com/oauth2/default';
+class TokenVerifier {
+    static instance = null;
+    jwksUri;
+    issuer;
+    jwks;
+    initialized = false;
+    /**
+     * Verify the provided Optimizely JWT token string
+     * @param token JWT token string to verify
+     * @returns boolean true if verification successful, false otherwise
+     * @throws Error if token is null, empty, or verifier is not properly configured
+     */
+    async verify(token) {
+        if (!token || token.trim().length === 0) {
+            throw new Error('Token cannot be null or empty');
+        }
+        return this.verifyToken(token);
+    }
+    static getInstance() {
+        if (!TokenVerifier.instance) {
+            TokenVerifier.instance = new TokenVerifier();
+        }
+        return TokenVerifier.instance;
+    }
+    /**
+     * Get singleton instance of TokenVerifier and ensure it's initialized
+     * @returns Promise<TokenVerifier> - initialized singleton instance
+     */
+    static async getInitializedInstance() {
+        const instance = TokenVerifier.getInstance();
+        if (!instance.initialized) {
+            await instance.initialize();
+        }
+        return instance;
+    }
+    /**
+     * Initialize the TokenVerifier with discovery document from well-known endpoint
+     */
+    async initialize() {
+        if (this.initialized) {
+            return;
+        }
+        try {
+            // Use prep URL when environment variable is set to 'staging', otherwise use prod
+            const environment = process.env.ENVIRONMENT || 'production';
+            const baseUrl = environment === 'staging' ? PREP_BASE_URL : PROD_BASE_URL;
+            const discoveryDocument = await this.fetchDiscoveryDocument(baseUrl);
+            this.issuer = discoveryDocument.issuer;
+            this.jwksUri = discoveryDocument.jwks_uri;
+            this.jwks = (0, jose_1.createRemoteJWKSet)(new URL(this.jwksUri), {
+                cacheMaxAge: DEFAULT_JWKS_EXPIRES_IN,
+                cooldownDuration: DEFAULT_JWKS_EXPIRES_IN
+            });
+            this.initialized = true;
+            app_sdk_1.logger.info(`TokenVerifier initialized with issuer: ${this.issuer} (environment: ${environment})`);
+        }
+        catch (error) {
+            app_sdk_1.logger.error('Failed to initialize TokenVerifier', error);
+            // Re-throw the original error to preserve specific error messages for tests
+            throw error;
+        }
+    }
+    /**
+     * Fetch discovery document from well-known endpoint
+     */
+    async fetchDiscoveryDocument(baseUrl) {
+        const wellKnownUrl = `${baseUrl}/.well-known/oauth-authorization-server`;
+        const response = await fetch(wellKnownUrl);
+        if (!response.ok) {
+            throw new Error(`Failed to fetch discovery document: ${response.status} ${response.statusText}`);
+        }
+        const discoveryDocument = await response.json();
+        if (!discoveryDocument.issuer || !discoveryDocument.jwks_uri) {
+            throw new Error('Invalid discovery document: missing issuer or jwks_uri');
+        }
+        return discoveryDocument;
+    }
+    async verifyToken(token) {
+        if (!this.initialized) {
+            throw new Error('TokenVerifier not initialized. Call initialize() first.');
+        }
+        if (!this.jwks || !this.issuer) {
+            throw new Error('TokenVerifier not properly configured.');
+        }
+        try {
+            await (0, jose_1.jwtVerify)(token, this.jwks, {
+                issuer: this.issuer,
+                audience: AUDIENCE,
+                clockTolerance: DEFAULT_LEEWAY,
+            });
+            return true;
+        }
+        catch (error) {
+            app_sdk_1.logger.error('Token verification failed:', error);
+            return false;
+        }
+    }
+}
+exports.TokenVerifier = TokenVerifier;
+const getTokenVerifier = async () => TokenVerifier.getInitializedInstance();
+exports.getTokenVerifier = getTokenVerifier;
+//# sourceMappingURL=TokenVerifier.js.map

package/dist/auth/TokenVerifier.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"TokenVerifier.js","sourceRoot":"","sources":["../../src/auth/TokenVerifier.ts"],"names":[],"mappings":";;;AAAA,+BAAqD;AACrD,+CAA2C;AAE3C;;GAEG;AACH,MAAM,uBAAuB,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI,CAAC;AAE/C;;GAEG;AACH,MAAM,cAAc,GAAG,EAAE,CAAC;AAE1B;;GAEG;AACH,MAAM,QAAQ,GAAG,eAAe,CAAC;AAEjC;;GAEG;AACH,MAAM,aAAa,GAAG,kDAAkD,CAAC;AAEzE;;GAEG;AACH,MAAM,aAAa,GAAG,6CAA6C,CAAC;AAQpE,MAAa,aAAa;IAChB,MAAM,CAAC,QAAQ,GAAyB,IAAI,CAAC;IAC7C,OAAO,CAAU;IACjB,MAAM,CAAU;IAChB,IAAI,CAAyC;IAC7C,WAAW,GAAY,KAAK,CAAC;IAErC;;;;;OAKG;IACI,KAAK,CAAC,MAAM,CAAC,KAAyB;QAC3C,IAAI,CAAC,KAAK,IAAI,KAAK,CAAC,IAAI,EAAE,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YACxC,MAAM,IAAI,KAAK,CAAC,+BAA+B,CAAC,CAAC;QACnD,CAAC;QAED,OAAO,IAAI,CAAC,WAAW,CAAC,KAAK,CAAC,CAAC;IACjC,CAAC;IAEO,MAAM,CAAC,WAAW;QACxB,IAAI,CAAC,aAAa,CAAC,QAAQ,EAAE,CAAC;YAC5B,aAAa,CAAC,QAAQ,GAAG,IAAI,aAAa,EAAE,CAAC;QAC/C,CAAC;QACD,OAAO,aAAa,CAAC,QAAQ,CAAC;IAChC,CAAC;IAED;;;OAGG;IACI,MAAM,CAAC,KAAK,CAAC,sBAAsB;QACxC,MAAM,QAAQ,GAAG,aAAa,CAAC,WAAW,EAAE,CAAC;QAC7C,IAAI,CAAC,QAAQ,CAAC,WAAW,EAAE,CAAC;YAC1B,MAAM,QAAQ,CAAC,UAAU,EAAE,CAAC;QAC9B,CAAC;QACD,OAAO,QAAQ,CAAC;IAClB,CAAC;IAED;;OAEG;IACK,KAAK,CAAC,UAAU;QACtB,IAAI,IAAI,CAAC,WAAW,EAAE,CAAC;YACrB,OAAO;QACT,CAAC;QAED,IAAI,CAAC;YACH,iFAAiF;YACjF,MAAM,WAAW,GAAG,OAAO,CAAC,GAAG,CAAC,WAAW,IAAI,YAAY,CAAC;YAC5D,MAAM,OAAO,GAAG,WAAW,KAAK,SAAS,CAAC,CAAC,CAAC,aAAa,CAAC,CAAC,CAAC,aAAa,CAAC;YAC1E,MAAM,iBAAiB,GAAG,MAAM,IAAI,CAAC,sBAAsB,CAAC,OAAO,CAAC,CAAC;YACrE,IAAI,CAAC,MAAM,GAAG,iBAAiB,CAAC,MAAM,CAAC;YACvC,IAAI,CAAC,OAAO,GAAG,iBAAiB,CAAC,QAAQ,CAAC;YAC1C,IAAI,CAAC,IAAI,GAAG,IAAA,yBAAkB,EAAC,IAAI,GAAG,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE;gBACpD,WAAW,EAAE,uBAAuB;gBACpC,gBAAgB,EAAE,uBAAuB;aAC1C,CAAC,CAAC;YACH,IAAI,CAAC,WAAW,GAAG,IAAI,CAAC;YACxB,gBAAM,CAAC,IAAI,CAAC,0CAA0C,IAAI,CAAC,MAAM,kBAAkB,WAAW,GAAG,CAAC,CAAC;QACrG,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,gBAAM,CAAC,KAAK,CAAC,oCAAoC,EAAE,KAAK,CAAC,CAAC;YAC1D,4EAA4E;YAC5E,MAAM,KAAK,CAAC;QACd,CAAC;IACH,CAAC;IAED;;OAEG;IACK,KAAK,CAAC,sBAAsB,CAAC,OAAe;QAClD,MAAM,YAAY,GAAG,GAAG,OAAO,yCAAyC,CAAC;QAEzE,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,YAAY,CAAC,CAAC;QAC3C,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;YACjB,MAAM,IAAI,KAAK,CAAC,uCAAuC,QAAQ,CAAC,MAAM,IAAI,QAAQ,CAAC,UAAU,EAAE,CAAC,CAAC;QACnG,CAAC;QACD,MAAM,iBAAiB,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAuB,CAAC;QACrE,IAAI,CAAC,iBAAiB,CAAC,MAAM,IAAI,CAAC,iBAAiB,CAAC,QAAQ,EAAE,CAAC;YAC7D,MAAM,IAAI,KAAK,CAAC,wDAAwD,CAAC,CAAC;QAC5E,CAAC;QAED,OAAO,iBAAiB,CAAC;IAC3B,CAAC;IAEO,KAAK,CAAC,WAAW,CAAC,KAAa;QACrC,IAAI,CAAC,IAAI,CAAC,WAAW,EAAE,CAAC;YACtB,MAAM,IAAI,KAAK,CAAC,yDAAyD,CAAC,CAAC;QAC7E,CAAC;QAED,IAAI,CAAC,IAAI,CAAC,IAAI,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,CAAC;YAC/B,MAAM,IAAI,KAAK,CAAC,wCAAwC,CAAC,CAAC;QAC5D,CAAC;QAED,IAAI,CAAC;YACH,MAAM,IAAA,gBAAS,EAAC,KAAK,EAAE,IAAI,CAAC,IAAI,EAAE;gBAChC,MAAM,EAAE,IAAI,CAAC,MAAM;gBACnB,QAAQ,EAAE,QAAQ;gBAClB,cAAc,EAAE,cAAc;aAC/B,CAAC,CAAC;YACH,OAAO,IAAI,CAAC;QACd,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,gBAAM,CAAC,KAAK,CAAC,4BAA4B,EAAE,KAAK,CAAC,CAAC;YAClD,OAAO,KAAK,CAAC;QACf,CAAC;IACH,CAAC;;AA1GH,sCA4GC;AAEM,MAAM,gBAAgB,GAAG,KAAK,IAA4B,EAAE,CAAC,aAAa,CAAC,sBAAsB,EAAE,CAAC;AAA9F,QAAA,gBAAgB,oBAA8E"}

package/dist/auth/TokenVerifier.test.d.ts

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=TokenVerifier.test.d.ts.map

package/dist/auth/TokenVerifier.test.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"TokenVerifier.test.d.ts","sourceRoot":"","sources":["../../src/auth/TokenVerifier.test.ts"],"names":[],"mappings":""}

package/dist/auth/TokenVerifier.test.js

@@ -0,0 +1,125 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+// Mock the app-sdk module
+jest.mock('@zaiusinc/app-sdk', () => ({
+    logger: {
+        info: jest.fn(),
+        error: jest.fn(),
+        warn: jest.fn(),
+        debug: jest.fn(),
+    },
+}));
+const TokenVerifier_1 = require("./TokenVerifier");
+// Test constants
+const TEST_ISSUER = 'https://prep.login.optimizely.com/oauth2/default';
+const TEST_JWKS_URI = 'https://prep.login.optimizely.com/oauth2/v1/keys';
+// Mock fetch globally
+global.fetch = jest.fn();
+describe('TokenVerifier', () => {
+    beforeEach(() => {
+        // Reset fetch mock
+        global.fetch.mockReset();
+        // Reset singleton instance for each test
+        TokenVerifier_1.TokenVerifier.instance = null;
+    });
+    describe('getInitializedInstance', () => {
+        it('should initialize successfully', async () => {
+            // Mock fetch for OAuth2 authorization server discovery
+            global.fetch.mockResolvedValue({
+                ok: true,
+                json: jest.fn().mockResolvedValue({
+                    issuer: TEST_ISSUER,
+                    jwks_uri: TEST_JWKS_URI
+                })
+            });
+            const tokenVerifier = await TokenVerifier_1.TokenVerifier.getInitializedInstance();
+            expect(tokenVerifier).toBeInstanceOf(TokenVerifier_1.TokenVerifier);
+        });
+        it('should throw error when discovery document is invalid', async () => {
+            global.fetch.mockResolvedValue({
+                ok: true,
+                json: jest.fn().mockResolvedValue({
+                // Missing issuer and jwks_uri
+                })
+            });
+            await expect(TokenVerifier_1.TokenVerifier.getInitializedInstance()).rejects.toThrow('Invalid discovery document: missing issuer or jwks_uri');
+        });
+        it('should throw error when discovery endpoint is unreachable', async () => {
+            global.fetch.mockResolvedValue({
+                ok: false,
+                status: 404,
+                statusText: 'Not Found'
+            });
+            await expect(TokenVerifier_1.TokenVerifier.getInitializedInstance()).rejects.toThrow('Failed to fetch discovery document: 404 Not Found');
+        });
+    });
+    describe('token verification', () => {
+        let tokenVerifier;
+        beforeEach(async () => {
+            // Mock successful initialization
+            global.fetch.mockResolvedValue({
+                ok: true,
+                json: jest.fn().mockResolvedValue({
+                    issuer: TEST_ISSUER,
+                    jwks_uri: TEST_JWKS_URI
+                })
+            });
+            tokenVerifier = await TokenVerifier_1.TokenVerifier.getInitializedInstance();
+        });
+        it('should throw error for empty token', async () => {
+            await expect(tokenVerifier.verify('')).rejects.toThrow('Token cannot be null or empty');
+        });
+        it('should throw error for undefined token', async () => {
+            await expect(tokenVerifier.verify(undefined)).rejects.toThrow('Token cannot be null or empty');
+        });
+        it('should throw error for whitespace-only token', async () => {
+            await expect(tokenVerifier.verify('   ')).rejects.toThrow('Token cannot be null or empty');
+        });
+        it('should return false for invalid token format', async () => {
+            const result = await tokenVerifier.verify('invalid.jwt.token');
+            expect(result).toBe(false);
+        });
+    });
+    describe('singleton pattern', () => {
+        it('should return same instance when called multiple times', async () => {
+            // Mock successful initialization
+            global.fetch.mockResolvedValue({
+                ok: true,
+                json: jest.fn().mockResolvedValue({
+                    issuer: TEST_ISSUER,
+                    jwks_uri: TEST_JWKS_URI
+                })
+            });
+            const instance1 = await TokenVerifier_1.TokenVerifier.getInitializedInstance();
+            const instance2 = await TokenVerifier_1.TokenVerifier.getInitializedInstance();
+            expect(instance1).toBe(instance2);
+        });
+        it('should call correct prod OAuth2 authorization server discovery URL', async () => {
+            const fetchSpy = jest.spyOn(global, 'fetch').mockResolvedValue({
+                ok: true,
+                json: jest.fn().mockResolvedValue({
+                    issuer: TEST_ISSUER,
+                    jwks_uri: TEST_JWKS_URI
+                })
+            });
+            await TokenVerifier_1.TokenVerifier.getInitializedInstance();
+            expect(fetchSpy).toHaveBeenCalledWith('https://login.optimizely.com/oauth2/default/.well-known/oauth-authorization-server');
+        });
+        it('should call correct prep OAuth2 authorization server discovery URL', async () => {
+            // Set environment variable to staging
+            process.env.ENVIRONMENT = 'staging';
+            const fetchSpy = jest.spyOn(global, 'fetch').mockResolvedValue({
+                ok: true,
+                json: jest.fn().mockResolvedValue({
+                    issuer: TEST_ISSUER,
+                    jwks_uri: TEST_JWKS_URI
+                })
+            });
+            await TokenVerifier_1.TokenVerifier.getInitializedInstance();
+            expect(fetchSpy).toHaveBeenCalledWith('https://prep.login.optimizely.com/oauth2/default/.well-known/oauth-authorization-server');
+            // Clean up environment variable
+            delete process.env.ENVIRONMENT;
+        });
+    });
+});
+//# sourceMappingURL=TokenVerifier.test.js.map

package/dist/auth/TokenVerifier.test.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"TokenVerifier.test.js","sourceRoot":"","sources":["../../src/auth/TokenVerifier.test.ts"],"names":[],"mappings":";;AACA,0BAA0B;AAC1B,IAAI,CAAC,IAAI,CAAC,mBAAmB,EAAE,GAAG,EAAE,CAAC,CAAC;IACpC,MAAM,EAAE;QACN,IAAI,EAAE,IAAI,CAAC,EAAE,EAAE;QACf,KAAK,EAAE,IAAI,CAAC,EAAE,EAAE;QAChB,IAAI,EAAE,IAAI,CAAC,EAAE,EAAE;QACf,KAAK,EAAE,IAAI,CAAC,EAAE,EAAE;KACjB;CACF,CAAC,CAAC,CAAC;AAEJ,mDAAgD;AAEhD,iBAAiB;AACjB,MAAM,WAAW,GAAG,kDAAkD,CAAC;AACvE,MAAM,aAAa,GAAG,kDAAkD,CAAC;AAEzE,sBAAsB;AACtB,MAAM,CAAC,KAAK,GAAG,IAAI,CAAC,EAAE,EAAE,CAAC;AAEzB,QAAQ,CAAC,eAAe,EAAE,GAAG,EAAE;IAC7B,UAAU,CAAC,GAAG,EAAE;QACd,mBAAmB;QAClB,MAAM,CAAC,KAAmB,CAAC,SAAS,EAAE,CAAC;QAExC,yCAAyC;QACxC,6BAAqB,CAAC,QAAQ,GAAG,IAAI,CAAC;IACzC,CAAC,CAAC,CAAC;IAEH,QAAQ,CAAC,wBAAwB,EAAE,GAAG,EAAE;QACtC,EAAE,CAAC,gCAAgC,EAAE,KAAK,IAAI,EAAE;YAC9C,uDAAuD;YACtD,MAAM,CAAC,KAAmB,CAAC,iBAAiB,CAAC;gBAC5C,EAAE,EAAE,IAAI;gBACR,IAAI,EAAE,IAAI,CAAC,EAAE,EAAE,CAAC,iBAAiB,CAAC;oBAChC,MAAM,EAAE,WAAW;oBACnB,QAAQ,EAAE,aAAa;iBACxB,CAAC;aACH,CAAC,CAAC;YAEH,MAAM,aAAa,GAAG,MAAM,6BAAa,CAAC,sBAAsB,EAAE,CAAC;YACnE,MAAM,CAAC,aAAa,CAAC,CAAC,cAAc,CAAC,6BAAa,CAAC,CAAC;QACtD,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,uDAAuD,EAAE,KAAK,IAAI,EAAE;YACpE,MAAM,CAAC,KAAmB,CAAC,iBAAiB,CAAC;gBAC5C,EAAE,EAAE,IAAI;gBACR,IAAI,EAAE,IAAI,CAAC,EAAE,EAAE,CAAC,iBAAiB,CAAC;gBAChC,8BAA8B;iBAC/B,CAAC;aACH,CAAC,CAAC;YAEH,MAAM,MAAM,CAAC,6BAAa,CAAC,sBAAsB,EAAE,CAAC,CAAC,OAAO,CAAC,OAAO,CAClE,wDAAwD,CACzD,CAAC;QACJ,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,2DAA2D,EAAE,KAAK,IAAI,EAAE;YACxE,MAAM,CAAC,KAAmB,CAAC,iBAAiB,CAAC;gBAC5C,EAAE,EAAE,KAAK;gBACT,MAAM,EAAE,GAAG;gBACX,UAAU,EAAE,WAAW;aACxB,CAAC,CAAC;YAEH,MAAM,MAAM,CAAC,6BAAa,CAAC,sBAAsB,EAAE,CAAC,CAAC,OAAO,CAAC,OAAO,CAClE,mDAAmD,CACpD,CAAC;QACJ,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,QAAQ,CAAC,oBAAoB,EAAE,GAAG,EAAE;QAClC,IAAI,aAA4B,CAAC;QAEjC,UAAU,CAAC,KAAK,IAAI,EAAE;YACpB,iCAAiC;YAChC,MAAM,CAAC,KAAmB,CAAC,iBAAiB,CAAC;gBAC5C,EAAE,EAAE,IAAI;gBACR,IAAI,EAAE,IAAI,CAAC,EAAE,EAAE,CAAC,iBAAiB,CAAC;oBAChC,MAAM,EAAE,WAAW;oBACnB,QAAQ,EAAE,aAAa;iBACxB,CAAC;aACH,CAAC,CAAC;YAEH,aAAa,GAAG,MAAM,6BAAa,CAAC,sBAAsB,EAAE,CAAC;QAC/D,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,oCAAoC,EAAE,KAAK,IAAI,EAAE;YAClD,MAAM,MAAM,CAAC,aAAa,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC,OAAO,CACpD,+BAA+B,CAChC,CAAC;QACJ,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,wCAAwC,EAAE,KAAK,IAAI,EAAE;YACtD,MAAM,MAAM,CAAC,aAAa,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC,CAAC,OAAO,CAAC,OAAO,CAC3D,+BAA+B,CAChC,CAAC;QACJ,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,8CAA8C,EAAE,KAAK,IAAI,EAAE;YAC5D,MAAM,MAAM,CAAC,aAAa,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,OAAO,CAAC,OAAO,CACvD,+BAA+B,CAChC,CAAC;QACJ,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,8CAA8C,EAAE,KAAK,IAAI,EAAE;YAC5D,MAAM,MAAM,GAAG,MAAM,aAAa,CAAC,MAAM,CAAC,mBAAmB,CAAC,CAAC;YAC/D,MAAM,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QAC7B,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,QAAQ,CAAC,mBAAmB,EAAE,GAAG,EAAE;QACjC,EAAE,CAAC,wDAAwD,EAAE,KAAK,IAAI,EAAE;YACtE,iCAAiC;YAChC,MAAM,CAAC,KAAmB,CAAC,iBAAiB,CAAC;gBAC5C,EAAE,EAAE,IAAI;gBACR,IAAI,EAAE,IAAI,CAAC,EAAE,EAAE,CAAC,iBAAiB,CAAC;oBAChC,MAAM,EAAE,WAAW;oBACnB,QAAQ,EAAE,aAAa;iBACxB,CAAC;aACH,CAAC,CAAC;YAEH,MAAM,SAAS,GAAG,MAAM,6BAAa,CAAC,sBAAsB,EAAE,CAAC;YAC/D,MAAM,SAAS,GAAG,MAAM,6BAAa,CAAC,sBAAsB,EAAE,CAAC;YAC/D,MAAM,CAAC,SAAS,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;QACpC,CAAC,CAAC,CAAC;QACH,EAAE,CAAC,oEAAoE,EAAE,KAAK,IAAI,EAAE;YAClF,MAAM,QAAQ,GAAG,IAAI,CAAC,KAAK,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC,iBAAiB,CAAC;gBAC7D,EAAE,EAAE,IAAI;gBACR,IAAI,EAAE,IAAI,CAAC,EAAE,EAAE,CAAC,iBAAiB,CAAC;oBAChC,MAAM,EAAE,WAAW;oBACnB,QAAQ,EAAE,aAAa;iBACxB,CAAC;aACoB,CAAC,CAAC;YAE1B,MAAM,6BAAa,CAAC,sBAAsB,EAAE,CAAC;YAE7C,MAAM,CAAC,QAAQ,CAAC,CAAC,oBAAoB,CACnC,oFAAoF,CACrF,CAAC;QACJ,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,oEAAoE,EAAE,KAAK,IAAI,EAAE;YAClF,sCAAsC;YACtC,OAAO,CAAC,GAAG,CAAC,WAAW,GAAG,SAAS,CAAC;YAEpC,MAAM,QAAQ,GAAG,IAAI,CAAC,KAAK,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC,iBAAiB,CAAC;gBAC7D,EAAE,EAAE,IAAI;gBACR,IAAI,EAAE,IAAI,CAAC,EAAE,EAAE,CAAC,iBAAiB,CAAC;oBAChC,MAAM,EAAE,WAAW;oBACnB,QAAQ,EAAE,aAAa;iBACxB,CAAC;aACoB,CAAC,CAAC;YAE1B,MAAM,6BAAa,CAAC,sBAAsB,EAAE,CAAC;YAE7C,MAAM,CAAC,QAAQ,CAAC,CAAC,oBAAoB,CACnC,yFAAyF,CAC1F,CAAC;YAEF,gCAAgC;YAChC,OAAO,OAAO,CAAC,GAAG,CAAC,WAAW,CAAC;QACjC,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;AAEL,CAAC,CAAC,CAAC"}

package/dist/function/GlobalToolFunction.d.ts

@@ -0,0 +1,27 @@
+import { GlobalFunction, Response } from '@zaiusinc/app-sdk';
+/**
+ * Abstract base class for global tool-based function execution
+ * Provides a standard interface for processing requests through registered tools
+ */
+export declare abstract class GlobalToolFunction extends GlobalFunction {
+    /**
+     * Override this method to implement any required credentials and/or other configuration
+     * exist and are valid. Reasonable caching should be utilized to prevent excessive requests to external resources.
+     * @async
+     * @returns true if the opal function is ready to use
+     */
+    protected ready(): Promise<boolean>;
+    /**
+     * Process the incoming request using the tools service
+     *
+     * @returns Response as the HTTP response
+     */
+    perform(): Promise<Response>;
+    /**
+     * Authenticate the incoming request by validating only the OptiID token
+     *
+     * @returns true if authentication succeeds
+     */
+    private authorizeRequest;
+}
+//# sourceMappingURL=GlobalToolFunction.d.ts.map

package/dist/function/GlobalToolFunction.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"GlobalToolFunction.d.ts","sourceRoot":"","sources":["../../src/function/GlobalToolFunction.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,cAAc,EAAE,QAAQ,EAAmB,MAAM,mBAAmB,CAAC;AAI9E;;;GAGG;AACH,8BAAsB,kBAAmB,SAAQ,cAAc;IAE7D;;;;;OAKG;IACH,SAAS,CAAC,KAAK,IAAI,OAAO,CAAC,OAAO,CAAC;IAInC;;;;OAIG;IACU,OAAO,IAAI,OAAO,CAAC,QAAQ,CAAC;IAsBzC;;;;OAIG;YACW,gBAAgB;CAG/B"}

package/dist/function/GlobalToolFunction.js

@@ -0,0 +1,53 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.GlobalToolFunction = void 0;
+const app_sdk_1 = require("@zaiusinc/app-sdk");
+const AuthUtils_1 = require("../auth/AuthUtils");
+const Service_1 = require("../service/Service");
+/**
+ * Abstract base class for global tool-based function execution
+ * Provides a standard interface for processing requests through registered tools
+ */
+class GlobalToolFunction extends app_sdk_1.GlobalFunction {
+    /**
+     * Override this method to implement any required credentials and/or other configuration
+     * exist and are valid. Reasonable caching should be utilized to prevent excessive requests to external resources.
+     * @async
+     * @returns true if the opal function is ready to use
+     */
+    ready() {
+        return Promise.resolve(true);
+    }
+    /**
+     * Process the incoming request using the tools service
+     *
+     * @returns Response as the HTTP response
+     */
+    async perform() {
+        // Extract customer_id from auth data for global context attribution
+        const authInfo = (0, AuthUtils_1.extractAuthData)(this.request);
+        const customerId = authInfo?.authData?.credentials?.customer_id;
+        (0, app_sdk_1.amendLogContext)({
+            opalThreadId: this.request.headers.get('x-opal-thread-id') || '',
+            customerId: customerId || ''
+        });
+        if (!(await this.authorizeRequest())) {
+            return new app_sdk_1.Response(403, { error: 'Forbidden' });
+        }
+        if (this.request.path === '/ready') {
+            const isReady = await this.ready();
+            return new app_sdk_1.Response(200, { ready: isReady });
+        }
+        return Service_1.toolsService.processRequest(this.request, this);
+    }
+    /**
+     * Authenticate the incoming request by validating only the OptiID token
+     *
+     * @returns true if authentication succeeds
+     */
+    async authorizeRequest() {
+        return await (0, AuthUtils_1.authenticateGlobalRequest)(this.request);
+    }
+}
+exports.GlobalToolFunction = GlobalToolFunction;
+//# sourceMappingURL=GlobalToolFunction.js.map

package/dist/function/GlobalToolFunction.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"GlobalToolFunction.js","sourceRoot":"","sources":["../../src/function/GlobalToolFunction.ts"],"names":[],"mappings":";;;AAAA,+CAA8E;AAC9E,iDAA+E;AAC/E,gDAAkD;AAElD;;;GAGG;AACH,MAAsB,kBAAmB,SAAQ,wBAAc;IAE7D;;;;;OAKG;IACO,KAAK;QACb,OAAO,OAAO,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;IAC/B,CAAC;IAED;;;;OAIG;IACI,KAAK,CAAC,OAAO;QAClB,oEAAoE;QACpE,MAAM,QAAQ,GAAG,IAAA,2BAAe,EAAC,IAAI,CAAC,OAAO,CAAC,CAAC;QAC/C,MAAM,UAAU,GAAG,QAAQ,EAAE,QAAQ,EAAE,WAAW,EAAE,WAAW,CAAC;QAEhE,IAAA,yBAAe,EAAC;YACd,YAAY,EAAE,IAAI,CAAC,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,kBAAkB,CAAC,IAAI,EAAE;YAChE,UAAU,EAAE,UAAU,IAAI,EAAE;SAC7B,CAAC,CAAC;QAEH,IAAI,CAAC,CAAC,MAAM,IAAI,CAAC,gBAAgB,EAAE,CAAC,EAAE,CAAC;YACrC,OAAO,IAAI,kBAAQ,CAAC,GAAG,EAAE,EAAE,KAAK,EAAE,WAAW,EAAE,CAAC,CAAC;QACnD,CAAC;QAED,IAAI,IAAI,CAAC,OAAO,CAAC,IAAI,KAAK,QAAQ,EAAE,CAAC;YACnC,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,KAAK,EAAE,CAAC;YACnC,OAAO,IAAI,kBAAQ,CAAC,GAAG,EAAE,EAAE,KAAK,EAAE,OAAO,EAAE,CAAC,CAAC;QAC/C,CAAC;QAED,OAAO,sBAAY,CAAC,cAAc,CAAC,IAAI,CAAC,OAAO,EAAE,IAAI,CAAC,CAAC;IACzD,CAAC;IAED;;;;OAIG;IACK,KAAK,CAAC,gBAAgB;QAC5B,OAAO,MAAM,IAAA,qCAAyB,EAAC,IAAI,CAAC,OAAO,CAAC,CAAC;IACvD,CAAC;CACF;AA/CD,gDA+CC"}

package/dist/function/GlobalToolFunction.test.d.ts

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=GlobalToolFunction.test.d.ts.map

package/dist/function/GlobalToolFunction.test.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"GlobalToolFunction.test.d.ts","sourceRoot":"","sources":["../../src/function/GlobalToolFunction.test.ts"],"names":[],"mappings":""}