@optimizely-opal/opal-tool-ocp-sdk 1.0.0-beta.8 → 1.0.0

package/README.md

@@ -6,7 +6,7 @@ A TypeScript SDK for building Opal tools in Optimizely Connect Platform. This SD
 
 ## Features
 
-- 🎯 **Decorator-based Tool Registration** - Use `@tool` and `@interaction` decorators to easily register functions
+- 🎯 **Decorator-based Tool Registration** - Use `@tool` decorator to easily register functions
 - 🌐 **Global and Regular Function Modes** - SDK can be used in either global or organization-scoped mode
 - 🔧 **Type-safe Development** - Full TypeScript support with comprehensive type definitions  
 - 🏗️ **Abstract Base Classes** - Extend `ToolFunction` or `GlobalToolFunction` for standardized request processing
@@ -16,35 +16,51 @@ A TypeScript SDK for building Opal tools in Optimizely Connect Platform. This SD
 - ✅ **Automatic Validation** - SDK automatically validates parameters and returns RFC 9457 compliant error responses
 - 🧪 **Comprehensive Testing** - Fully tested with Jest
 
-## Installation
+## Quick Start
+
+The SDK extends the functionality of OCP apps. You need to have an OCP app to use this SDK. 
+Learn how to get started with OCP app development [here](https://docs.developers.optimizely.com/optimizely-connect-platform/docs/developer-platform-overview-ocp2).
 
+Start by adding the SDK to your existing OCP app. In your OCP app folder, execute: 
 ```bash
-npm install @optimizely-opal/opal-tool-ocp-sdk
+yarn add @optimizely-opal/opal-tool-ocp-sdk
 ```
 
-or
+To add an Opal too registry to your OCP app, 
+add a [function](https://docs.developers.optimizely.com/optimizely-connect-platform/docs/functions-ocp2) to your app manifest and mark it as an Opal tool function:
 
-```bash
-yarn add @optimizely-opal/opal-tool-ocp-sdk
+**`app.yml`**
+```yaml
+functions: 
+  opal_tool: # A unique key for your function. 
+    entry_point: OpalToolFunction # The name of the class implementing your tool. 
+    description: Opal tool function # A brief description of this function.
+    opal_tool: true
 ```
 
-## Quick Start
+Next, create and implement function class - both file name and class must match the value of `entry_point` property from app manifest. 
+Function class must extend either `ToolFunction` or `GlobalToolFunction` class from `@optimizely-opal/opal-tool-ocp-sdk` (See 'Function modes' section below).
 
-The SDK supports two function modes:
+**`src/functions/OpalToolFunction`**
+```typescript
+import { ToolFunction } from '@optimizely-opal/opal-tool-ocp-sdk';
 
-- **Regular Functions** (`ToolFunction`) - Organization-scoped functions that validate customer organization IDs
-- **Global Functions** (`GlobalToolFunction`) - Platform-wide functions that work across all organizations
+export class OpalToolFunction extends ToolFunction {
 
-### Regular Tool Function
+}
+```
 
-Create a tool function class by extending `ToolFunction` for organization-scoped functionality:
+Next, implement tools methods and annotate them with `@tool` decorator. Each such method is a tool in your registry. 
+You can define mulitple tool methods in your app. 
+Tool methods can be defined either as tool class instance methods or in separate classes. 
+If tools are defined in separate classes, these classes need to be imported into the function class. 
 
+**`src/functions/OpalToolFunction`**
 ```typescript
-import { ToolFunction, tool, interaction, ParameterType, InteractionResult, OptiIdAuthData } from '@optimizely-opal/opal-tool-ocp-sdk';
+import { ToolFunction } from '@optimizely-opal/opal-tool-ocp-sdk';
 
-export class MyToolFunction extends ToolFunction {
+export class OpalToolFunction extends ToolFunction {
 
-  // Register a simple tool without authentication
   @tool({
     name: 'create_task',
     description: 'Creates a new task in the system',
@@ -71,118 +87,42 @@ export class MyToolFunction extends ToolFunction {
       priority: params.priority || 'medium'
     };
   }
-
-  // Register a tool with OptiID authentication
-  @tool({
-    name: 'secure_task',
-    description: 'Creates a secure task with OptiID authentication',
-    endpoint: '/secure-task',
-    parameters: [
-      {
-        name: 'title',
-        type: ParameterType.String,
-        description: 'The task title',
-        required: true
-      }
-    ],
-    authRequirements: [
-      {
-        provider: 'OptiID',
-        scopeBundle: 'tasks',
-        required: true
-      }
-    ]
-  })
-  async createSecureTask(params: { title: string }, authData?: OptiIdAuthData) {
-    if (!authData) {
-      throw new Error('OptiID authentication required');
-    }
-
-    const { customer_id, instance_id, access_token } = authData.credentials;
-    return {
-      id: '456',
-      title: params.title,
-      customer_id,
-      instance_id
-    };
-  }
-
-  // Register an interaction
-  @interaction({
-    name: 'task_webhook',
-    endpoint: '/webhook/task'
-  })
-  async handleTaskWebhook(data: any): Promise<InteractionResult> {
-    return new InteractionResult(
-      `Task ${data.taskId} was updated`,
-      `https://app.example.com/tasks/${data.taskId}`
-    );
-  }
 }
 ```
 
-### Global Tool Function
+The format of `params` attribute matches the parameters defined in `@tool` decorator. 
 
-Create a global tool function by extending `GlobalToolFunction` for platform-wide functionality:
+When the function is called by Opal, the SDK automatically: 
 
-```typescript
-import { GlobalToolFunction, tool, interaction, ParameterType, InteractionResult, OptiIdAuthData } from '@optimizely-opal/opal-tool-ocp-sdk';
+- **Routes requests** to your registered tools based on endpoints
+- **Handles authentication** and OptiID token validation before calling your methods  
+- **Provides discovery** at `/discovery` endpoint for OCP platform integration
+- **Returns proper HTTP responses** with correct status codes and JSON formatting
 
-export class MyGlobalToolFunction extends GlobalToolFunction {
+Optionally, implement `ready` method to define when tool registry can be registered and called by Opal. 
+OCP will call this method to show tool readiness in the UI. Only functions marked as `ready` can be registered and called by Opal.
+The value of `reason` property from the response will be displayed in OCP UI to inform users why the tool is not ready to be registered. 
+```typescript
+  protected override async ready(): Promise<ReadyResponse> {
+    // validation logic
+    if (!isValid) {
+      return { ready: false, reason: 'Configure the app first.' };
+    }
 
-  @tool({
-    name: 'global_utility',
-    description: 'A utility tool available to all organizations',
-    endpoint: '/global-utility',
-    parameters: [
-      {
-        name: 'operation',
-        type: ParameterType.String,
-        description: 'The operation to perform',
-        required: true
-      }
-    ]
-  })
-  async globalUtility(params: { operation: string }, authData?: OptiIdAuthData) {
-    return {
-      result: `Performed ${params.operation} globally`,
-      organizationId: authData?.credentials.customer_id || 'unknown'
-    };
+    return { ready: true };
   }
-}
 ```
 
-### Function Modes
-
-The SDK operates in one of two modes based on the base class you extend:
-
-- **Regular Function Mode** (`ToolFunction`): All tools are organization-scoped and validate organization IDs
-- **Global Function Mode** (`GlobalToolFunction`): All tools are platform-wide.
-
-The discovery endpoint returns all tools registered within that function mode.
-
-Your function class inherits a `perform()` method from `ToolFunction` or `GlobalToolFunction` that serves as the main entry point for handling all incoming requests. When called, the SDK automatically:
-
-- **Routes requests** to your registered tools and interactions based on endpoints
-- **Handles authentication** and OptiID token validation before calling your methods  
-- **Provides discovery** at `/discovery` endpoint for OCP platform integration
-- **Returns proper HTTP responses** with correct status codes and JSON formatting
-
 ## Core Concepts
 
 ### Tools
 
-Tools are functions that can be discovered and executed through the OCP platform. They:
-
-- Have a name, description, and endpoint
-- Define parameters with types and validation
-- Can require authentication
-- Return structured responses
-- Are automatically registered based on the function mode you choose
+Each OCP app with an Opal too function is a tool registry in Opal. Tool registry constist of one or more tools. 
+Each tool have name, description and a list of input parameters.
 
 ### Function Modes
 
-#### Regular Functions (`ToolFunction`)
+#### Regular Functions (function extends `ToolFunction` class)
 
 Regular functions are scoped to specific organizations and validate that requests come from the same organization:
 
@@ -191,7 +131,7 @@ Regular functions are scoped to specific organizations and validate that request
 - **Per-Organization Configuration**: Can implement organization-specific configuration, authentication credentials, and API keys since they're tied to a single organization
 - **Per-Organization Authentication**: Can store and use organization-specific authentication tokens, connection strings, and other sensitive data securely
 
-#### Global Functions (`GlobalToolFunction`)
+#### Global Functions (function extends `GlobalToolFunction` class)
 
 Global functions work across all organizations without organization validation:
 
@@ -201,14 +141,6 @@ Global functions work across all organizations without organization validation:
 - **No Per-Organization Authentication**: Cannot store organization-specific credentials or authentication data
 - **Global Discovery**: Have a global discovery URL that can be used by any organization without requiring them to install the app first
 
-### Interactions
-
-Interactions are event handlers that process incoming data (like webhooks):
-
-- Have a name and endpoint
-- Process unstructured data
-- Return interaction results with messages and optional links
-
 ### Parameters
 
 Supported parameter types:
@@ -226,7 +158,9 @@ enum ParameterType {
 
 ### Parameter Validation
 
-The SDK automatically validates all incoming parameters against the parameter definitions you specify for your tools. When Opal sends requests to your tools, the SDK performs validation before calling your handler methods:
+The SDK automatically validates all incoming parameters against the parameter definitions you specify for your tools. 
+When Opal sends requests to your tools, the SDK performs validation before calling your handler methods and automatically returns an error message that Opal understands. 
+This allow Opal to auto-correct. 
 
 #### Automatic Validation Features
 
@@ -235,36 +169,6 @@ The SDK automatically validates all incoming parameters against the parameter de
 - **Early Error Response**: Returns validation errors immediately without calling your handler if validation fails
 - **RFC 9457 Compliance**: Error responses follow the RFC 9457 Problem Details for HTTP APIs specification
 
-#### Validation Error Response Format
-
-When parameter validation fails, the SDK returns a standardized error response with HTTP status 400 and `Content-Type: application/problem+json`:
-
-```json
-{
-  "title": "One or more validation errors occurred.",
-  "status": 400,
-  "detail": "See 'errors' field for details.",
-  "instance": "/your-tool-endpoint",
-  "errors": [
-    {
-      "field": "title",
-      "message": "Parameter 'title' must be a string, but received number"
-    },
-    {
-      "field": "priority",
-      "message": "Required parameter 'priority' is missing"
-    }
-  ]
-}
-```
-
-**Benefits:**
-
-- **Reduced Boilerplate**: No need to write parameter validation code in your handlers
-- **Consistent Error Format**: All validation errors follow the same RFC 9457 standard format
-- **Better Developer Experience**: Clear, actionable error messages for API consumers
-- **Type Safety**: Validation ensures your handlers receive correctly typed parameters
-
 ### Authentication
 
 The SDK supports authentication and authorization mechanisms:
@@ -434,16 +338,16 @@ This will return:
 
 ### Handler Function Signatures
 
-All tool and interaction handler methods follow this signature pattern:
+All tool handler methods follow this signature pattern:
 
 ```typescript
 async handlerMethod(
-  params: TParams,           // Tool parameters or interaction data
+  params: TParams,           // Tool parameters
   authData?: OptiIdAuthData  // OptiID user authentication data (if authenticated)
 ): Promise<TResult>
 ```
 
-- **params**: The input parameters for tools, or interaction data for webhooks
+- **params**: The input parameters for tools
 - **authData**: Available when OptiID user authentication is configured and successful
 
 
@@ -463,17 +367,6 @@ interface ToolConfig {
 }
 ```
 
-#### `@interaction(config: InteractionConfig)`
-
-Registers a method as an interaction handler.
-
-```typescript
-interface InteractionConfig {
-  name: string;
-  endpoint: string;
-}
-```
-
 ### Base Classes
 
 #### `ToolFunction`
@@ -507,10 +400,8 @@ Extend this class for tools that work across organizations. The `perform` method
 Key model classes with generic type support:
 
 - `Tool<TAuthData>` - Represents a registered tool with typed auth data
-- `Interaction<TAuthData>` - Represents an interaction handler with typed auth data
 - `Parameter` - Defines tool parameters
 - `AuthRequirement` - Defines authentication needs
-- `InteractionResult` - Response from interactions
 - `OptiIdAuthData` - OptiID specific authentication data
 - `ReadyResponse` - Response type for the ready method containing status and optional reason
 - `ToolError` - Custom error class for RFC 9457 Problem Details error responses with configurable HTTP status codes
@@ -639,7 +530,7 @@ yarn lint
 ### Function with Authentication
 
 ```typescript
-import { ToolFunction, tool, interaction, ParameterType, OptiIdAuthData, InteractionResult } from '@optimizely-opal/opal-ocp-sdk';
+import { ToolFunction, tool, ParameterType, OptiIdAuthData } from '@optimizely-opal/opal-ocp-sdk';
 
 export class AuthenticatedFunction extends ToolFunction {
 
@@ -659,24 +550,6 @@ export class AuthenticatedFunction extends ToolFunction {
     return { success: true, customer_id };
   }
 
-  // Interaction with authentication example
-  @interaction({
-    name: 'authenticated_webhook',
-    endpoint: '/secure-webhook'
-  })
-  async handleSecureWebhook(data: any, authData?: OptiIdAuthData): Promise<InteractionResult> {
-    if (!authData) {
-      return new InteractionResult('Authentication required for webhook processing');
-    }
-
-    const { customer_id } = authData.credentials;
-    
-    // Process webhook data with authentication context
-    return new InteractionResult(
-      `Webhook processed for customer ${customer_id}: ${data.eventType}`,
-      `https://app.example.com/events/${data.eventId}`
-    );
-  }
 }
 ```
 
@@ -748,7 +621,7 @@ export class TaskTool {
 
 **tools/NotificationTool.ts:**
 ```typescript
-import { tool, interaction, ParameterType, InteractionResult, OptiIdAuthData } from '@optimizely-opal/opal-ocp-sdk';
+import { tool, ParameterType, OptiIdAuthData } from '@optimizely-opal/opal-ocp-sdk';
 
 export class NotificationTool {
   @tool({
@@ -779,16 +652,6 @@ export class NotificationTool {
     };
   }
 
-  @interaction({
-    name: 'notification_webhook',
-    endpoint: '/webhook/notification'
-  })
-  async handleNotificationWebhook(data: any): Promise<InteractionResult> {
-    return new InteractionResult(
-      `Notification ${data.notificationId} was delivered`,
-      `https://app.example.com/notifications/${data.notificationId}`
-    );
-  }
 }
 ```
 
@@ -816,7 +679,7 @@ This approach provides several benefits:
 
 ## Decorator Behavior and Instance Context
 
-The `@tool` and `@interaction` decorators provide intelligent instance context management that behaves differently depending on where the decorated methods are defined:
+The `@tool` decorator provide intelligent instance context management that behaves differently depending on where the decorated methods are defined:
 
 ### ToolFunction Subclass Context
 

package/dist/index.d.ts

@@ -4,5 +4,5 @@ export * from './types/Models';
 export * from './types/ToolError';
 export * from './decorator/Decorator';
 export * from './auth/TokenVerifier';
-export { Tool, Interaction, InteractionResult } from './service/Service';
+export { Tool, Interaction, InteractionResult, NestedInteractions } from './service/Service';
 //# sourceMappingURL=index.d.ts.map

package/dist/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,cAAc,yBAAyB,CAAC;AACxC,cAAc,+BAA+B,CAAC;AAC9C,cAAc,gBAAgB,CAAC;AAC/B,cAAc,mBAAmB,CAAC;AAClC,cAAc,uBAAuB,CAAC;AACtC,cAAc,sBAAsB,CAAC;AACrC,OAAO,EAAE,IAAI,EAAE,WAAW,EAAE,iBAAiB,EAAE,MAAM,mBAAmB,CAAC"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,cAAc,yBAAyB,CAAC;AACxC,cAAc,+BAA+B,CAAC;AAC9C,cAAc,gBAAgB,CAAC;AAC/B,cAAc,mBAAmB,CAAC;AAClC,cAAc,uBAAuB,CAAC;AACtC,cAAc,sBAAsB,CAAC;AACrC,OAAO,EAAE,IAAI,EAAE,WAAW,EAAE,iBAAiB,EAAE,kBAAkB,EAAE,MAAM,mBAAmB,CAAC"}

package/dist/index.js

@@ -14,7 +14,7 @@ var __exportStar = (this && this.__exportStar) || function(m, exports) {
     for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
 };
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.InteractionResult = exports.Interaction = exports.Tool = void 0;
+exports.NestedInteractions = exports.InteractionResult = exports.Interaction = exports.Tool = void 0;
 __exportStar(require("./function/ToolFunction"), exports);
 __exportStar(require("./function/GlobalToolFunction"), exports);
 __exportStar(require("./types/Models"), exports);
@@ -25,4 +25,5 @@ var Service_1 = require("./service/Service");
 Object.defineProperty(exports, "Tool", { enumerable: true, get: function () { return Service_1.Tool; } });
 Object.defineProperty(exports, "Interaction", { enumerable: true, get: function () { return Service_1.Interaction; } });
 Object.defineProperty(exports, "InteractionResult", { enumerable: true, get: function () { return Service_1.InteractionResult; } });
+Object.defineProperty(exports, "NestedInteractions", { enumerable: true, get: function () { return Service_1.NestedInteractions; } });
 //# sourceMappingURL=index.js.map

package/dist/index.js.map

@@ -1 +1 @@
-{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;AAAA,0DAAwC;AACxC,gEAA8C;AAC9C,iDAA+B;AAC/B,oDAAkC;AAClC,wDAAsC;AACtC,uDAAqC;AACrC,6CAAyE;AAAhE,+FAAA,IAAI,OAAA;AAAE,sGAAA,WAAW,OAAA;AAAE,4GAAA,iBAAiB,OAAA"}
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;AAAA,0DAAwC;AACxC,gEAA8C;AAC9C,iDAA+B;AAC/B,oDAAkC;AAClC,wDAAsC;AACtC,uDAAqC;AACrC,6CAA6F;AAApF,+FAAA,IAAI,OAAA;AAAE,sGAAA,WAAW,OAAA;AAAE,4GAAA,iBAAiB,OAAA;AAAE,6GAAA,kBAAkB,OAAA"}

package/dist/logging/ToolLogger.d.ts

@@ -4,12 +4,10 @@ import * as App from '@zaiusinc/app-sdk';
  */
 export declare class ToolLogger {
     private static readonly SENSITIVE_FIELDS;
-    private static readonly MAX_PARAM_LENGTH;
-    private static readonly MAX_ARRAY_ITEMS;
     /**
      * Redacts sensitive data from an object
      */
-    private static redactSensitiveData;
+    private static redactSensitiveDataAndTruncate;
     /**
      * Checks if a field name is considered sensitive
      */
@@ -22,6 +20,16 @@ export declare class ToolLogger {
      * Calculates content length of response data
      */
     private static calculateContentLength;
+    /**
+     * Extracts the response body as a string or parsed JSON object
+     */
+    private static getResponseBody;
+    /**
+     * Creates a summary of response body with security redaction and truncation
+     * For failed responses (4xx, 5xx): returns full body with redacted sensitive data
+     * For successful responses (2xx): returns first 100 chars with redacted sensitive data
+     */
+    private static createResponseBodySummary;
     /**
      * Logs an incoming request
      */

package/dist/logging/ToolLogger.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"ToolLogger.d.ts","sourceRoot":"","sources":["../../src/logging/ToolLogger.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,GAAG,MAAM,mBAAmB,CAAC;AAEzC;;GAEG;AACH,qBAAa,UAAU;IACrB,OAAO,CAAC,MAAM,CAAC,QAAQ,CAAC,gBAAgB,CAyCtC;IAEF,OAAO,CAAC,MAAM,CAAC,QAAQ,CAAC,gBAAgB,CAAO;IAC/C,OAAO,CAAC,MAAM,CAAC,QAAQ,CAAC,eAAe,CAAM;IAE7C;;OAEG;IACH,OAAO,CAAC,MAAM,CAAC,mBAAmB;IA8ClC;;OAEG;IACH,OAAO,CAAC,MAAM,CAAC,gBAAgB;IAO/B;;OAEG;IACH,OAAO,CAAC,MAAM,CAAC,sBAAsB;IAQrC;;OAEG;IACH,OAAO,CAAC,MAAM,CAAC,sBAAsB;IAYrC;;OAEG;WACW,UAAU,CACtB,GAAG,EAAE,GAAG,CAAC,OAAO,GACf,IAAI;IAaP;;OAEG;WACW,WAAW,CACvB,GAAG,EAAE,GAAG,CAAC,OAAO,EAChB,QAAQ,EAAE,GAAG,CAAC,QAAQ,EACtB,gBAAgB,CAAC,EAAE,MAAM,GACxB,IAAI;CAcR"}
+{"version":3,"file":"ToolLogger.d.ts","sourceRoot":"","sources":["../../src/logging/ToolLogger.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,GAAG,MAAM,mBAAmB,CAAC;AAMzC;;GAEG;AACH,qBAAa,UAAU;IACrB,OAAO,CAAC,MAAM,CAAC,QAAQ,CAAC,gBAAgB,CAyCtC;IAEF;;OAEG;IACH,OAAO,CAAC,MAAM,CAAC,8BAA8B;IA4D7C;;OAEG;IACH,OAAO,CAAC,MAAM,CAAC,gBAAgB;IAO/B;;OAEG;IACH,OAAO,CAAC,MAAM,CAAC,sBAAsB;IAQrC;;OAEG;IACH,OAAO,CAAC,MAAM,CAAC,sBAAsB;IAYrC;;OAEG;IACH,OAAO,CAAC,MAAM,CAAC,eAAe;IA2C9B;;;;OAIG;IACH,OAAO,CAAC,MAAM,CAAC,yBAAyB;IA0CxC;;OAEG;WACW,UAAU,CACtB,GAAG,EAAE,GAAG,CAAC,OAAO,GACf,IAAI;IAaP;;OAEG;WACW,WAAW,CACvB,GAAG,EAAE,GAAG,CAAC,OAAO,EAChB,QAAQ,EAAE,GAAG,CAAC,QAAQ,EACtB,gBAAgB,CAAC,EAAE,MAAM,GACxB,IAAI;CAoBR"}

package/dist/logging/ToolLogger.js

@@ -2,6 +2,9 @@
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.ToolLogger = void 0;
 const app_sdk_1 = require("@zaiusinc/app-sdk");
+const MAX_PARAM_LOG_LENGTH = 128;
+const MAX_BODY_LOG_LENGTH = 256;
+const MAX_ARRAY_ITEMS = 2;
 /**
  * Utility class for logging Opal tool requests and responses with security considerations
  */
@@ -45,12 +48,13 @@ class ToolLogger {
         'jwt',
         'bearer_token'
     ];
-    static MAX_PARAM_LENGTH = 100;
-    static MAX_ARRAY_ITEMS = 10;
     /**
      * Redacts sensitive data from an object
      */
-    static redactSensitiveData(data, maxDepth = 5) {
+    static redactSensitiveDataAndTruncate(data, maxDepth = 5, accumulatedLength = 0) {
+        if (accumulatedLength > MAX_BODY_LOG_LENGTH) {
+            return '';
+        }
         if (maxDepth <= 0) {
             return '[MAX_DEPTH_EXCEEDED]';
         }
@@ -58,31 +62,42 @@ class ToolLogger {
             return data;
         }
         if (typeof data === 'string') {
-            return data.length > this.MAX_PARAM_LENGTH
-                ? `${data.substring(0, this.MAX_PARAM_LENGTH)}... (truncated, ${data.length} chars total)`
-                : data;
+            if (data.length > MAX_PARAM_LOG_LENGTH) {
+                const lead = data.substring(0, MAX_PARAM_LOG_LENGTH - 10);
+                const tail = data.substring(data.length - 10);
+                return `${lead}...[${data.length - MAX_PARAM_LOG_LENGTH} truncated]...${tail}`;
+            }
+            else {
+                return data;
+            }
         }
         if (typeof data === 'number' || typeof data === 'boolean') {
             return data;
         }
         if (Array.isArray(data)) {
-            const truncated = data.slice(0, this.MAX_ARRAY_ITEMS);
-            const result = truncated.map((item) => this.redactSensitiveData(item, maxDepth));
-            if (data.length > this.MAX_ARRAY_ITEMS) {
-                result.push(`... (${data.length - this.MAX_ARRAY_ITEMS} more items truncated)`);
+            const truncated = data.slice(0, MAX_ARRAY_ITEMS);
+            const result = truncated.map((item) => this.redactSensitiveDataAndTruncate(item, maxDepth, accumulatedLength));
+            if (data.length > MAX_ARRAY_ITEMS) {
+                result.push(`... (${data.length - MAX_ARRAY_ITEMS} more items truncated)`);
             }
             return result;
         }
         if (typeof data === 'object') {
             const result = {};
             for (const [key, value] of Object.entries(data)) {
+                if (accumulatedLength > MAX_BODY_LOG_LENGTH) {
+                    break;
+                }
                 // Check if this field contains sensitive data
                 const isSensitive = this.isSensitiveField(key);
                 if (isSensitive) {
                     result[key] = '[REDACTED]';
                 }
                 else {
-                    result[key] = this.redactSensitiveData(value, maxDepth - 1);
+                    result[key] = this.redactSensitiveDataAndTruncate(value, maxDepth - 1, accumulatedLength);
+                }
+                if (result[key]) {
+                    accumulatedLength += JSON.stringify(result[key]).length;
                 }
             }
             return result;
@@ -103,7 +118,7 @@ class ToolLogger {
         if (!params) {
             return null;
         }
-        return this.redactSensitiveData(params);
+        return this.redactSensitiveDataAndTruncate(params);
     }
     /**
      * Calculates content length of response data
@@ -119,6 +134,87 @@ class ToolLogger {
             return 'unknown';
         }
     }
+    /**
+     * Extracts the response body as a string or parsed JSON object
+     */
+    static getResponseBody(response) {
+        if (!response) {
+            return null;
+        }
+        try {
+            const contentType = response.headers?.get('content-type') || '';
+            const isJson = contentType.includes('application/json') || contentType.includes('application/problem+json');
+            const isText = contentType.startsWith('text/');
+            if (!isJson && !isText) {
+                return null;
+            }
+            // Try to access bodyAsU8Array - this may throw
+            const bodyData = response.bodyAsU8Array;
+            if (!bodyData) {
+                return null;
+            }
+            // Convert Uint8Array to string
+            const bodyString = Buffer.from(bodyData).toString();
+            if (!bodyString) {
+                return null;
+            }
+            // Try to parse as JSON if content-type indicates JSON
+            if (isJson) {
+                try {
+                    return JSON.parse(bodyString);
+                }
+                catch {
+                    // If JSON parsing fails, return as string
+                    return bodyString;
+                }
+            }
+            // Return as plain text for non-JSON content types
+            return bodyString;
+        }
+        catch {
+            return null;
+        }
+    }
+    /**
+     * Creates a summary of response body with security redaction and truncation
+     * For failed responses (4xx, 5xx): returns full body with redacted sensitive data
+     * For successful responses (2xx): returns first 100 chars with redacted sensitive data
+     */
+    static createResponseBodySummary(response, success) {
+        const body = this.getResponseBody(response);
+        if (body === null || body === undefined) {
+            return null;
+        }
+        // For objects (parsed JSON), apply redaction
+        if (typeof body === 'object') {
+            // For failed responses, don't truncate strings within the object
+            const redactedBody = this.redactSensitiveDataAndTruncate(body, 5);
+            // For successful responses, truncate to first MAX_BODY_LOG_LENGTH chars
+            if (success) {
+                const bodyString = JSON.stringify(redactedBody);
+                if (bodyString.length > MAX_BODY_LOG_LENGTH) {
+                    const truncated = bodyString.substring(0, MAX_BODY_LOG_LENGTH);
+                    return `${truncated}... (truncated)`;
+                }
+                return redactedBody;
+            }
+            // For failed responses, return full redacted body
+            return redactedBody;
+        }
+        // For strings (plain text or unparseable JSON)
+        if (typeof body === 'string') {
+            // For successful responses, truncate to first 100 chars
+            if (success) {
+                if (body.length > MAX_BODY_LOG_LENGTH) {
+                    return `${body.substring(0, MAX_BODY_LOG_LENGTH)}... (truncated)`;
+                }
+                return body;
+            }
+            // For failed responses, return full body
+            return body;
+        }
+        return body;
+    }
     /**
      * Logs an incoming request
      */
@@ -137,6 +233,7 @@ class ToolLogger {
      * Logs a successful response
      */
     static logResponse(req, response, processingTimeMs) {
+        const success = response.status >= 200 && response.status < 300;
         const responseLog = {
             event: 'opal_tool_response',
             path: req.path,
@@ -144,8 +241,12 @@ class ToolLogger {
             status: response.status,
             contentType: response.headers?.get('content-type') || 'unknown',
             contentLength: this.calculateContentLength(response),
-            success: response.status >= 200 && response.status < 300
+            success
         };
+        const responseBodySummary = this.createResponseBodySummary(response, success);
+        if (responseBodySummary) {
+            responseLog.responseBody = responseBodySummary;
+        }
         // Log with Zaius audience so developers only see requests for accounts they have access to
         app_sdk_1.logger.info(app_sdk_1.LogVisibility.Zaius, JSON.stringify(responseLog));
     }