@optimizely-opal/opal-tool-ocp-sdk 0.0.0-dev.5 → 0.0.0-devmg.12

package/src/service/Service.test.ts

@@ -22,6 +22,7 @@ jest.mock('@zaiusinc/app-sdk', () => ({
 describe('ToolsService', () => {
   let mockTool: Tool<unknown>;
   let mockInteraction: Interaction<unknown>;
+  let mockToolFunction: ToolFunction;
 
   beforeEach(() => {
     // Clear registered functions and interactions before each test
@@ -31,6 +32,14 @@ describe('ToolsService', () => {
     // Reset all mocks
     jest.clearAllMocks();
 
+    // Create mock ToolFunction
+    mockToolFunction = {
+      ready: jest.fn().mockResolvedValue(true),
+      perform: jest.fn(),
+      validateBearerToken: jest.fn().mockReturnValue(true),
+      request: {} as any
+    } as any;
+
     // Create mock tool handler
     const mockToolHandler = jest.fn().mockResolvedValue({ result: 'success' });
 
@@ -94,7 +103,7 @@ describe('ToolsService', () => {
         );
 
         const discoveryRequest = createMockRequest({ path: '/discovery' });
-        const response = await toolsService.processRequest(discoveryRequest);
+        const response = await toolsService.processRequest(discoveryRequest, mockToolFunction);
 
         expect(response.status).toBe(200);
         expect(response).toHaveProperty('bodyJSON');
@@ -113,13 +122,14 @@ describe('ToolsService', () => {
           description: mockTool.description,
           parameters: mockTool.parameters.map((p: Parameter) => p.toJSON()),
           endpoint: mockTool.endpoint,
-          http_method: 'POST'
+          http_method: 'POST',
+          auth_requirements: [{ provider: 'OptiID', scope_bundle: 'default', required: true }]
         });
       });
 
       it('should return empty functions array when no tools are registered', async () => {
         const discoveryRequest = createMockRequest({ path: '/discovery' });
-        const response = await toolsService.processRequest(discoveryRequest);
+        const response = await toolsService.processRequest(discoveryRequest, mockToolFunction);
 
         expect(response.status).toBe(200);
         expect(response.bodyAsU8Array).toBeDefined();
@@ -153,7 +163,7 @@ describe('ToolsService', () => {
         );
 
         const discoveryRequest = createMockRequest({ path: '/discovery' });
-        const response = await toolsService.processRequest(discoveryRequest);
+        const response = await toolsService.processRequest(discoveryRequest, mockToolFunction);
 
         expect(response.status).toBe(200);
 
@@ -172,7 +182,8 @@ describe('ToolsService', () => {
           description: mockTool.description,
           parameters: mockTool.parameters.map((p: Parameter) => p.toJSON()),
           endpoint: mockTool.endpoint,
-          http_method: 'POST'
+          http_method: 'POST',
+          auth_requirements: [{ provider: 'OptiID', scope_bundle: 'default', required: true }]
         });
 
         expect(secondFunction).toEqual({
@@ -181,7 +192,10 @@ describe('ToolsService', () => {
           parameters: [],
           endpoint: '/second-tool',
           http_method: 'POST',
-          auth_requirements: authRequirements.map((auth) => auth.toJSON())
+          auth_requirements: [
+            { provider: 'oauth2', scope_bundle: 'calendar', required: true },
+            { provider: 'OptiID', scope_bundle: 'default', required: true }
+          ]
         });
       });
     });
@@ -199,11 +213,11 @@ describe('ToolsService', () => {
 
       it('should execute tool successfully with parameters', async () => {
         const mockRequest = createMockRequest();
-        const response = await toolsService.processRequest(mockRequest);
+        const response = await toolsService.processRequest(mockRequest, mockToolFunction);
 
         expect(response.status).toBe(200);
         expect(mockTool.handler).toHaveBeenCalledWith(
-          undefined, // functionContext
+          mockToolFunction, // functionContext
           { param1: 'test-value' },
           undefined
         );
@@ -213,8 +227,12 @@ describe('ToolsService', () => {
         // Create a mock ToolFunction instance
         const mockToolFunctionInstance = {
           someProperty: 'test-value',
-          someMethod: jest.fn()
-        };
+          someMethod: jest.fn(),
+          ready: jest.fn().mockResolvedValue(true),
+          perform: jest.fn(),
+          validateBearerToken: jest.fn().mockReturnValue(true),
+          request: {} as any
+        } as any;
 
         const mockRequest = createMockRequest();
         const response = await toolsService.processRequest(mockRequest, mockToolFunctionInstance);
@@ -307,11 +325,11 @@ describe('ToolsService', () => {
           })
         });
 
-        const response = await toolsService.processRequest(requestWithAuth);
+        const response = await toolsService.processRequest(requestWithAuth, mockToolFunction);
 
         expect(response.status).toBe(200);
         expect(mockTool.handler).toHaveBeenCalledWith(
-          undefined, // functionContext
+          mockToolFunction, // functionContext
           { param1: 'test-value' },
           authData
         );
@@ -323,11 +341,11 @@ describe('ToolsService', () => {
           body: JSON.stringify({ param1: 'test-value' })
         });
 
-        const response = await toolsService.processRequest(requestWithoutWrapper);
+        const response = await toolsService.processRequest(requestWithoutWrapper, mockToolFunction);
 
         expect(response.status).toBe(200);
         expect(mockTool.handler).toHaveBeenCalledWith(
-          undefined, // functionContext
+          mockToolFunction, // functionContext
           { param1: 'test-value' },
           undefined
         );
@@ -338,7 +356,7 @@ describe('ToolsService', () => {
         jest.mocked(mockTool.handler).mockRejectedValueOnce(new Error(errorMessage));
 
         const mockRequest = createMockRequest();
-        const response = await toolsService.processRequest(mockRequest);
+        const response = await toolsService.processRequest(mockRequest, mockToolFunction);
 
         expect(response.status).toBe(500);
         expect(logger.error).toHaveBeenCalledWith(
@@ -351,7 +369,7 @@ describe('ToolsService', () => {
         jest.mocked(mockTool.handler).mockRejectedValueOnce({});
 
         const mockRequest = createMockRequest();
-        const response = await toolsService.processRequest(mockRequest);
+        const response = await toolsService.processRequest(mockRequest, mockToolFunction);
 
         expect(response.status).toBe(500);
       });
@@ -373,10 +391,10 @@ describe('ToolsService', () => {
           body: JSON.stringify({ data: { param1: 'test-value' } })
         });
 
-        const response = await toolsService.processRequest(interactionRequest);
+        const response = await toolsService.processRequest(interactionRequest, mockToolFunction);
 
         expect(response.status).toBe(200);
-        expect(mockInteraction.handler).toHaveBeenCalledWith(undefined, { param1: 'test-value' }, undefined);
+        expect(mockInteraction.handler).toHaveBeenCalledWith(mockToolFunction, { param1: 'test-value' }, undefined);
       });
 
       it('should handle interaction request body without data wrapper', async () => {
@@ -386,10 +404,10 @@ describe('ToolsService', () => {
           body: JSON.stringify({ param1: 'test-value' })
         });
 
-        const response = await toolsService.processRequest(interactionRequest);
+        const response = await toolsService.processRequest(interactionRequest, mockToolFunction);
 
         expect(response.status).toBe(200);
-        expect(mockInteraction.handler).toHaveBeenCalledWith(undefined, { param1: 'test-value' }, undefined);
+        expect(mockInteraction.handler).toHaveBeenCalledWith(mockToolFunction, { param1: 'test-value' }, undefined);
       });
 
       it('should execute interaction with OptiID auth data when provided', async () => {
@@ -410,11 +428,11 @@ describe('ToolsService', () => {
           })
         });
 
-        const response = await toolsService.processRequest(interactionRequest);
+        const response = await toolsService.processRequest(interactionRequest, mockToolFunction);
 
         expect(response.status).toBe(200);
         expect(mockInteraction.handler).toHaveBeenCalledWith(
-          undefined, // functionContext
+          mockToolFunction, // functionContext
           { param1: 'test-value' },
           authData
         );
@@ -438,11 +456,11 @@ describe('ToolsService', () => {
           })
         });
 
-        const response = await toolsService.processRequest(interactionRequest);
+        const response = await toolsService.processRequest(interactionRequest, mockToolFunction);
 
         expect(response.status).toBe(200);
         expect(mockInteraction.handler).toHaveBeenCalledWith(
-          undefined, // functionContext
+          mockToolFunction, // functionContext
           {
             param1: 'test-value',
             auth: authData
@@ -460,7 +478,7 @@ describe('ToolsService', () => {
           bodyJSON: { data: { param1: 'test-value' } }
         });
 
-        const response = await toolsService.processRequest(interactionRequest);
+        const response = await toolsService.processRequest(interactionRequest, mockToolFunction);
 
         expect(response.status).toBe(500);
         expect(logger.error).toHaveBeenCalledWith(
@@ -473,7 +491,7 @@ describe('ToolsService', () => {
     describe('error cases', () => {
       it('should return 404 when no matching tool or interaction is found', async () => {
         const unknownRequest = createMockRequest({ path: '/unknown-endpoint' });
-        const response = await toolsService.processRequest(unknownRequest);
+        const response = await toolsService.processRequest(unknownRequest, mockToolFunction);
 
         expect(response.status).toBe(404);
       });
@@ -496,7 +514,7 @@ describe('ToolsService', () => {
           path: '/optid-auth-tool'
         });
 
-        const response = await toolsService.processRequest(authRequest);
+        const response = await toolsService.processRequest(authRequest, mockToolFunction);
 
         expect(response.status).toBe(200);
       });
@@ -517,10 +535,10 @@ describe('ToolsService', () => {
           body: null
         });
 
-        const response = await toolsService.processRequest(requestWithNullBody);
+        const response = await toolsService.processRequest(requestWithNullBody, mockToolFunction);
 
         expect(response.status).toBe(200);
-        expect(mockTool.handler).toHaveBeenCalledWith(undefined, null, undefined);
+        expect(mockTool.handler).toHaveBeenCalledWith(mockToolFunction, null, undefined);
       });
 
       it('should handle request with undefined bodyJSON', async () => {
@@ -537,10 +555,10 @@ describe('ToolsService', () => {
           body: undefined
         });
 
-        const response = await toolsService.processRequest(requestWithUndefinedBody);
+        const response = await toolsService.processRequest(requestWithUndefinedBody, mockToolFunction);
 
         expect(response.status).toBe(200);
-        expect(mockTool.handler).toHaveBeenCalledWith(undefined, undefined, undefined);
+        expect(mockTool.handler).toHaveBeenCalledWith(mockToolFunction, undefined, undefined);
       });
 
       it('should extract auth data from bodyJSON when body exists', async () => {
@@ -568,11 +586,11 @@ describe('ToolsService', () => {
           })
         });
 
-        const response = await toolsService.processRequest(requestWithAuth);
+        const response = await toolsService.processRequest(requestWithAuth, mockToolFunction);
 
         expect(response.status).toBe(200);
         expect(mockTool.handler).toHaveBeenCalledWith(
-          undefined, // functionContext
+          mockToolFunction, // functionContext
           { param1: 'test-value' },
           authData
         );
@@ -597,11 +615,11 @@ describe('ToolsService', () => {
           })
         });
 
-        const response = await toolsService.processRequest(requestWithoutAuth);
+        const response = await toolsService.processRequest(requestWithoutAuth, mockToolFunction);
 
         expect(response.status).toBe(200);
         expect(mockTool.handler).toHaveBeenCalledWith(
-          undefined, // functionContext
+          mockToolFunction, // functionContext
           { param1: 'test-value' },
           undefined
         );
@@ -629,11 +647,11 @@ describe('ToolsService', () => {
           body: ''
         });
 
-        const response = await toolsService.processRequest(requestWithAuthButNoBody);
+        const response = await toolsService.processRequest(requestWithAuthButNoBody, mockToolFunction);
 
         expect(response.status).toBe(200);
         expect(mockTool.handler).toHaveBeenCalledWith(
-          undefined, // functionContext
+          mockToolFunction, // functionContext
           { param1: 'test-value' },
           authData
         );

package/src/service/Service.ts

@@ -2,6 +2,12 @@
 import { AuthRequirement, Parameter } from '../types/Models';
 import * as App from '@zaiusinc/app-sdk';
 import { logger } from '@zaiusinc/app-sdk';
+import { ToolFunction } from '../function/ToolFunction';
+
+/**
+ * Default OptiID authentication requirement that will be enforced for all tools
+ */
+const DEFAULT_OPTIID_AUTH = new AuthRequirement('OptiID', 'default', true);
 
 
 
@@ -22,7 +28,7 @@ export class Interaction<TAuthData> {
   public constructor(
     public name: string,
     public endpoint: string,
-    public handler: (functionContext: any, data: unknown, authData?: TAuthData) => Promise<InteractionResult>
+    public handler: (functionContext: ToolFunction, data: unknown, authData?: TAuthData) => Promise<InteractionResult>
   ) {}
 }
 
@@ -42,15 +48,15 @@ export class Tool<TAuthData> {
    * @param parameters Function parameters
    * @param endpoint API endpoint
    * @param handler Function implementing the tool
-   * @param authRequirements Authentication requirements (optional)
+   * @param authRequirements Authentication requirements (mandatory - OptiID enforced)
    */
   public constructor(
     public name: string,
     public description: string,
     public parameters: Parameter[],
     public endpoint: string,
-    public handler: (functionContext: any, params: unknown, authData?: TAuthData) => Promise<unknown>,
-    public authRequirements?: AuthRequirement[]
+    public handler: (functionContext: ToolFunction, params: unknown, authData?: TAuthData) => Promise<unknown>,
+    public authRequirements: AuthRequirement[] = [DEFAULT_OPTIID_AUTH]
   ) {}
 
   /**
@@ -62,13 +68,10 @@ export class Tool<TAuthData> {
       description: this.description,
       parameters: this.parameters.map((p) => p.toJSON()),
       endpoint: this.endpoint,
-      http_method: this.httpMethod
+      http_method: this.httpMethod,
+      auth_requirements: this.authRequirements.map((auth) => auth.toJSON())
     };
 
-    if (this.authRequirements && this.authRequirements.length > 0) {
-      result.auth_requirements = this.authRequirements.map((auth) => auth.toJSON());
-    }
-
     return result;
   }
 }
@@ -78,18 +81,19 @@ export class ToolsService {
   private interactions: Map<string, Interaction<any>> = new Map();
 
   /**
-   * Extract Bearer token from Authorization header
-   * @param headers Request headers (Map-like object or Headers object with get method)
-   * @returns Bearer token string or undefined
+   * Enforce OptiID authentication for tools by ensuring OptiID auth requirement is present
+   * @param authRequirements Original authentication requirements
+   * @returns Enforced authentication requirements with OptiID
    */
-  public extractBearerToken(headers: App.Headers): string | undefined {
-    let bearerToken: string | undefined;
+  private enforceOptiIdAuth(authRequirements?: AuthRequirement[]): AuthRequirement[] {
+    const hasOptiIdProvider = authRequirements
+      && authRequirements.some((auth) => auth.provider.toLowerCase() === 'optiid');
 
-    const authHeader = headers ? headers.get('authorization') : undefined;
-    if (authHeader && authHeader.startsWith('Bearer ')) {
-      bearerToken = authHeader.substring(7).trim();
+    if (hasOptiIdProvider) {
+      return authRequirements;
     }
-    return bearerToken;
+
+    return [...(authRequirements || []), DEFAULT_OPTIID_AUTH];
   }
 
   /**
@@ -104,12 +108,14 @@ export class ToolsService {
   public registerTool<TAuthData>(
     name: string,
     description: string,
-    handler: (functionContext: any, params: unknown, authData?: TAuthData) => Promise<unknown>,
+    handler: (functionContext: ToolFunction, params: unknown, authData?: TAuthData) => Promise<unknown>,
     parameters: Parameter[],
     endpoint: string,
     authRequirements?: AuthRequirement[]
   ): void {
-    const func = new Tool<TAuthData>(name, description, parameters, endpoint, handler, authRequirements);
+    // Enforce OptiID authentication for all tools
+    const enforcedAuthRequirements = this.enforceOptiIdAuth(authRequirements);
+    const func = new Tool<TAuthData>(name, description, parameters, endpoint, handler, enforcedAuthRequirements);
     this.functions.set(endpoint, func);
   }
 
@@ -121,14 +127,15 @@ export class ToolsService {
    */
   public registerInteraction<TAuthData>(
     name: string,
-    handler: (functionContext: any, data: unknown, authData?: TAuthData) => Promise<InteractionResult>,
+    handler: (functionContext: ToolFunction, data: unknown, authData?: TAuthData) => Promise<InteractionResult>,
     endpoint: string
   ): void {
     const func = new Interaction<TAuthData>(name, endpoint, handler);
     this.interactions.set(endpoint, func);
   }
 
-  public async processRequest(req: App.Request, functionContext?: any): Promise<App.Response> {
+  public async processRequest(req: App.Request,
+                              functionContext: ToolFunction): Promise<App.Response> {
     if (req.path === '/discovery') {
       return new App.Response(200, { functions: Array.from(this.functions.values()).map((f) => f.toJSON()) });
     } else {

package/src/types/Models.ts

@@ -48,10 +48,10 @@ export class Parameter {
 export class OptiIdAuthDataCredentials {
 
   public constructor(
-    public customerId: string,
-    public instanceId: string,
-    public accessToken: string,
-    public productSku: string
+    public customer_id: string,
+    public instance_id: string,
+    public access_token: string,
+    public product_sku: string
   ) {}
 }