@optimizely-opal/opal-tool-ocp-sdk 1.0.0-beta.7 → 1.0.0-beta.9

package/src/function/ToolFunction.test.ts

@@ -436,4 +436,224 @@ describe('ToolFunction', () => {
       expect(toolFunction.getRequest()).toBe(mockRequest);
     });
   });
+
+  describe('internal request authentication', () => {
+    beforeEach(() => {
+      // Reset mocks before each test
+      jest.clearAllMocks();
+      setupAuthMocks();
+    });
+
+    it('should use internal authentication for /overrides endpoint', async () => {
+      const overridesRequest = {
+        path: '/overrides',
+        method: 'DELETE',
+        bodyJSON: {},
+        headers: {
+          get: jest.fn().mockImplementation((name: string) => {
+            if (name === 'Authorization' || name === 'authorization') return 'internal-token';
+            if (name === 'x-opal-thread-id') return 'test-thread-id';
+            return null;
+          })
+        }
+      };
+
+      mockProcessRequest.mockResolvedValue(mockResponse);
+      const toolFunctionOverrides = new TestToolFunction(overridesRequest);
+      const result = await toolFunctionOverrides.perform();
+
+      expect(result).toBe(mockResponse);
+      expect(mockProcessRequest).toHaveBeenCalledWith(overridesRequest, toolFunctionOverrides);
+    });
+
+    it('should throw ToolError when internal authentication fails for /overrides endpoint', async () => {
+      const overridesRequest = {
+        path: '/overrides',
+        method: 'DELETE',
+        bodyJSON: {},
+        headers: {
+          get: jest.fn().mockImplementation((name: string) => {
+            if (name === 'x-opal-thread-id') return 'test-thread-id';
+            return null; // No Authorization header
+          })
+        }
+      };
+
+      const toolFunctionOverrides = new TestToolFunction(overridesRequest);
+      const result = await toolFunctionOverrides.perform();
+
+      expect(result.status).toBe(401);
+      expect(result.bodyJSON).toEqual({
+        title: 'Unauthorized',
+        status: 401,
+        detail: 'Internal request authentication failed',
+        instance: '/overrides'
+      });
+      expect(mockProcessRequest).not.toHaveBeenCalled();
+    });
+
+    it('should use regular authentication for non-overrides endpoints', async () => {
+      const regularRequest = {
+        ...mockRequest,
+        path: '/regular-tool',
+        headers: {
+          get: jest.fn().mockImplementation((name: string) => {
+            if (name === 'x-opal-thread-id') return 'test-thread-id';
+            return null;
+          })
+        }
+      };
+
+      mockProcessRequest.mockResolvedValue(mockResponse);
+      const toolFunctionRegular = new TestToolFunction(regularRequest);
+      const result = await toolFunctionRegular.perform();
+
+      expect(result).toBe(mockResponse);
+      expect(mockProcessRequest).toHaveBeenCalledWith(regularRequest, toolFunctionRegular);
+    });
+
+    it('should handle internal authentication with valid Authorization header', async () => {
+      const overridesRequest = {
+        path: '/overrides',
+        method: 'PATCH',
+        bodyJSON: {
+          functions: [
+            {
+              name: 'test_tool',
+              description: 'Updated description'
+            }
+          ]
+        },
+        headers: {
+          get: jest.fn().mockImplementation((name: string) => {
+            if (name === 'Authorization') return 'valid-internal-token';
+            if (name === 'x-opal-thread-id') return 'test-thread-id';
+            return null;
+          })
+        }
+      };
+
+      mockProcessRequest.mockResolvedValue(mockResponse);
+      const toolFunctionOverrides = new TestToolFunction(overridesRequest);
+      const result = await toolFunctionOverrides.perform();
+
+      expect(result).toBe(mockResponse);
+      expect(mockProcessRequest).toHaveBeenCalledWith(overridesRequest, toolFunctionOverrides);
+    });
+
+    it('should handle internal authentication with lowercase authorization header', async () => {
+      const overridesRequest = {
+        path: '/overrides',
+        method: 'PATCH',
+        bodyJSON: {
+          functions: [
+            {
+              name: 'test_tool',
+              description: 'Updated description'
+            }
+          ]
+        },
+        headers: {
+          get: jest.fn().mockImplementation((name: string) => {
+            if (name === 'authorization') return 'valid-internal-token';
+            if (name === 'x-opal-thread-id') return 'test-thread-id';
+            return null;
+          })
+        }
+      };
+
+      mockProcessRequest.mockResolvedValue(mockResponse);
+      const toolFunctionOverrides = new TestToolFunction(overridesRequest);
+      const result = await toolFunctionOverrides.perform();
+
+      expect(result).toBe(mockResponse);
+      expect(mockProcessRequest).toHaveBeenCalledWith(overridesRequest, toolFunctionOverrides);
+    });
+
+    it('should fail internal authentication when token verification fails', async () => {
+      // Mock token verifier to return false for invalid token
+      mockTokenVerifier.verify.mockResolvedValue(false);
+
+      const overridesRequest = {
+        path: '/overrides',
+        method: 'DELETE',
+        bodyJSON: {},
+        headers: {
+          get: jest.fn().mockImplementation((name: string) => {
+            if (name === 'Authorization') return 'invalid-token';
+            if (name === 'x-opal-thread-id') return 'test-thread-id';
+            return null;
+          })
+        }
+      };
+
+      const toolFunctionOverrides = new TestToolFunction(overridesRequest);
+      const result = await toolFunctionOverrides.perform();
+
+      expect(result.status).toBe(401);
+      expect(result.bodyJSON).toEqual({
+        title: 'Unauthorized',
+        status: 401,
+        detail: 'Internal request authentication failed',
+        instance: '/overrides'
+      });
+      expect(mockProcessRequest).not.toHaveBeenCalled();
+    });
+
+    it('should fail internal authentication when token verifier throws error', async () => {
+      // Mock token verifier to throw an error
+      mockTokenVerifier.verify.mockRejectedValue(new Error('Token service unavailable'));
+
+      const overridesRequest = {
+        path: '/overrides',
+        method: 'DELETE',
+        bodyJSON: {},
+        headers: {
+          get: jest.fn().mockImplementation((name: string) => {
+            if (name === 'Authorization') return 'some-token';
+            if (name === 'x-opal-thread-id') return 'test-thread-id';
+            return null;
+          })
+        }
+      };
+
+      const toolFunctionOverrides = new TestToolFunction(overridesRequest);
+      const result = await toolFunctionOverrides.perform();
+
+      expect(result.status).toBe(401);
+      expect(result.bodyJSON).toEqual({
+        title: 'Unauthorized',
+        status: 401,
+        detail: 'Internal request authentication failed',
+        instance: '/overrides'
+      });
+      expect(mockProcessRequest).not.toHaveBeenCalled();
+    });
+
+    it('should fail internal authentication when headers object is missing', async () => {
+      const overridesRequest = {
+        path: '/overrides',
+        method: 'DELETE',
+        bodyJSON: {},
+        headers: {
+          get: jest.fn().mockImplementation((name: string) => {
+            if (name === 'x-opal-thread-id') return 'test-thread-id';
+            return null;
+          })
+        }
+      };
+
+      const toolFunctionOverrides = new TestToolFunction(overridesRequest);
+      const result = await toolFunctionOverrides.perform();
+
+      expect(result.status).toBe(401);
+      expect(result.bodyJSON).toEqual({
+        title: 'Unauthorized',
+        status: 401,
+        detail: 'Internal request authentication failed',
+        instance: '/overrides'
+      });
+      expect(mockProcessRequest).not.toHaveBeenCalled();
+    });
+  });
 });

package/src/function/ToolFunction.ts

@@ -1,5 +1,5 @@
 import { Function, Response, Headers, amendLogContext } from '@zaiusinc/app-sdk';
-import { authenticateRegularRequest } from '../auth/AuthUtils';
+import { authenticateRegularRequest, authenticateInternalRequest } from '../auth/AuthUtils';
 import { toolsService } from '../service/Service';
 import { ToolLogger } from '../logging/ToolLogger';
 import { ToolError } from '../types/ToolError';
@@ -17,7 +17,7 @@ export abstract class ToolFunction extends Function {
    * @async
    * @returns ReadyResponse containing ready status and optional reason when not ready
    */
-  protected ready(): Promise<ReadyResponse> {
+  protected ready(): Promise<ReadyResponse | boolean> {
     return Promise.resolve({ ready: true });
   }
 
@@ -68,7 +68,10 @@ export abstract class ToolFunction extends Function {
     }
 
     if (this.request.path === '/ready') {
-      const readyResponse = await this.ready();
+      const readyResult = await this.ready();
+      const readyResponse = typeof readyResult === 'boolean'
+        ? { ready: readyResult }
+        : readyResult;
       return new Response(200, readyResponse);
     }
 
@@ -82,6 +85,12 @@ export abstract class ToolFunction extends Function {
    * @throws {ToolError} If authentication fails
    */
   private async authorizeRequest(): Promise<void> {
-    await authenticateRegularRequest(this.request);
+    // Use internal authentication for overrides endpoint (header-based token)
+    if (this.request.path === '/overrides') {
+      await authenticateInternalRequest(this.request);
+    } else {
+      // Use regular authentication for other endpoints (body-based token with org validation)
+      await authenticateRegularRequest(this.request);
+    }
   }
 }

package/src/index.ts

@@ -4,4 +4,4 @@ export * from './types/Models';
 export * from './types/ToolError';
 export * from './decorator/Decorator';
 export * from './auth/TokenVerifier';
-export { Tool, Interaction, InteractionResult } from './service/Service';
+export { Tool, Interaction, InteractionResult, NestedInteractions } from './service/Service';

package/src/logging/ToolLogger.test.ts

@@ -32,6 +32,7 @@ describe('ToolLogger', () => {
   const createMockRequest = (overrides: any = {}): App.Request => {
     const defaultRequest = {
       path: '/test-tool',
+      method: 'POST',
       bodyJSON: {
         parameters: {
           name: 'test',
@@ -96,6 +97,7 @@ describe('ToolLogger', () => {
       const expectedLog = {
         event: 'opal_tool_request',
         path: '/test-tool',
+        method: 'POST',
         parameters: {
           name: 'test',
           value: 'data'
@@ -118,6 +120,7 @@ describe('ToolLogger', () => {
       expectJsonLog({
         event: 'opal_tool_request',
         path: '/test-tool',
+        method: 'POST',
         parameters: null
       });
     });
@@ -135,6 +138,7 @@ describe('ToolLogger', () => {
       expectJsonLog({
         event: 'opal_tool_request',
         path: '/test-tool',
+        method: 'POST',
         parameters: {
           name: 'direct',
           action: 'test'
@@ -167,6 +171,7 @@ describe('ToolLogger', () => {
       expectJsonLog({
         event: 'opal_tool_request',
         path: '/test-tool',
+        method: 'POST',
         parameters: {
           username: 'john',
           password: '[REDACTED]',
@@ -204,6 +209,7 @@ describe('ToolLogger', () => {
       expectJsonLog({
         event: 'opal_tool_request',
         path: '/test-tool',
+        method: 'POST',
         parameters: {
           PASSWORD: '[REDACTED]',
           API_KEY: '[REDACTED]',
@@ -232,6 +238,7 @@ describe('ToolLogger', () => {
       expectJsonLog({
         event: 'opal_tool_request',
         path: '/test-tool',
+        method: 'POST',
         parameters: {
           description: `${'a'.repeat(100)}... (truncated, 150 chars total)`,
           short_field: 'normal'
@@ -255,6 +262,7 @@ describe('ToolLogger', () => {
       expectJsonLog({
         event: 'opal_tool_request',
         path: '/test-tool',
+        method: 'POST',
         parameters: {
           items: [
             ...largeArray.slice(0, 10),
@@ -291,6 +299,7 @@ describe('ToolLogger', () => {
       expectJsonLog({
         event: 'opal_tool_request',
         path: '/test-tool',
+        method: 'POST',
         parameters: {
           user: {
             name: 'John',
@@ -328,6 +337,7 @@ describe('ToolLogger', () => {
       expectJsonLog({
         event: 'opal_tool_request',
         path: '/test-tool',
+        method: 'POST',
         parameters: {
           nullValue: null,
           emptyString: '',
@@ -353,6 +363,7 @@ describe('ToolLogger', () => {
       expectJsonLog({
         event: 'opal_tool_request',
         path: '/test-tool',
+        method: 'POST',
         parameters: {
           credentials: '[REDACTED]',
           public_list: ['item1', 'item2']
@@ -381,6 +392,7 @@ describe('ToolLogger', () => {
       expectJsonLog({
         event: 'opal_tool_request',
         path: '/test-tool',
+        method: 'POST',
         parameters: {
           auth: '[REDACTED]',
           public_config: {
@@ -496,7 +508,9 @@ describe('ToolLogger', () => {
       // First item: deeply nested object with inner parts replaced by placeholder
       expect(items[0]).toEqual({
         level2: {
-          level3: '[MAX_DEPTH_EXCEEDED]'
+          level3: {
+            level4: '[MAX_DEPTH_EXCEEDED]'
+          }
         }
       });
 
@@ -509,7 +523,9 @@ describe('ToolLogger', () => {
       // Fourth item: another deeply nested object with inner parts replaced by placeholder
       expect(items[3]).toEqual({
         level2: {
-          level3: '[MAX_DEPTH_EXCEEDED]'
+          level3: {
+            level4: '[MAX_DEPTH_EXCEEDED]'
+          }
         }
       });
     });
@@ -694,6 +710,7 @@ describe('ToolLogger', () => {
       expectJsonLog({
         event: 'opal_tool_request',
         path: '/test-tool',
+        method: 'POST',
         parameters: {}
       });
     });
@@ -712,6 +729,7 @@ describe('ToolLogger', () => {
       expectJsonLog({
         event: 'opal_tool_request',
         path: '/test-tool',
+        method: 'POST',
         parameters: {
           field: 'value'
         }
@@ -738,6 +756,7 @@ describe('ToolLogger', () => {
       expectJsonLog({
         event: 'opal_tool_request',
         path: '/test-tool',
+        method: 'POST',
         parameters: {
           string: 'text',
           number: 42,
@@ -749,5 +768,102 @@ describe('ToolLogger', () => {
         }
       });
     });
+
+    it('should handle tool override request with enhanced parameter descriptions', () => {
+      const overrideRequest = {
+        tools: [
+          {
+            name: 'calculate_experiment_runtime',
+            description: 'OVERRIDDEN: Enhanced experiment runtime calculator with advanced features',
+            parameters: [
+              {
+                name: 'BCR',
+                type: 'number',
+                description: 'OVERRIDDEN: Enhanced baseline conversion rate with validation',
+                required: true
+              },
+              {
+                name: 'MDE',
+                type: 'number',
+                description: 'OVERRIDDEN: Enhanced minimum detectable effect calculation',
+                required: true
+              },
+              {
+                name: 'sigLevel',
+                type: 'number',
+                description: 'OVERRIDDEN: Enhanced statistical significance level',
+                required: true
+              },
+              {
+                name: 'numVariations',
+                type: 'number',
+                description: 'OVERRIDDEN: Enhanced number of variations handling',
+                required: true
+              },
+              {
+                name: 'dailyVisitors',
+                type: 'number',
+                description: 'OVERRIDDEN: Enhanced daily visitor count with forecasting',
+                required: true
+              }
+            ]
+          }
+          // Note: NOT including calculate_sample_size in override
+        ]
+      };
+
+      const req = createMockRequest({
+        path: '/overrides',
+        bodyJSON: overrideRequest
+      });
+
+      ToolLogger.logRequest(req);
+
+      expectJsonLog({
+        event: 'opal_tool_request',
+        path: '/overrides',
+        method: 'POST',
+        parameters: {
+          tools: [
+            {
+              name: 'calculate_experiment_runtime',
+              description: 'OVERRIDDEN: Enhanced experiment runtime calculator with advanced features',
+              parameters: [
+                {
+                  name: 'BCR',
+                  type: 'number',
+                  description: 'OVERRIDDEN: Enhanced baseline conversion rate with validation',
+                  required: true
+                },
+                {
+                  name: 'MDE',
+                  type: 'number',
+                  description: 'OVERRIDDEN: Enhanced minimum detectable effect calculation',
+                  required: true
+                },
+                {
+                  name: 'sigLevel',
+                  type: 'number',
+                  description: 'OVERRIDDEN: Enhanced statistical significance level',
+                  required: true
+                },
+                {
+                  name: 'numVariations',
+                  type: 'number',
+                  description: 'OVERRIDDEN: Enhanced number of variations handling',
+                  required: true
+                },
+                {
+                  name: 'dailyVisitors',
+                  type: 'number',
+                  description: 'OVERRIDDEN: Enhanced daily visitor count with forecasting',
+                  required: true
+                }
+              ]
+            }
+          ]
+        }
+      });
+    });
   });
 });

package/src/logging/ToolLogger.ts

@@ -75,7 +75,7 @@ export class ToolLogger {
 
     if (Array.isArray(data)) {
       const truncated = data.slice(0, this.MAX_ARRAY_ITEMS);
-      const result = truncated.map((item) => this.redactSensitiveData(item, maxDepth - 1));
+      const result = truncated.map((item) => this.redactSensitiveData(item, maxDepth));
       if (data.length > this.MAX_ARRAY_ITEMS) {
         result.push(`... (${data.length - this.MAX_ARRAY_ITEMS} more items truncated)`);
       }
@@ -146,6 +146,7 @@ export class ToolLogger {
     const requestLog = {
       event: 'opal_tool_request',
       path: req.path,
+      method: req.method,
       parameters: this.createParameterSummary(params)
     };