@optimizely-opal/opal-tool-ocp-sdk 0.0.0-devmg.12 → 1.0.0-OCP-1441.1

package/src/function/ToolFunction.ts

@@ -1,7 +1,5 @@
-import { Function, Response, amendLogContext, getAppContext, logger } from '@zaiusinc/app-sdk';
+import { Function, Response, amendLogContext } from '@zaiusinc/app-sdk';
 import { toolsService } from '../service/Service';
-import { getTokenVerifier } from '../auth/TokenVerifier';
-import { OptiIdAuthData } from '../types/Models';
 
 /**
  * Abstract base class for tool-based function execution
@@ -41,46 +39,9 @@ export abstract class ToolFunction extends Function {
   /**
    * Authenticate the incoming request by validating the OptiID token and organization ID
    *
-   * @throws true if authentication succeeds
+   * @returns true if authentication succeeds
    */
   private async authorizeRequest(): Promise<boolean> {
-    logger.info('Authorizing request:', this.request.bodyJSON);
-    if (this.request.path === '/discovery' || this.request.path === '/ready') {
-      return true;
-    }
-    const authData = this.request.bodyJSON?.auth as OptiIdAuthData;
-    const accessToken = authData?.credentials?.access_token;
-    if (!accessToken || authData?.provider?.toLowerCase() !== 'optiid') {
-      logger.error('OptiID token is required but not provided');
-      return false;
-    }
-
-    const customerId = authData.credentials?.customer_id;
-    if (!customerId) {
-      logger.error('Organisation ID is required but not provided');
-      return false;
-    }
-
-    const appOrganisationId = getAppContext().account?.organizationId;
-    if (customerId !== appOrganisationId) {
-      logger.error(`Invalid organisation ID: expected ${appOrganisationId}, received ${customerId}`);
-      return false;
-    }
-
-    return await this.validateAccessToken(accessToken);
+    return true;
   }
-
-  private async validateAccessToken(accessToken: string | undefined): Promise<boolean> {
-    try {
-      if (!accessToken) {
-        return false;
-      }
-      const tokenVerifier = await getTokenVerifier();
-      return await tokenVerifier.verify(accessToken);
-    } catch (error) {
-      logger.error('OptiID token validation failed:', error);
-      return false;
-    }
-  }
-
 }

package/src/index.ts

@@ -1,4 +1,5 @@
 export * from './function/ToolFunction';
+export * from './function/GlobalToolFunction';
 export * from './types/Models';
 export * from './decorator/Decorator';
 export * from './auth/TokenVerifier';

package/src/service/Service.test.ts

@@ -522,15 +522,25 @@ describe('ToolsService', () => {
 
     describe('edge cases', () => {
       it('should handle request with null bodyJSON', async () => {
+        // Create a tool without required parameters
+        const toolWithoutRequiredParams = {
+          name: 'no_required_params_tool',
+          description: 'Tool without required parameters',
+          handler: jest.fn().mockResolvedValue({ result: 'success' }),
+          parameters: [], // No parameters defined
+          endpoint: '/no-required-params-tool'
+        };
+
         toolsService.registerTool(
-          mockTool.name,
-          mockTool.description,
-          mockTool.handler,
-          mockTool.parameters,
-          mockTool.endpoint
+          toolWithoutRequiredParams.name,
+          toolWithoutRequiredParams.description,
+          toolWithoutRequiredParams.handler,
+          toolWithoutRequiredParams.parameters,
+          toolWithoutRequiredParams.endpoint
         );
 
         const requestWithNullBody = createMockRequest({
+          path: '/no-required-params-tool',
           bodyJSON: null,
           body: null
         });
@@ -538,19 +548,29 @@ describe('ToolsService', () => {
         const response = await toolsService.processRequest(requestWithNullBody, mockToolFunction);
 
         expect(response.status).toBe(200);
-        expect(mockTool.handler).toHaveBeenCalledWith(mockToolFunction, null, undefined);
+        expect(toolWithoutRequiredParams.handler).toHaveBeenCalledWith(mockToolFunction, null, undefined);
       });
 
       it('should handle request with undefined bodyJSON', async () => {
+        // Create a tool without required parameters
+        const toolWithoutRequiredParams = {
+          name: 'no_required_params_tool_2',
+          description: 'Tool without required parameters',
+          handler: jest.fn().mockResolvedValue({ result: 'success' }),
+          parameters: [], // No parameters defined
+          endpoint: '/no-required-params-tool-2'
+        };
+
         toolsService.registerTool(
-          mockTool.name,
-          mockTool.description,
-          mockTool.handler,
-          mockTool.parameters,
-          mockTool.endpoint
+          toolWithoutRequiredParams.name,
+          toolWithoutRequiredParams.description,
+          toolWithoutRequiredParams.handler,
+          toolWithoutRequiredParams.parameters,
+          toolWithoutRequiredParams.endpoint
         );
 
         const requestWithUndefinedBody = createMockRequest({
+          path: '/no-required-params-tool-2',
           bodyJSON: undefined,
           body: undefined
         });
@@ -558,7 +578,7 @@ describe('ToolsService', () => {
         const response = await toolsService.processRequest(requestWithUndefinedBody, mockToolFunction);
 
         expect(response.status).toBe(200);
-        expect(mockTool.handler).toHaveBeenCalledWith(mockToolFunction, undefined, undefined);
+        expect(toolWithoutRequiredParams.handler).toHaveBeenCalledWith(mockToolFunction, undefined, undefined);
       });
 
       it('should extract auth data from bodyJSON when body exists', async () => {
@@ -657,5 +677,99 @@ describe('ToolsService', () => {
         );
       });
     });
+
+    describe('parameter validation', () => {
+      beforeEach(() => {
+        jest.clearAllMocks();
+      });
+
+      it('should validate parameters and return 400 for invalid types', async () => {
+        // Register a tool with specific parameter types
+        const toolWithTypedParams = {
+          name: 'typed_tool',
+          description: 'Tool with typed parameters',
+          handler: jest.fn().mockResolvedValue({ result: 'success' }),
+          parameters: [
+            new Parameter('name', ParameterType.String, 'User name', true),
+            new Parameter('age', ParameterType.Integer, 'User age', true),
+            new Parameter('active', ParameterType.Boolean, 'Is active', false)
+          ],
+          endpoint: '/typed-tool'
+        };
+
+        toolsService.registerTool(
+          toolWithTypedParams.name,
+          toolWithTypedParams.description,
+          toolWithTypedParams.handler,
+          toolWithTypedParams.parameters,
+          toolWithTypedParams.endpoint
+        );
+
+        // Send invalid parameter types
+        const invalidRequest = createMockRequest({
+          path: '/typed-tool',
+          bodyJSON: {
+            parameters: {
+              name: 123, // should be string
+              age: '25', // should be integer
+              active: 'true' // should be boolean
+            }
+          }
+        });
+
+        const response = await toolsService.processRequest(invalidRequest, mockToolFunction);
+
+        expect(response.status).toBe(400);
+
+        // Expect simplified error format
+        expect(response.bodyJSON).toHaveProperty('errors');
+        expect(response.bodyJSON.errors).toHaveLength(3);
+
+        // Check error structure - only field and message
+        const errors = response.bodyJSON.errors;
+        expect(errors[0]).toHaveProperty('field', 'name');
+        expect(errors[0]).toHaveProperty('message', "Parameter 'name' must be a string, but received number");
+
+        // Verify the handler was not called
+        expect(toolWithTypedParams.handler).not.toHaveBeenCalled();
+      });
+
+      it('should skip validation for tools with no parameter definitions', async () => {
+        const toolWithoutParams = {
+          name: 'no_params_tool',
+          description: 'Tool without parameters',
+          handler: jest.fn().mockResolvedValue({ result: 'success' }),
+          parameters: [], // No parameters defined
+          endpoint: '/no-params-tool'
+        };
+
+        toolsService.registerTool(
+          toolWithoutParams.name,
+          toolWithoutParams.description,
+          toolWithoutParams.handler,
+          toolWithoutParams.parameters,
+          toolWithoutParams.endpoint
+        );
+
+        // Send request with any data (should be ignored)
+        const request = createMockRequest({
+          path: '/no-params-tool',
+          bodyJSON: {
+            parameters: {
+              unexpected: 'value'
+            }
+          }
+        });
+
+        const response = await toolsService.processRequest(request, mockToolFunction);
+
+        expect(response.status).toBe(200);
+        expect(toolWithoutParams.handler).toHaveBeenCalledWith(
+          mockToolFunction,
+          { unexpected: 'value' },
+          undefined
+        );
+      });
+    });
   });
 });

package/src/service/Service.ts

@@ -3,14 +3,14 @@ import { AuthRequirement, Parameter } from '../types/Models';
 import * as App from '@zaiusinc/app-sdk';
 import { logger } from '@zaiusinc/app-sdk';
 import { ToolFunction } from '../function/ToolFunction';
+import { GlobalToolFunction } from '../function/GlobalToolFunction';
+import { ParameterValidator } from '../validation/ParameterValidator';
 
 /**
  * Default OptiID authentication requirement that will be enforced for all tools
  */
 const DEFAULT_OPTIID_AUTH = new AuthRequirement('OptiID', 'default', true);
 
-
-
 /**
  * Result type for interaction handlers
  */
@@ -28,7 +28,11 @@ export class Interaction<TAuthData> {
   public constructor(
     public name: string,
     public endpoint: string,
-    public handler: (functionContext: ToolFunction, data: unknown, authData?: TAuthData) => Promise<InteractionResult>
+    public handler: (
+      functionContext: ToolFunction | GlobalToolFunction,
+      data: unknown,
+      authData?: TAuthData
+    ) => Promise<InteractionResult>
   ) {}
 }
 
@@ -55,7 +59,11 @@ export class Tool<TAuthData> {
     public description: string,
     public parameters: Parameter[],
     public endpoint: string,
-    public handler: (functionContext: ToolFunction, params: unknown, authData?: TAuthData) => Promise<unknown>,
+    public handler: (
+      functionContext: ToolFunction | GlobalToolFunction,
+      params: unknown,
+      authData?: TAuthData
+    ) => Promise<unknown>,
     public authRequirements: AuthRequirement[] = [DEFAULT_OPTIID_AUTH]
   ) {}
 
@@ -108,14 +116,25 @@ export class ToolsService {
   public registerTool<TAuthData>(
     name: string,
     description: string,
-    handler: (functionContext: ToolFunction, params: unknown, authData?: TAuthData) => Promise<unknown>,
+    handler: (
+      functionContext: ToolFunction | GlobalToolFunction,
+      params: unknown,
+      authData?: TAuthData
+    ) => Promise<unknown>,
     parameters: Parameter[],
     endpoint: string,
     authRequirements?: AuthRequirement[]
   ): void {
     // Enforce OptiID authentication for all tools
     const enforcedAuthRequirements = this.enforceOptiIdAuth(authRequirements);
-    const func = new Tool<TAuthData>(name, description, parameters, endpoint, handler, enforcedAuthRequirements);
+    const func = new Tool<TAuthData>(
+      name,
+      description,
+      parameters,
+      endpoint,
+      handler,
+      enforcedAuthRequirements
+    );
     this.functions.set(endpoint, func);
   }
 
@@ -127,15 +146,21 @@ export class ToolsService {
    */
   public registerInteraction<TAuthData>(
     name: string,
-    handler: (functionContext: ToolFunction, data: unknown, authData?: TAuthData) => Promise<InteractionResult>,
+    handler: (
+      functionContext: ToolFunction | GlobalToolFunction,
+      data: unknown,
+      authData?: TAuthData
+    ) => Promise<InteractionResult>,
     endpoint: string
   ): void {
     const func = new Interaction<TAuthData>(name, endpoint, handler);
     this.interactions.set(endpoint, func);
   }
 
-  public async processRequest(req: App.Request,
-                              functionContext: ToolFunction): Promise<App.Response> {
+  public async processRequest(
+    req: App.Request,
+    functionContext: ToolFunction | GlobalToolFunction
+  ): Promise<App.Response> {
     if (req.path === '/discovery') {
       return new App.Response(200, { functions: Array.from(this.functions.values()).map((f) => f.toJSON()) });
     } else {
@@ -149,6 +174,19 @@ export class ToolsService {
             params = req.bodyJSON;
           }
 
+          // Validate parameters before calling the handler (only if tool has parameter definitions)
+          if (func.parameters && func.parameters.length > 0) {
+            const validationResult = ParameterValidator.validate(params, func.parameters);
+            if (!validationResult.isValid) {
+              return new App.Response(400, {
+                errors: validationResult.errors.map((error) => ({
+                  field: error.parameter,
+                  message: error.message
+                }))
+              });
+            }
+          }
+
           // Extract auth data from body JSON
           const authData = req.bodyJSON ? req.bodyJSON.auth : undefined;
 

package/src/validation/ParameterValidator.test.ts

@@ -0,0 +1,341 @@
+import { ParameterValidator } from './ParameterValidator';
+import { Parameter, ParameterType } from '../types/Models';
+
+describe('ParameterValidator', () => {
+  describe('validate', () => {
+    it('should pass validation for valid parameters', () => {
+      const paramDefs = [
+        new Parameter('name', ParameterType.String, 'User name', true),
+        new Parameter('age', ParameterType.Integer, 'User age', false),
+        new Parameter('score', ParameterType.Number, 'User score', false),
+        new Parameter('active', ParameterType.Boolean, 'Is active', false),
+        new Parameter('tags', ParameterType.List, 'User tags', false),
+        new Parameter('config', ParameterType.Dictionary, 'User config', false)
+      ];
+
+      const validParams = {
+        name: 'John Doe',
+        age: 25,
+        score: 85.5,
+        active: true,
+        tags: ['admin', 'user'],
+        config: { theme: 'dark', language: 'en' }
+      };
+
+      const result = ParameterValidator.validate(validParams, paramDefs);
+
+      expect(result.isValid).toBe(true);
+      expect(result.errors).toHaveLength(0);
+    });
+
+    it('should fail validation for missing required parameters', () => {
+      const paramDefs = [
+        new Parameter('name', ParameterType.String, 'User name', true),
+        new Parameter('email', ParameterType.String, 'User email', true)
+      ];
+
+      const params = {
+        name: 'John Doe'
+        // email is missing
+      };
+
+      const result = ParameterValidator.validate(params, paramDefs);
+
+      expect(result.isValid).toBe(false);
+      expect(result.errors).toHaveLength(1);
+      expect(result.errors[0]).toEqual({
+        parameter: 'email',
+        message: "Required parameter 'email' is missing"
+      });
+    });
+
+    it('should fail validation for wrong parameter types', () => {
+      const paramDefs = [
+        new Parameter('name', ParameterType.String, 'User name', true),
+        new Parameter('age', ParameterType.Integer, 'User age', true),
+        new Parameter('active', ParameterType.Boolean, 'Is active', true),
+        new Parameter('tags', ParameterType.List, 'User tags', true),
+        new Parameter('config', ParameterType.Dictionary, 'User config', true)
+      ];
+
+      const invalidParams = {
+        name: 123, // should be string
+        age: '25', // should be integer
+        active: 'true', // should be boolean
+        tags: 'tag1,tag2', // should be array
+        config: 'invalid' // should be object
+      };
+
+      const result = ParameterValidator.validate(invalidParams, paramDefs);
+
+      expect(result.isValid).toBe(false);
+      expect(result.errors).toHaveLength(5);
+
+      expect(result.errors[0].parameter).toBe('name');
+      expect(result.errors[0].message).toContain('must be a string');
+
+      expect(result.errors[1].parameter).toBe('age');
+      expect(result.errors[1].message).toContain('must be an integer');
+
+      expect(result.errors[2].parameter).toBe('active');
+      expect(result.errors[2].message).toContain('must be a boolean');
+
+      expect(result.errors[3].parameter).toBe('tags');
+      expect(result.errors[3].message).toContain('must be an array');
+
+      expect(result.errors[4].parameter).toBe('config');
+      expect(result.errors[4].message).toContain('must be an object');
+    });
+
+    it('should handle null/undefined parameters correctly', () => {
+      const paramDefs = [
+        new Parameter('required', ParameterType.String, 'Required param', true),
+        new Parameter('optional', ParameterType.String, 'Optional param', false)
+      ];
+
+      const result1 = ParameterValidator.validate(null, paramDefs);
+      expect(result1.isValid).toBe(false);
+      expect(result1.errors).toHaveLength(1);
+      expect(result1.errors[0].parameter).toBe('required');
+
+      const result2 = ParameterValidator.validate(undefined, paramDefs);
+      expect(result2.isValid).toBe(false);
+      expect(result2.errors).toHaveLength(1);
+      expect(result2.errors[0].parameter).toBe('required');
+    });
+
+    it('should allow optional parameters to be missing', () => {
+      const paramDefs = [
+        new Parameter('name', ParameterType.String, 'User name', true),
+        new Parameter('age', ParameterType.Integer, 'User age', false)
+      ];
+
+      const params = {
+        name: 'John Doe'
+        // age is optional and missing
+      };
+
+      const result = ParameterValidator.validate(params, paramDefs);
+
+      expect(result.isValid).toBe(true);
+      expect(result.errors).toHaveLength(0);
+    });
+
+    it('should distinguish between integer and number types', () => {
+      const paramDefs = [
+        new Parameter('count', ParameterType.Integer, 'Item count', true),
+        new Parameter('score', ParameterType.Number, 'Score value', true)
+      ];
+
+      const params1 = {
+        count: 25.5, // should be integer, not float
+        score: 85.5  // number is fine
+      };
+
+      const result1 = ParameterValidator.validate(params1, paramDefs);
+      expect(result1.isValid).toBe(false);
+      expect(result1.errors).toHaveLength(1);
+      expect(result1.errors[0].parameter).toBe('count');
+      expect(result1.errors[0].message).toContain('must be an integer');
+
+      const params2 = {
+        count: 25,   // integer is fine
+        score: 85.5  // number is fine
+      };
+
+      const result2 = ParameterValidator.validate(params2, paramDefs);
+      expect(result2.isValid).toBe(true);
+      expect(result2.errors).toHaveLength(0);
+    });
+
+    it('should handle array vs object distinction', () => {
+      const paramDefs = [
+        new Parameter('tags', ParameterType.List, 'Tag list', true),
+        new Parameter('config', ParameterType.Dictionary, 'Config object', true)
+      ];
+
+      const params = {
+        tags: { 0: 'tag1', 1: 'tag2' }, // object that looks like array
+        config: ['key1', 'key2'] // array instead of object
+      };
+
+      const result = ParameterValidator.validate(params, paramDefs);
+      expect(result.isValid).toBe(false);
+      expect(result.errors).toHaveLength(2);
+
+      expect(result.errors[0].parameter).toBe('tags');
+      expect(result.errors[0].message).toContain('must be an array');
+
+      expect(result.errors[1].parameter).toBe('config');
+      expect(result.errors[1].message).toContain('must be an object');
+    });
+
+    it('should handle null values for optional parameters', () => {
+      const paramDefs = [
+        new Parameter('name', ParameterType.String, 'User name', true),
+        new Parameter('age', ParameterType.Integer, 'User age', false)
+      ];
+
+      const params = {
+        name: 'John Doe',
+        age: null // null for optional parameter should be allowed
+      };
+
+      const result = ParameterValidator.validate(params, paramDefs);
+      expect(result.isValid).toBe(true);
+      expect(result.errors).toHaveLength(0);
+    });
+
+    it('should handle edge cases for number validation', () => {
+      const paramDefs = [
+        new Parameter('score', ParameterType.Number, 'Score value', true)
+      ];
+
+      // Test NaN
+      const params1 = { score: NaN };
+      const result1 = ParameterValidator.validate(params1, paramDefs);
+      expect(result1.isValid).toBe(false);
+      expect(result1.errors[0].message).toContain('must be a number');
+
+      // Test Infinity
+      const params2 = { score: Infinity };
+      const result2 = ParameterValidator.validate(params2, paramDefs);
+      expect(result2.isValid).toBe(true);
+      expect(result2.errors).toHaveLength(0);
+
+      // Test negative numbers
+      const params3 = { score: -42.5 };
+      const result3 = ParameterValidator.validate(params3, paramDefs);
+      expect(result3.isValid).toBe(true);
+      expect(result3.errors).toHaveLength(0);
+    });
+
+    it('should handle edge cases for integer validation', () => {
+      const paramDefs = [
+        new Parameter('count', ParameterType.Integer, 'Item count', true)
+      ];
+
+      // Test negative integers
+      const params1 = { count: -5 };
+      const result1 = ParameterValidator.validate(params1, paramDefs);
+      expect(result1.isValid).toBe(true);
+      expect(result1.errors).toHaveLength(0);
+
+      // Test zero
+      const params2 = { count: 0 };
+      const result2 = ParameterValidator.validate(params2, paramDefs);
+      expect(result2.isValid).toBe(true);
+      expect(result2.errors).toHaveLength(0);
+
+      // Test very large integers
+      const params3 = { count: Number.MAX_SAFE_INTEGER };
+      const result3 = ParameterValidator.validate(params3, paramDefs);
+      expect(result3.isValid).toBe(true);
+      expect(result3.errors).toHaveLength(0);
+    });
+
+    it('should handle empty arrays and objects', () => {
+      const paramDefs = [
+        new Parameter('tags', ParameterType.List, 'Tag list', true),
+        new Parameter('config', ParameterType.Dictionary, 'Config object', true)
+      ];
+
+      const params = {
+        tags: [], // empty array should be valid
+        config: {} // empty object should be valid
+      };
+
+      const result = ParameterValidator.validate(params, paramDefs);
+      expect(result.isValid).toBe(true);
+      expect(result.errors).toHaveLength(0);
+    });
+
+    it('should handle special string values', () => {
+      const paramDefs = [
+        new Parameter('text', ParameterType.String, 'Text value', true)
+      ];
+
+      // Test empty string
+      const params1 = { text: '' };
+      const result1 = ParameterValidator.validate(params1, paramDefs);
+      expect(result1.isValid).toBe(true);
+      expect(result1.errors).toHaveLength(0);
+
+      // Test string with special characters
+      const params2 = { text: 'Hello\nWorld\t!' };
+      const result2 = ParameterValidator.validate(params2, paramDefs);
+      expect(result2.isValid).toBe(true);
+      expect(result2.errors).toHaveLength(0);
+    });
+
+    it('should handle multiple validation errors', () => {
+      const paramDefs = [
+        new Parameter('name', ParameterType.String, 'User name', true),
+        new Parameter('age', ParameterType.Integer, 'User age', true),
+        new Parameter('email', ParameterType.String, 'User email', true)
+      ];
+
+      const params = {
+        name: 123, // wrong type
+        age: '25' // wrong type
+        // email is missing
+      };
+
+      const result = ParameterValidator.validate(params, paramDefs);
+      expect(result.isValid).toBe(false);
+      expect(result.errors).toHaveLength(3);
+
+      expect(result.errors.some((e) => e.parameter === 'name')).toBe(true);
+      expect(result.errors.some((e) => e.parameter === 'age')).toBe(true);
+      expect(result.errors.some((e) => e.parameter === 'email')).toBe(true);
+    });
+
+    it('should handle tools with no parameter definitions', () => {
+      const result = ParameterValidator.validate({ someParam: 'value' }, []);
+      expect(result.isValid).toBe(true);
+      expect(result.errors).toHaveLength(0);
+    });
+
+    it('should handle extra parameters not in definition', () => {
+      const paramDefs = [
+        new Parameter('name', ParameterType.String, 'User name', true)
+      ];
+
+      const params = {
+        name: 'John Doe',
+        extraParam: 'should be ignored'
+      };
+
+      const result = ParameterValidator.validate(params, paramDefs);
+      expect(result.isValid).toBe(true);
+      expect(result.errors).toHaveLength(0);
+    });
+
+    it('should handle nested objects and arrays', () => {
+      const paramDefs = [
+        new Parameter('config', ParameterType.Dictionary, 'Config object', true),
+        new Parameter('matrix', ParameterType.List, 'Matrix data', true)
+      ];
+
+      const params = {
+        config: {
+          nested: {
+            deep: {
+              value: 'test'
+            }
+          },
+          array: [1, 2, 3]
+        },
+        matrix: [
+          [1, 2, 3],
+          [4, 5, 6],
+          { nested: 'object in array' }
+        ]
+      };
+
+      const result = ParameterValidator.validate(params, paramDefs);
+      expect(result.isValid).toBe(true);
+      expect(result.errors).toHaveLength(0);
+    });
+  });
+});