@lucern/contracts 0.3.0-alpha.1 → 0.3.0-alpha.11
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +4 -0
- package/dist/api-enums.contract.d.ts +5 -3
- package/dist/api-enums.contract.js +14 -12
- package/dist/api-enums.contract.js.map +1 -1
- package/dist/component-boundary.contract.d.ts +14 -0
- package/dist/component-boundary.contract.js +174 -0
- package/dist/component-boundary.contract.js.map +1 -0
- package/dist/component-host-boundary.contract.d.ts +46 -0
- package/dist/component-host-boundary.contract.js +60 -0
- package/dist/component-host-boundary.contract.js.map +1 -0
- package/dist/context-pack.contract.d.ts +5 -3
- package/dist/context-pack.contract.js.map +1 -1
- package/dist/{defineTable-CBQ03FXl.d.ts → defineTable-t1wr5wgn.d.ts} +1 -1
- package/dist/{dsl-BgpoVOVQ.d.ts → dsl-DVPthQGY.d.ts} +2 -2
- package/dist/dsl.d.ts +2 -2
- package/dist/dsl.js +1 -4
- package/dist/dsl.js.map +1 -1
- package/dist/edge-policy-manifest-Dw5IhT1L.d.ts +133 -0
- package/dist/function-registry/beliefs.d.ts +54 -41
- package/dist/function-registry/beliefs.js +759 -38
- package/dist/function-registry/beliefs.js.map +1 -1
- package/dist/function-registry/coding.d.ts +9 -0
- package/dist/function-registry/coding.js +811 -39
- package/dist/function-registry/coding.js.map +1 -1
- package/dist/function-registry/context.d.ts +19 -13
- package/dist/function-registry/context.js +750 -42
- package/dist/function-registry/context.js.map +1 -1
- package/dist/function-registry/contracts.d.ts +6 -0
- package/dist/function-registry/contracts.js +715 -35
- package/dist/function-registry/contracts.js.map +1 -1
- package/dist/function-registry/coordination.d.ts +12 -0
- package/dist/function-registry/coordination.js +715 -35
- package/dist/function-registry/coordination.js.map +1 -1
- package/dist/function-registry/edges.d.ts +165 -0
- package/dist/function-registry/edges.js +923 -67
- package/dist/function-registry/edges.js.map +1 -1
- package/dist/function-registry/evidence.d.ts +44 -33
- package/dist/function-registry/evidence.js +769 -47
- package/dist/function-registry/evidence.js.map +1 -1
- package/dist/function-registry/graph.d.ts +149 -53
- package/dist/function-registry/graph.js +831 -42
- package/dist/function-registry/graph.js.map +1 -1
- package/dist/function-registry/helpers.d.ts +6 -3
- package/dist/function-registry/helpers.js +716 -36
- package/dist/function-registry/helpers.js.map +1 -1
- package/dist/function-registry/identity.d.ts +6 -0
- package/dist/function-registry/identity.js +715 -35
- package/dist/function-registry/identity.js.map +1 -1
- package/dist/function-registry/index.d.ts +5 -3
- package/dist/function-registry/index.js +722 -39
- package/dist/function-registry/index.js.map +1 -1
- package/dist/function-registry/judgments.d.ts +14 -9
- package/dist/function-registry/judgments.js +727 -38
- package/dist/function-registry/judgments.js.map +1 -1
- package/dist/function-registry/legacy.d.ts +4 -0
- package/dist/function-registry/legacy.js +715 -35
- package/dist/function-registry/legacy.js.map +1 -1
- package/dist/function-registry/lenses.d.ts +24 -17
- package/dist/function-registry/lenses.js +738 -38
- package/dist/function-registry/lenses.js.map +1 -1
- package/dist/function-registry/manifest.d.ts +6 -6
- package/dist/function-registry/manifest.js +18 -2
- package/dist/function-registry/manifest.js.map +1 -1
- package/dist/function-registry/nodes.d.ts +412 -0
- package/dist/function-registry/nodes.js +5303 -0
- package/dist/function-registry/nodes.js.map +1 -0
- package/dist/function-registry/ontologies.d.ts +59 -45
- package/dist/function-registry/ontologies.js +733 -41
- package/dist/function-registry/ontologies.js.map +1 -1
- package/dist/function-registry/pipeline.d.ts +19 -13
- package/dist/function-registry/pipeline.js +724 -38
- package/dist/function-registry/pipeline.js.map +1 -1
- package/dist/function-registry/questions.d.ts +64 -49
- package/dist/function-registry/questions.js +812 -43
- package/dist/function-registry/questions.js.map +1 -1
- package/dist/function-registry/tasks.d.ts +24 -17
- package/dist/function-registry/tasks.js +776 -44
- package/dist/function-registry/tasks.js.map +1 -1
- package/dist/function-registry/topics.d.ts +109 -21
- package/dist/function-registry/topics.js +797 -39
- package/dist/function-registry/topics.js.map +1 -1
- package/dist/function-registry/types.d.ts +6 -2
- package/dist/function-registry/worktrees.d.ts +94 -41
- package/dist/function-registry/worktrees.js +854 -47
- package/dist/function-registry/worktrees.js.map +1 -1
- package/dist/function-registry-input-audit.d.ts +13 -0
- package/dist/function-registry-input-audit.js +166 -0
- package/dist/function-registry-input-audit.js.map +1 -0
- package/dist/gateway.contract.d.ts +5 -0
- package/dist/gateway.contract.js.map +1 -1
- package/dist/generated/convexSchemas.d.ts +3 -3
- package/dist/generated/convexSchemas.js +38 -18
- package/dist/generated/convexSchemas.js.map +1 -1
- package/dist/generated/infisicalRuntimeEnv.d.ts +70 -0
- package/dist/generated/infisicalRuntimeEnv.js +26572 -0
- package/dist/generated/infisicalRuntimeEnv.js.map +1 -0
- package/dist/generated/lucernGatewayEnv.d.ts +17 -0
- package/dist/generated/lucernGatewayEnv.js +38 -0
- package/dist/generated/lucernGatewayEnv.js.map +1 -0
- package/dist/generated/lucernWebPublicEnv.d.ts +26 -0
- package/dist/generated/lucernWebPublicEnv.js +32 -0
- package/dist/generated/lucernWebPublicEnv.js.map +1 -0
- package/dist/generated/lucernWebServerEnv.d.ts +33 -0
- package/dist/generated/lucernWebServerEnv.js +51 -0
- package/dist/generated/lucernWebServerEnv.js.map +1 -0
- package/dist/generated/schema-manifest.json +1199 -138
- package/dist/generated/tableOwnership.d.ts +47 -27
- package/dist/generated/tableOwnership.js +66 -26
- package/dist/generated/tableOwnership.js.map +1 -1
- package/dist/generated/tier-expectations.json +62 -8
- package/dist/graph-intelligence.contract.d.ts +506 -0
- package/dist/graph-intelligence.contract.js +595 -0
- package/dist/graph-intelligence.contract.js.map +1 -0
- package/dist/graph-types/index.d.ts +5 -1
- package/dist/graph-types/index.js +15 -4
- package/dist/graph-types/index.js.map +1 -1
- package/dist/index-CM1Pl_vI.d.ts +28 -0
- package/dist/index.d.ts +29 -414
- package/dist/index.js +34791 -1088
- package/dist/index.js.map +1 -1
- package/dist/infisical-runtime.contract.d.ts +1768 -0
- package/dist/infisical-runtime.contract.js +3093 -0
- package/dist/infisical-runtime.contract.js.map +1 -0
- package/dist/lens-filter.contract.js +4 -3
- package/dist/lens-filter.contract.js.map +1 -1
- package/dist/lens-workflow.contract.js +4 -3
- package/dist/lens-workflow.contract.js.map +1 -1
- package/dist/manifests/edge-policy-manifest.d.ts +2 -0
- package/dist/manifests/edge-policy-manifest.data.d.ts +13 -0
- package/dist/manifests/edge-policy-manifest.data.js +26 -0
- package/dist/manifests/edge-policy-manifest.data.js.map +1 -0
- package/dist/manifests/edge-policy-manifest.js +92 -0
- package/dist/manifests/edge-policy-manifest.js.map +1 -0
- package/dist/manifests/infisical-runtime-manifest.d.ts +1672 -0
- package/dist/manifests/infisical-runtime-manifest.js +2948 -0
- package/dist/manifests/infisical-runtime-manifest.js.map +1 -0
- package/dist/manifests/invariant-manifest.d.ts +65 -0
- package/dist/manifests/invariant-manifest.js +18 -0
- package/dist/manifests/invariant-manifest.js.map +1 -0
- package/dist/manifests/invariants/ast-utils.d.ts +14 -0
- package/dist/manifests/invariants/ast-utils.js +54 -0
- package/dist/manifests/invariants/ast-utils.js.map +1 -0
- package/dist/manifests/invariants/index.d.ts +15 -0
- package/dist/manifests/invariants/index.js +183 -0
- package/dist/manifests/invariants/index.js.map +1 -0
- package/dist/manifests/invariants/inv-1-beliefs-append-only.d.ts +12 -0
- package/dist/manifests/invariants/inv-1-beliefs-append-only.js +94 -0
- package/dist/manifests/invariants/inv-1-beliefs-append-only.js.map +1 -0
- package/dist/manifests/invariants/inv-14-no-silent-transitions.d.ts +12 -0
- package/dist/manifests/invariants/inv-14-no-silent-transitions.js +99 -0
- package/dist/manifests/invariants/inv-14-no-silent-transitions.js.map +1 -0
- package/dist/manifests/invariants/manifest-1-projections-declare-audit.d.ts +12 -0
- package/dist/manifests/invariants/manifest-1-projections-declare-audit.js +42 -0
- package/dist/manifests/invariants/manifest-1-projections-declare-audit.js.map +1 -0
- package/dist/manifests/tenant-client-manifest.d.ts +322 -0
- package/dist/manifests/tenant-client-manifest.js +432 -0
- package/dist/manifests/tenant-client-manifest.js.map +1 -0
- package/dist/mcp-gateway-boundary.contract.d.ts +201 -0
- package/dist/mcp-gateway-boundary.contract.js +45 -0
- package/dist/mcp-gateway-boundary.contract.js.map +1 -0
- package/dist/projections/check-convex-args-shape.d.ts +3 -0
- package/dist/projections/check-convex-args-shape.js +403 -0
- package/dist/projections/check-convex-args-shape.js.map +1 -0
- package/dist/projections/create-evidence.projection.d.ts +176 -0
- package/dist/projections/create-evidence.projection.js +130 -0
- package/dist/projections/create-evidence.projection.js.map +1 -0
- package/dist/projections/index.d.ts +102 -0
- package/dist/projections/index.js +352 -0
- package/dist/projections/index.js.map +1 -0
- package/dist/projections/list-beliefs.projection.d.ts +36 -0
- package/dist/projections/list-beliefs.projection.js +54 -0
- package/dist/projections/list-beliefs.projection.js.map +1 -0
- package/dist/projections/list-tasks.projection.d.ts +44 -0
- package/dist/projections/list-tasks.projection.js +57 -0
- package/dist/projections/list-tasks.projection.js.map +1 -0
- package/dist/projections/modulate-confidence.projection.d.ts +219 -0
- package/dist/projections/modulate-confidence.projection.js +148 -0
- package/dist/projections/modulate-confidence.projection.js.map +1 -0
- package/dist/projections/projection-dsl.d.ts +11 -0
- package/dist/projections/projection-dsl.js +8 -0
- package/dist/projections/projection-dsl.js.map +1 -0
- package/dist/proof-attestation.json +45 -0
- package/dist/schema-helpers/enumValidation.js +2 -5
- package/dist/schema-helpers/enumValidation.js.map +1 -1
- package/dist/schema-helpers/spine/nodes/decision.js +2 -1
- package/dist/schema-helpers/spine/nodes/decision.js.map +1 -1
- package/dist/schema-helpers/spine/tables/epistemicNodes.js +27 -27
- package/dist/schema-helpers/spine/tables/epistemicNodes.js.map +1 -1
- package/dist/schemas/component-table-manifest.d.ts +6 -6
- package/dist/schemas/component-table-manifest.js +2 -2
- package/dist/schemas/component-table-manifest.js.map +1 -1
- package/dist/schemas/enums.d.ts +5 -2
- package/dist/schemas/enums.js +5 -2
- package/dist/schemas/enums.js.map +1 -1
- package/dist/schemas/index.d.ts +3 -3
- package/dist/schemas/index.js +1129 -139
- package/dist/schemas/index.js.map +1 -1
- package/dist/schemas/manifest.d.ts +2979 -949
- package/dist/schemas/manifest.js +1127 -137
- package/dist/schemas/manifest.js.map +1 -1
- package/dist/schemas/sl-opinion.d.ts +4 -4
- package/dist/schemas/tables/controlPlane/accessControl.d.ts +260 -0
- package/dist/schemas/tables/controlPlane/accessControl.js +653 -0
- package/dist/schemas/tables/controlPlane/accessControl.js.map +1 -0
- package/dist/schemas/tables/{identity → controlPlane}/agent.d.ts +1 -1
- package/dist/schemas/tables/{identity → controlPlane}/agent.js +3 -3
- package/dist/schemas/tables/controlPlane/agent.js.map +1 -0
- package/dist/schemas/tables/{identity → controlPlane}/epistemic.d.ts +1 -1
- package/dist/schemas/tables/{identity → controlPlane}/epistemic.js +3 -3
- package/dist/schemas/tables/controlPlane/epistemic.js.map +1 -0
- package/dist/schemas/tables/{identity → controlPlane}/model.d.ts +1 -1
- package/dist/schemas/tables/{identity → controlPlane}/model.js +6 -6
- package/dist/schemas/tables/controlPlane/model.js.map +1 -0
- package/dist/schemas/tables/{identity → controlPlane}/platform.d.ts +11 -11
- package/dist/schemas/tables/{identity → controlPlane}/platform.js +18 -18
- package/dist/schemas/tables/controlPlane/platform.js.map +1 -0
- package/dist/schemas/tables/{identity → controlPlane}/project.d.ts +1 -1
- package/dist/schemas/tables/{identity → controlPlane}/project.js +3 -3
- package/dist/schemas/tables/controlPlane/project.js.map +1 -0
- package/dist/schemas/tables/{identity → controlPlane}/user.d.ts +1 -1
- package/dist/schemas/tables/{identity → controlPlane}/user.js +3 -3
- package/dist/schemas/tables/controlPlane/user.js.map +1 -0
- package/dist/schemas/tables/kernel/config.d.ts +1 -1
- package/dist/schemas/tables/kernel/config.js.map +1 -1
- package/dist/schemas/tables/kernel/coordination.d.ts +1 -1
- package/dist/schemas/tables/kernel/coordination.js.map +1 -1
- package/dist/schemas/tables/kernel/decision.d.ts +1 -1
- package/dist/schemas/tables/kernel/decision.js.map +1 -1
- package/dist/schemas/tables/kernel/embedding.d.ts +1 -1
- package/dist/schemas/tables/kernel/embedding.js.map +1 -1
- package/dist/schemas/tables/kernel/epistemic.d.ts +7 -7
- package/dist/schemas/tables/kernel/epistemic.js.map +1 -1
- package/dist/schemas/tables/kernel/idempotency.d.ts +1 -1
- package/dist/schemas/tables/kernel/idempotency.js.map +1 -1
- package/dist/schemas/tables/kernel/infra.d.ts +5 -5
- package/dist/schemas/tables/kernel/infra.js.map +1 -1
- package/dist/schemas/tables/kernel/intelligence.d.ts +11 -11
- package/dist/schemas/tables/kernel/intelligence.js.map +1 -1
- package/dist/schemas/tables/kernel/lens.d.ts +5 -5
- package/dist/schemas/tables/kernel/lens.js.map +1 -1
- package/dist/schemas/tables/kernel/ontology.d.ts +1 -1
- package/dist/schemas/tables/kernel/ontology.js.map +1 -1
- package/dist/schemas/tables/kernel/platform.d.ts +13 -13
- package/dist/schemas/tables/kernel/platform.js.map +1 -1
- package/dist/schemas/tables/kernel/spine.d.ts +5 -4
- package/dist/schemas/tables/kernel/spine.js +6 -2
- package/dist/schemas/tables/kernel/spine.js.map +1 -1
- package/dist/schemas/tables/kernel/task.d.ts +43 -43
- package/dist/schemas/tables/kernel/task.js.map +1 -1
- package/dist/schemas/tables/kernel/topic.d.ts +1 -1
- package/dist/schemas/tables/kernel/topic.js +5 -1
- package/dist/schemas/tables/kernel/topic.js.map +1 -1
- package/dist/schemas/tables/kernel/workflow.d.ts +1 -1
- package/dist/schemas/tables/kernel/workflow.js.map +1 -1
- package/dist/schemas/tables/kernel/worktree.d.ts +55 -55
- package/dist/schemas/tables/kernel/worktree.js.map +1 -1
- package/dist/schemas/tables/mc/identity.d.ts +44 -4
- package/dist/schemas/tables/mc/identity.js +66 -1
- package/dist/schemas/tables/mc/identity.js.map +1 -1
- package/dist/schemas/tables/mc/methodology.d.ts +1 -1
- package/dist/schemas/tables/mc/methodology.js.map +1 -1
- package/dist/schemas/tables/mc/pack.d.ts +21 -21
- package/dist/schemas/tables/mc/pack.js.map +1 -1
- package/dist/schemas/tables/mc/policy.d.ts +2 -2
- package/dist/schemas/tables/mc/policy.js +1 -1
- package/dist/schemas/tables/mc/policy.js.map +1 -1
- package/dist/schemas/tables/mc/registry.d.ts +5 -5
- package/dist/schemas/tables/mc/registry.js.map +1 -1
- package/dist/schemas/tables/mc/runtime.d.ts +109 -3
- package/dist/schemas/tables/mc/runtime.js +330 -104
- package/dist/schemas/tables/mc/runtime.js.map +1 -1
- package/dist/schemas/tables/mc/tenant.d.ts +3 -2
- package/dist/schemas/tables/mc/tenant.js +2 -1
- package/dist/schemas/tables/mc/tenant.js.map +1 -1
- package/dist/schemas/tables/mc/workspace.d.ts +28 -5
- package/dist/schemas/tables/mc/workspace.js +36 -2
- package/dist/schemas/tables/mc/workspace.js.map +1 -1
- package/dist/sdk-methods.contract.d.ts +2 -2
- package/dist/{sdk-tools.contract-S4ia0TTo.d.ts → sdk-tools.contract-BNklQDfB.d.ts} +2 -2
- package/dist/sdk-tools.contract.d.ts +2 -2
- package/dist/sdk-tools.contract.js +672 -24
- package/dist/sdk-tools.contract.js.map +1 -1
- package/dist/tenant-bootstrap-seed.contract.d.ts +1269 -0
- package/dist/tenant-bootstrap-seed.contract.js +751 -0
- package/dist/tenant-bootstrap-seed.contract.js.map +1 -0
- package/dist/tenant-bootstrap-seed.defaults.d.ts +16 -0
- package/dist/tenant-bootstrap-seed.defaults.js +303 -0
- package/dist/tenant-bootstrap-seed.defaults.js.map +1 -0
- package/dist/tenant-client.contract.d.ts +349 -0
- package/dist/tenant-client.contract.js +488 -0
- package/dist/tenant-client.contract.js.map +1 -0
- package/dist/{tool-contracts-C92-9ueT.d.ts → tool-contracts-BevD9Ho2.d.ts} +36 -2
- package/dist/tool-contracts.d.ts +1 -1
- package/dist/tool-contracts.js +673 -25
- package/dist/tool-contracts.js.map +1 -1
- package/package.json +30 -1
- package/dist/index-CV-0_VWJ.d.ts +0 -25
- package/dist/schemas/tables/identity/agent.js.map +0 -1
- package/dist/schemas/tables/identity/epistemic.js.map +0 -1
- package/dist/schemas/tables/identity/model.js.map +0 -1
- package/dist/schemas/tables/identity/platform.js.map +0 -1
- package/dist/schemas/tables/identity/project.js.map +0 -1
- package/dist/schemas/tables/identity/user.js.map +0 -1
|
@@ -0,0 +1,13 @@
|
|
|
1
|
+
import { FunctionContract } from './function-registry/types.js';
|
|
2
|
+
|
|
3
|
+
type FunctionRegistryInputAuditFinding = {
|
|
4
|
+
contractName: string;
|
|
5
|
+
projectionKeys: string[];
|
|
6
|
+
acceptedKeys: string[];
|
|
7
|
+
missingKeys: string[];
|
|
8
|
+
};
|
|
9
|
+
type InputProjection = NonNullable<FunctionContract["convex"]>["inputProjection"];
|
|
10
|
+
declare function projectionReadKeys(projection: InputProjection): string[];
|
|
11
|
+
declare function auditFunctionRegistryInputs(contracts?: readonly FunctionContract[]): FunctionRegistryInputAuditFinding[];
|
|
12
|
+
|
|
13
|
+
export { type FunctionRegistryInputAuditFinding, auditFunctionRegistryInputs, projectionReadKeys };
|
|
@@ -0,0 +1,166 @@
|
|
|
1
|
+
import { z } from 'zod';
|
|
2
|
+
import { ALL_FUNCTION_CONTRACTS } from './function-registry/index.js';
|
|
3
|
+
|
|
4
|
+
// src/function-registry-input-audit.ts
|
|
5
|
+
var INTERNAL_OR_ALIAS_KEYS = /* @__PURE__ */ new Set([
|
|
6
|
+
"__sdkSessionId",
|
|
7
|
+
"actorId",
|
|
8
|
+
"beliefId",
|
|
9
|
+
"createdBy",
|
|
10
|
+
"evidenceId",
|
|
11
|
+
"id",
|
|
12
|
+
"insightId",
|
|
13
|
+
"nodeId",
|
|
14
|
+
"ontologyId",
|
|
15
|
+
"parentNodeId",
|
|
16
|
+
"principalId",
|
|
17
|
+
"projectId",
|
|
18
|
+
"questionId",
|
|
19
|
+
"tenantId",
|
|
20
|
+
"trustedBypassAccessCheck",
|
|
21
|
+
"userId",
|
|
22
|
+
"versionId",
|
|
23
|
+
"workspaceId"
|
|
24
|
+
]);
|
|
25
|
+
var INTENTIONAL_PROJECTION_READS = {
|
|
26
|
+
add_evidence: ["linkedBeliefNodeId", "targetId"],
|
|
27
|
+
apply_lens_to_topic: ["metadata"],
|
|
28
|
+
archive_belief: ["reason"],
|
|
29
|
+
check_permission: ["principalId", "tenantId", "userId", "workspaceId"],
|
|
30
|
+
claim_files: ["paths", "touchedFiles"],
|
|
31
|
+
complete_task: ["summary"],
|
|
32
|
+
create_belief: ["formulation"],
|
|
33
|
+
discover: ["prompt", "topicHint"],
|
|
34
|
+
filter_by_permission: ["principalId", "tenantId", "userId", "workspaceId"],
|
|
35
|
+
get_change_history: ["status"],
|
|
36
|
+
get_failure_log: ["status"],
|
|
37
|
+
identity_whoami: ["principalId", "tenantId", "userId", "workspaceId"],
|
|
38
|
+
ingest_observation: ["reasoning", "trustedBypassAccessCheck"],
|
|
39
|
+
link_evidence: [
|
|
40
|
+
"beliefId",
|
|
41
|
+
"beliefNodeId",
|
|
42
|
+
"context",
|
|
43
|
+
"evidenceNodeId",
|
|
44
|
+
"globalId",
|
|
45
|
+
"insightId",
|
|
46
|
+
"topicId",
|
|
47
|
+
"trustedBypassAccessCheck",
|
|
48
|
+
"type"
|
|
49
|
+
],
|
|
50
|
+
link_evidence_to_belief: [
|
|
51
|
+
"beliefNodeId",
|
|
52
|
+
"context",
|
|
53
|
+
"evidenceNodeId",
|
|
54
|
+
"globalId",
|
|
55
|
+
"insightId",
|
|
56
|
+
"targetId",
|
|
57
|
+
"topicId",
|
|
58
|
+
"trustedBypassAccessCheck",
|
|
59
|
+
"type"
|
|
60
|
+
],
|
|
61
|
+
link_evidence_to_question: [
|
|
62
|
+
"context",
|
|
63
|
+
"evidenceNodeId",
|
|
64
|
+
"globalId",
|
|
65
|
+
"impactScore",
|
|
66
|
+
"insightId",
|
|
67
|
+
"questionNodeId",
|
|
68
|
+
"targetId",
|
|
69
|
+
"topicId",
|
|
70
|
+
"trustedBypassAccessCheck",
|
|
71
|
+
"weight"
|
|
72
|
+
],
|
|
73
|
+
list_evidence: ["status"],
|
|
74
|
+
manage_write_policy: ["summary"],
|
|
75
|
+
merge: ["decisionsReached", "keyFindings", "nextSteps"],
|
|
76
|
+
record_attempt: ["reasoning", "trustedBypassAccessCheck"],
|
|
77
|
+
record_judgment: ["reasoning", "trustedBypassAccessCheck"],
|
|
78
|
+
record_scope_learning: ["reasoning", "trustedBypassAccessCheck"],
|
|
79
|
+
search_beliefs: ["searchQuery"],
|
|
80
|
+
search_evidence: ["query", "searchQuery"],
|
|
81
|
+
update_question_status: ["answer", "answerStatus", "nodeId", "questionId"],
|
|
82
|
+
update_topic: ["graphScopeProjectId"]
|
|
83
|
+
};
|
|
84
|
+
function unwrapObjectSchema(schema) {
|
|
85
|
+
let current = schema;
|
|
86
|
+
while (true) {
|
|
87
|
+
switch (current._def.typeName) {
|
|
88
|
+
case z.ZodFirstPartyTypeKind.ZodEffects:
|
|
89
|
+
current = current._def.schema;
|
|
90
|
+
continue;
|
|
91
|
+
case z.ZodFirstPartyTypeKind.ZodBranded:
|
|
92
|
+
current = current._def.type;
|
|
93
|
+
continue;
|
|
94
|
+
default:
|
|
95
|
+
return current instanceof z.ZodObject ? current : void 0;
|
|
96
|
+
}
|
|
97
|
+
}
|
|
98
|
+
}
|
|
99
|
+
function objectSchemaKeys(schema) {
|
|
100
|
+
const objectSchema = unwrapObjectSchema(schema);
|
|
101
|
+
if (!objectSchema) {
|
|
102
|
+
return /* @__PURE__ */ new Set();
|
|
103
|
+
}
|
|
104
|
+
const shape = typeof objectSchema._def.shape === "function" ? objectSchema._def.shape() : objectSchema._def.shape;
|
|
105
|
+
return new Set(Object.keys(shape));
|
|
106
|
+
}
|
|
107
|
+
function projectionReadKeys(projection) {
|
|
108
|
+
if (!projection) {
|
|
109
|
+
return [];
|
|
110
|
+
}
|
|
111
|
+
const source = String(projection);
|
|
112
|
+
const keys = /* @__PURE__ */ new Set();
|
|
113
|
+
for (const match of source.matchAll(/\binput\s*\.\s*([A-Za-z_$][\w$]*)/gu)) {
|
|
114
|
+
keys.add(match[1]);
|
|
115
|
+
}
|
|
116
|
+
for (const match of source.matchAll(/\binput\s*\[\s*["']([^"']+)["']\s*\]/gu)) {
|
|
117
|
+
keys.add(match[1]);
|
|
118
|
+
}
|
|
119
|
+
return [...keys].sort();
|
|
120
|
+
}
|
|
121
|
+
function acceptedInputKeys(contract) {
|
|
122
|
+
const keys = [
|
|
123
|
+
.../* @__PURE__ */ new Set([
|
|
124
|
+
...objectSchemaKeys(contract.args),
|
|
125
|
+
...objectSchemaKeys(contract.input),
|
|
126
|
+
...Object.keys(contract.mcp.parameters),
|
|
127
|
+
"__sdkSessionId"
|
|
128
|
+
])
|
|
129
|
+
];
|
|
130
|
+
keys.sort();
|
|
131
|
+
return keys;
|
|
132
|
+
}
|
|
133
|
+
function allowedProjectionKeys(contractName) {
|
|
134
|
+
return /* @__PURE__ */ new Set([
|
|
135
|
+
...INTERNAL_OR_ALIAS_KEYS,
|
|
136
|
+
...INTENTIONAL_PROJECTION_READS[contractName] ?? []
|
|
137
|
+
]);
|
|
138
|
+
}
|
|
139
|
+
function auditFunctionRegistryInputs(contracts = ALL_FUNCTION_CONTRACTS) {
|
|
140
|
+
return contracts.flatMap((contract) => {
|
|
141
|
+
const projectionKeys = projectionReadKeys(contract.convex?.inputProjection);
|
|
142
|
+
if (projectionKeys.length === 0) {
|
|
143
|
+
return [];
|
|
144
|
+
}
|
|
145
|
+
const accepted = new Set(acceptedInputKeys(contract));
|
|
146
|
+
const allowed = allowedProjectionKeys(contract.name);
|
|
147
|
+
const missingKeys = projectionKeys.filter(
|
|
148
|
+
(key) => !accepted.has(key) && !allowed.has(key)
|
|
149
|
+
);
|
|
150
|
+
if (missingKeys.length === 0) {
|
|
151
|
+
return [];
|
|
152
|
+
}
|
|
153
|
+
return [
|
|
154
|
+
{
|
|
155
|
+
contractName: contract.name,
|
|
156
|
+
projectionKeys,
|
|
157
|
+
acceptedKeys: [...accepted].sort(),
|
|
158
|
+
missingKeys
|
|
159
|
+
}
|
|
160
|
+
];
|
|
161
|
+
});
|
|
162
|
+
}
|
|
163
|
+
|
|
164
|
+
export { auditFunctionRegistryInputs, projectionReadKeys };
|
|
165
|
+
//# sourceMappingURL=function-registry-input-audit.js.map
|
|
166
|
+
//# sourceMappingURL=function-registry-input-audit.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"sources":["../src/function-registry-input-audit.ts"],"names":[],"mappings":";;;;AAeA,IAAM,sBAAA,uBAA6B,GAAA,CAAI;AAAA,EACrC,gBAAA;AAAA,EACA,SAAA;AAAA,EACA,UAAA;AAAA,EACA,WAAA;AAAA,EACA,YAAA;AAAA,EACA,IAAA;AAAA,EACA,WAAA;AAAA,EACA,QAAA;AAAA,EACA,YAAA;AAAA,EACA,cAAA;AAAA,EACA,aAAA;AAAA,EACA,WAAA;AAAA,EACA,YAAA;AAAA,EACA,UAAA;AAAA,EACA,0BAAA;AAAA,EACA,QAAA;AAAA,EACA,WAAA;AAAA,EACA;AACF,CAAC,CAAA;AAED,IAAM,4BAAA,GAAkE;AAAA,EACtE,YAAA,EAAc,CAAC,oBAAA,EAAsB,UAAU,CAAA;AAAA,EAC/C,mBAAA,EAAqB,CAAC,UAAU,CAAA;AAAA,EAChC,cAAA,EAAgB,CAAC,QAAQ,CAAA;AAAA,EACzB,gBAAA,EAAkB,CAAC,aAAA,EAAe,UAAA,EAAY,UAAU,aAAa,CAAA;AAAA,EACrE,WAAA,EAAa,CAAC,OAAA,EAAS,cAAc,CAAA;AAAA,EACrC,aAAA,EAAe,CAAC,SAAS,CAAA;AAAA,EACzB,aAAA,EAAe,CAAC,aAAa,CAAA;AAAA,EAC7B,QAAA,EAAU,CAAC,QAAA,EAAU,WAAW,CAAA;AAAA,EAChC,oBAAA,EAAsB,CAAC,aAAA,EAAe,UAAA,EAAY,UAAU,aAAa,CAAA;AAAA,EACzE,kBAAA,EAAoB,CAAC,QAAQ,CAAA;AAAA,EAC7B,eAAA,EAAiB,CAAC,QAAQ,CAAA;AAAA,EAC1B,eAAA,EAAiB,CAAC,aAAA,EAAe,UAAA,EAAY,UAAU,aAAa,CAAA;AAAA,EACpE,kBAAA,EAAoB,CAAC,WAAA,EAAa,0BAA0B,CAAA;AAAA,EAC5D,aAAA,EAAe;AAAA,IACb,UAAA;AAAA,IACA,cAAA;AAAA,IACA,SAAA;AAAA,IACA,gBAAA;AAAA,IACA,UAAA;AAAA,IACA,WAAA;AAAA,IACA,SAAA;AAAA,IACA,0BAAA;AAAA,IACA;AAAA,GACF;AAAA,EACA,uBAAA,EAAyB;AAAA,IACvB,cAAA;AAAA,IACA,SAAA;AAAA,IACA,gBAAA;AAAA,IACA,UAAA;AAAA,IACA,WAAA;AAAA,IACA,UAAA;AAAA,IACA,SAAA;AAAA,IACA,0BAAA;AAAA,IACA;AAAA,GACF;AAAA,EACA,yBAAA,EAA2B;AAAA,IACzB,SAAA;AAAA,IACA,gBAAA;AAAA,IACA,UAAA;AAAA,IACA,aAAA;AAAA,IACA,WAAA;AAAA,IACA,gBAAA;AAAA,IACA,UAAA;AAAA,IACA,SAAA;AAAA,IACA,0BAAA;AAAA,IACA;AAAA,GACF;AAAA,EACA,aAAA,EAAe,CAAC,QAAQ,CAAA;AAAA,EACxB,mBAAA,EAAqB,CAAC,SAAS,CAAA;AAAA,EAC/B,KAAA,EAAO,CAAC,kBAAA,EAAoB,aAAA,EAAe,WAAW,CAAA;AAAA,EACtD,cAAA,EAAgB,CAAC,WAAA,EAAa,0BAA0B,CAAA;AAAA,EACxD,eAAA,EAAiB,CAAC,WAAA,EAAa,0BAA0B,CAAA;AAAA,EACzD,qBAAA,EAAuB,CAAC,WAAA,EAAa,0BAA0B,CAAA;AAAA,EAC/D,cAAA,EAAgB,CAAC,aAAa,CAAA;AAAA,EAC9B,eAAA,EAAiB,CAAC,OAAA,EAAS,aAAa,CAAA;AAAA,EACxC,sBAAA,EAAwB,CAAC,QAAA,EAAU,cAAA,EAAgB,UAAU,YAAY,CAAA;AAAA,EACzE,YAAA,EAAc,CAAC,qBAAqB;AACtC,CAAA;AAEA,SAAS,mBACP,MAAA,EACwC;AACxC,EAAA,IAAI,OAAA,GAAU,MAAA;AACd,EAAA,OAAO,IAAA,EAAM;AACX,IAAA,QAAQ,OAAA,CAAQ,KAAK,QAAA;AAAU,MAC7B,KAAK,EAAE,qBAAA,CAAsB,UAAA;AAC3B,QAAA,OAAA,GAAU,QAAQ,IAAA,CAAK,MAAA;AACvB,QAAA;AAAA,MACF,KAAK,EAAE,qBAAA,CAAsB,UAAA;AAC3B,QAAA,OAAA,GAAU,QAAQ,IAAA,CAAK,IAAA;AACvB,QAAA;AAAA,MACF;AACE,QAAA,OAAO,OAAA,YAAmB,CAAA,CAAE,SAAA,GAAY,OAAA,GAAU,MAAA;AAAA;AACtD,EACF;AACF;AAEA,SAAS,iBAAiB,MAAA,EAAmC;AAC3D,EAAA,MAAM,YAAA,GAAe,mBAAmB,MAAM,CAAA;AAC9C,EAAA,IAAI,CAAC,YAAA,EAAc;AACjB,IAAA,2BAAW,GAAA,EAAI;AAAA,EACjB;AACA,EAAA,MAAM,KAAA,GACJ,OAAO,YAAA,CAAa,IAAA,CAAK,KAAA,KAAU,UAAA,GAC/B,YAAA,CAAa,IAAA,CAAK,KAAA,EAAM,GACxB,YAAA,CAAa,IAAA,CAAK,KAAA;AACxB,EAAA,OAAO,IAAI,GAAA,CAAI,MAAA,CAAO,IAAA,CAAK,KAAK,CAAC,CAAA;AACnC;AAEO,SAAS,mBACd,UAAA,EACU;AACV,EAAA,IAAI,CAAC,UAAA,EAAY;AACf,IAAA,OAAO,EAAC;AAAA,EACV;AACA,EAAA,MAAM,MAAA,GAAS,OAAO,UAAU,CAAA;AAChC,EAAA,MAAM,IAAA,uBAAW,GAAA,EAAY;AAE7B,EAAA,KAAA,MAAW,KAAA,IAAS,MAAA,CAAO,QAAA,CAAS,qCAAqC,CAAA,EAAG;AAC1E,IAAA,IAAA,CAAK,GAAA,CAAI,KAAA,CAAM,CAAC,CAAC,CAAA;AAAA,EACnB;AACA,EAAA,KAAA,MAAW,KAAA,IAAS,MAAA,CAAO,QAAA,CAAS,wCAAwC,CAAA,EAAG;AAC7E,IAAA,IAAA,CAAK,GAAA,CAAI,KAAA,CAAM,CAAC,CAAC,CAAA;AAAA,EACnB;AAEA,EAAA,OAAO,CAAC,GAAG,IAAI,CAAA,CAAE,IAAA,EAAK;AACxB;AAEA,SAAS,kBAAkB,QAAA,EAAsC;AAC/D,EAAA,MAAM,IAAA,GAAO;AAAA,IACX,uBAAO,GAAA,CAAI;AAAA,MACT,GAAG,gBAAA,CAAiB,QAAA,CAAS,IAAI,CAAA;AAAA,MACjC,GAAG,gBAAA,CAAiB,QAAA,CAAS,KAAK,CAAA;AAAA,MAClC,GAAG,MAAA,CAAO,IAAA,CAAK,QAAA,CAAS,IAAI,UAAU,CAAA;AAAA,MACtC;AAAA,KACD;AAAA,GACH;AACA,EAAA,IAAA,CAAK,IAAA,EAAK;AACV,EAAA,OAAO,IAAA;AACT;AAEA,SAAS,sBAAsB,YAAA,EAAmC;AAChE,EAAA,2BAAW,GAAA,CAAI;AAAA,IACb,GAAG,sBAAA;AAAA,IACH,GAAI,4BAAA,CAA6B,YAAY,CAAA,IAAK;AAAC,GACpD,CAAA;AACH;AAEO,SAAS,2BAAA,CACd,YAAyC,sBAAA,EACJ;AACrC,EAAA,OAAO,SAAA,CAAU,OAAA,CAAQ,CAAC,QAAA,KAAa;AACrC,IAAA,MAAM,cAAA,GAAiB,kBAAA,CAAmB,QAAA,CAAS,MAAA,EAAQ,eAAe,CAAA;AAC1E,IAAA,IAAI,cAAA,CAAe,WAAW,CAAA,EAAG;AAC/B,MAAA,OAAO,EAAC;AAAA,IACV;AAEA,IAAA,MAAM,QAAA,GAAW,IAAI,GAAA,CAAI,iBAAA,CAAkB,QAAQ,CAAC,CAAA;AACpD,IAAA,MAAM,OAAA,GAAU,qBAAA,CAAsB,QAAA,CAAS,IAAI,CAAA;AACnD,IAAA,MAAM,cAAc,cAAA,CAAe,MAAA;AAAA,MACjC,CAAC,GAAA,KAAQ,CAAC,QAAA,CAAS,GAAA,CAAI,GAAG,CAAA,IAAK,CAAC,OAAA,CAAQ,GAAA,CAAI,GAAG;AAAA,KACjD;AAEA,IAAA,IAAI,WAAA,CAAY,WAAW,CAAA,EAAG;AAC5B,MAAA,OAAO,EAAC;AAAA,IACV;AAEA,IAAA,OAAO;AAAA,MACL;AAAA,QACE,cAAc,QAAA,CAAS,IAAA;AAAA,QACvB,cAAA;AAAA,QACA,YAAA,EAAc,CAAC,GAAG,QAAQ,EAAE,IAAA,EAAK;AAAA,QACjC;AAAA;AACF,KACF;AAAA,EACF,CAAC,CAAA;AACH","file":"function-registry-input-audit.js","sourcesContent":["import { z } from \"zod\";\nimport { ALL_FUNCTION_CONTRACTS } from \"./function-registry/index.js\";\nimport type { FunctionContract } from \"./function-registry/types.js\";\n\nexport type FunctionRegistryInputAuditFinding = {\n contractName: string;\n projectionKeys: string[];\n acceptedKeys: string[];\n missingKeys: string[];\n};\n\ntype InputProjection = NonNullable<\n FunctionContract[\"convex\"]\n>[\"inputProjection\"];\n\nconst INTERNAL_OR_ALIAS_KEYS = new Set([\n \"__sdkSessionId\",\n \"actorId\",\n \"beliefId\",\n \"createdBy\",\n \"evidenceId\",\n \"id\",\n \"insightId\",\n \"nodeId\",\n \"ontologyId\",\n \"parentNodeId\",\n \"principalId\",\n \"projectId\",\n \"questionId\",\n \"tenantId\",\n \"trustedBypassAccessCheck\",\n \"userId\",\n \"versionId\",\n \"workspaceId\",\n]);\n\nconst INTENTIONAL_PROJECTION_READS: Record<string, readonly string[]> = {\n add_evidence: [\"linkedBeliefNodeId\", \"targetId\"],\n apply_lens_to_topic: [\"metadata\"],\n archive_belief: [\"reason\"],\n check_permission: [\"principalId\", \"tenantId\", \"userId\", \"workspaceId\"],\n claim_files: [\"paths\", \"touchedFiles\"],\n complete_task: [\"summary\"],\n create_belief: [\"formulation\"],\n discover: [\"prompt\", \"topicHint\"],\n filter_by_permission: [\"principalId\", \"tenantId\", \"userId\", \"workspaceId\"],\n get_change_history: [\"status\"],\n get_failure_log: [\"status\"],\n identity_whoami: [\"principalId\", \"tenantId\", \"userId\", \"workspaceId\"],\n ingest_observation: [\"reasoning\", \"trustedBypassAccessCheck\"],\n link_evidence: [\n \"beliefId\",\n \"beliefNodeId\",\n \"context\",\n \"evidenceNodeId\",\n \"globalId\",\n \"insightId\",\n \"topicId\",\n \"trustedBypassAccessCheck\",\n \"type\",\n ],\n link_evidence_to_belief: [\n \"beliefNodeId\",\n \"context\",\n \"evidenceNodeId\",\n \"globalId\",\n \"insightId\",\n \"targetId\",\n \"topicId\",\n \"trustedBypassAccessCheck\",\n \"type\",\n ],\n link_evidence_to_question: [\n \"context\",\n \"evidenceNodeId\",\n \"globalId\",\n \"impactScore\",\n \"insightId\",\n \"questionNodeId\",\n \"targetId\",\n \"topicId\",\n \"trustedBypassAccessCheck\",\n \"weight\",\n ],\n list_evidence: [\"status\"],\n manage_write_policy: [\"summary\"],\n merge: [\"decisionsReached\", \"keyFindings\", \"nextSteps\"],\n record_attempt: [\"reasoning\", \"trustedBypassAccessCheck\"],\n record_judgment: [\"reasoning\", \"trustedBypassAccessCheck\"],\n record_scope_learning: [\"reasoning\", \"trustedBypassAccessCheck\"],\n search_beliefs: [\"searchQuery\"],\n search_evidence: [\"query\", \"searchQuery\"],\n update_question_status: [\"answer\", \"answerStatus\", \"nodeId\", \"questionId\"],\n update_topic: [\"graphScopeProjectId\"],\n};\n\nfunction unwrapObjectSchema(\n schema: z.ZodTypeAny,\n): z.ZodObject<z.ZodRawShape> | undefined {\n let current = schema;\n while (true) {\n switch (current._def.typeName) {\n case z.ZodFirstPartyTypeKind.ZodEffects:\n current = current._def.schema;\n continue;\n case z.ZodFirstPartyTypeKind.ZodBranded:\n current = current._def.type;\n continue;\n default:\n return current instanceof z.ZodObject ? current : undefined;\n }\n }\n}\n\nfunction objectSchemaKeys(schema: z.ZodTypeAny): Set<string> {\n const objectSchema = unwrapObjectSchema(schema);\n if (!objectSchema) {\n return new Set();\n }\n const shape =\n typeof objectSchema._def.shape === \"function\"\n ? objectSchema._def.shape()\n : objectSchema._def.shape;\n return new Set(Object.keys(shape));\n}\n\nexport function projectionReadKeys(\n projection: InputProjection,\n): string[] {\n if (!projection) {\n return [];\n }\n const source = String(projection);\n const keys = new Set<string>();\n\n for (const match of source.matchAll(/\\binput\\s*\\.\\s*([A-Za-z_$][\\w$]*)/gu)) {\n keys.add(match[1]);\n }\n for (const match of source.matchAll(/\\binput\\s*\\[\\s*[\"']([^\"']+)[\"']\\s*\\]/gu)) {\n keys.add(match[1]);\n }\n\n return [...keys].sort();\n}\n\nfunction acceptedInputKeys(contract: FunctionContract): string[] {\n const keys = [\n ...new Set([\n ...objectSchemaKeys(contract.args),\n ...objectSchemaKeys(contract.input),\n ...Object.keys(contract.mcp.parameters),\n \"__sdkSessionId\",\n ]),\n ];\n keys.sort();\n return keys;\n}\n\nfunction allowedProjectionKeys(contractName: string): Set<string> {\n return new Set([\n ...INTERNAL_OR_ALIAS_KEYS,\n ...(INTENTIONAL_PROJECTION_READS[contractName] ?? []),\n ]);\n}\n\nexport function auditFunctionRegistryInputs(\n contracts: readonly FunctionContract[] = ALL_FUNCTION_CONTRACTS,\n): FunctionRegistryInputAuditFinding[] {\n return contracts.flatMap((contract) => {\n const projectionKeys = projectionReadKeys(contract.convex?.inputProjection);\n if (projectionKeys.length === 0) {\n return [];\n }\n\n const accepted = new Set(acceptedInputKeys(contract));\n const allowed = allowedProjectionKeys(contract.name);\n const missingKeys = projectionKeys.filter(\n (key) => !accepted.has(key) && !allowed.has(key),\n );\n\n if (missingKeys.length === 0) {\n return [];\n }\n\n return [\n {\n contractName: contract.name,\n projectionKeys,\n acceptedKeys: [...accepted].sort(),\n missingKeys,\n },\n ];\n });\n}\n"]}
|
|
@@ -33,6 +33,7 @@ type CutoverFlagState = "legacy" | "cutover" | "disabled";
|
|
|
33
33
|
*/
|
|
34
34
|
type GatewayAuthContext = {
|
|
35
35
|
userId: string;
|
|
36
|
+
clerkId?: string;
|
|
36
37
|
convexToken?: string;
|
|
37
38
|
/** Opaque in contract — narrowed to ConvexHttpClient at the gateway. */
|
|
38
39
|
convex: any;
|
|
@@ -40,8 +41,12 @@ type GatewayAuthContext = {
|
|
|
40
41
|
principalId?: string;
|
|
41
42
|
principalType?: SessionPrincipalType;
|
|
42
43
|
tenantId?: string;
|
|
44
|
+
tenantSlug?: string;
|
|
43
45
|
workspaceId?: string;
|
|
46
|
+
workspaceSlug?: string;
|
|
47
|
+
workspaceKey?: string;
|
|
44
48
|
roles?: string[];
|
|
49
|
+
membershipId?: string;
|
|
45
50
|
sessionId?: string;
|
|
46
51
|
sessionAuthMode?: SessionAuthMode;
|
|
47
52
|
sessionExpiresAt?: number;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"sources":["../src/gateway.contract.ts"],"names":[],"mappings":";
|
|
1
|
+
{"version":3,"sources":["../src/gateway.contract.ts"],"names":[],"mappings":";AAgJO,SAAS,wBACd,WAAA,EACQ;AACR,EAAA,MAAM,WAAA,GACJ,OAAO,WAAA,CAAY,WAAA,KAAgB,WAC/B,WAAA,CAAY,WAAA,CAAY,MAAK,GAC7B,EAAA;AACN,EAAA,IAAI,WAAA,CAAY,SAAS,CAAA,EAAG;AAC1B,IAAA,OAAO,WAAA;AAAA,EACT;AACA,EAAA,MAAM,IAAI,MAAM,sDAAsD,CAAA;AACxE","file":"gateway.contract.js","sourcesContent":["/**\n * Gateway contract types — shared between Stack's gateway middleware and\n * Lucern's server-core / gateway route handlers.\n *\n * These types describe the authenticated request context that flows from\n * the gateway into Lucern route handlers. The gateway (Stack-side) creates\n * the context; Lucern consumes it read-only.\n *\n * @module @lucern/contracts/src/gateway\n */\n\nimport type {\n SessionAuthMode,\n SessionDelegationHop,\n SessionPrincipalType,\n} from \"./auth-session.contract\";\n\n// ---------------------------------------------------------------------------\n// Error codes\n// ---------------------------------------------------------------------------\n\nexport type PlatformApiErrorCode =\n | \"AUTH_REQUIRED\"\n | \"AUTHENTICATION_REQUIRED\"\n | \"AUTH_TOKEN_MISSING\"\n | \"INVALID_REQUEST\"\n | \"IDEMPOTENCY_KEY_REQUIRED\"\n | \"FORBIDDEN\"\n | \"SCOPE_INSUFFICIENT\"\n | \"ENVIRONMENT_MISMATCH\"\n | \"KEY_EXPIRED\"\n | \"KEY_REVOKED\"\n | \"RATE_LIMIT_EXCEEDED\"\n | \"NOT_FOUND\"\n | \"CONFLICT\"\n | \"UPSTREAM_ERROR\"\n | \"INTERNAL_ERROR\";\n\n// ---------------------------------------------------------------------------\n// Gateway scope and environment\n// ---------------------------------------------------------------------------\n\nexport type GatewayScope = {\n tenantId?: string;\n workspaceId?: string;\n};\n\nexport type GatewayEnvironment = \"sandbox\" | \"production\";\n\nexport type GatewayAuthMode =\n | \"interactive_user\"\n | \"service_principal\"\n | \"tenant_api_key\"\n | \"session_token\";\n\nexport type KeyLifecycleStatus =\n | \"active\"\n | \"rotating\"\n | \"rotated\"\n | \"expired\"\n | \"revoked\";\n\nexport type CutoverDomain =\n | \"graph\"\n | \"schema\"\n | \"identity\"\n | \"policy\"\n | \"audit\"\n | \"admin\"\n | \"agent\"\n | \"tool\"\n | \"prompt\"\n | \"intelligence\";\n\nexport type CutoverFlagState = \"legacy\" | \"cutover\" | \"disabled\";\n\n// ---------------------------------------------------------------------------\n// Gateway auth context — the canonical authenticated request shape\n// ---------------------------------------------------------------------------\n\n/**\n * Authenticated request context created by the gateway middleware.\n * Lucern route handlers receive this as a read-only parameter.\n *\n * The `convex` field is typed as `unknown` in the contract because Lucern\n * consumers should not use the gateway's Convex client directly — they\n * have their own kernel client. The gateway (Stack-side) narrows this to\n * `ConvexHttpClient` at the construction site.\n */\nexport type GatewayAuthContext = {\n userId: string;\n clerkId?: string;\n convexToken?: string;\n /** Opaque in contract — narrowed to ConvexHttpClient at the gateway. */\n convex: any; // eslint-disable-line @typescript-eslint/no-explicit-any\n authMode: GatewayAuthMode;\n principalId?: string;\n principalType?: SessionPrincipalType;\n tenantId?: string;\n tenantSlug?: string;\n workspaceId?: string;\n workspaceSlug?: string;\n workspaceKey?: string;\n roles?: string[];\n membershipId?: string;\n sessionId?: string;\n sessionAuthMode?: SessionAuthMode;\n sessionExpiresAt?: number;\n delegationChain?: SessionDelegationHop[];\n servicePrincipalId?: string;\n servicePrincipalKeyId?: string;\n servicePrincipalTenantId?: string;\n servicePrincipalWorkspaceId?: string;\n requestEnvironment: GatewayEnvironment;\n keyEnvironment?: GatewayEnvironment;\n keyStatus: KeyLifecycleStatus | \"unknown\";\n grantedScopes: Set<string>;\n cutoverDomain: CutoverDomain;\n cutoverState: CutoverFlagState;\n};\n\n// ---------------------------------------------------------------------------\n// Gateway response helpers — portable (no Next.js dependency)\n// ---------------------------------------------------------------------------\n\nexport type GatewayErrorArgs = {\n code: PlatformApiErrorCode;\n message: string;\n status: number;\n correlationId: string;\n policyTraceId?: string;\n invariant?: string;\n suggestion?: string;\n details?: unknown;\n headers?: HeadersInit;\n};\n\nexport type GatewaySuccessArgs = {\n status?: number;\n correlationId: string;\n policyTraceId?: string;\n idempotentReplay?: boolean;\n};\n\nexport function requireActorPrincipalId(\n authContext: GatewayAuthContext\n): string {\n const principalId =\n typeof authContext.principalId === \"string\"\n ? authContext.principalId.trim()\n : \"\";\n if (principalId.length > 0) {\n return principalId;\n }\n throw new Error(\"Access denied: federated principal context required.\");\n}\n"]}
|
|
@@ -3,11 +3,11 @@ import { GenericSchema } from 'convex/server';
|
|
|
3
3
|
|
|
4
4
|
type GeneratedSchemaTables = GenericSchema;
|
|
5
5
|
declare const KERNEL_SCHEMA_TABLES: GeneratedSchemaTables;
|
|
6
|
-
declare const
|
|
6
|
+
declare const CONTROL_PLANE_SCHEMA_TABLES: GeneratedSchemaTables;
|
|
7
7
|
declare const MC_SCHEMA_TABLES: GeneratedSchemaTables;
|
|
8
8
|
declare const DEVELOPER_PACK_SCHEMA_TABLES: GeneratedSchemaTables;
|
|
9
9
|
declare const EMPTY_SCHEMA_TABLES: GeneratedSchemaTables;
|
|
10
|
-
declare const
|
|
10
|
+
declare const CONTROL_PLANE_TIER_SCHEMA_TABLES: GeneratedSchemaTables;
|
|
11
11
|
declare const KERNEL_TIER_SCHEMA_TABLES: GeneratedSchemaTables;
|
|
12
12
|
declare const KERNEL_COMPONENT_TIER_SCHEMA_TABLES: GeneratedSchemaTables;
|
|
13
13
|
declare const STACK_TIER_SCHEMA_TABLES: GeneratedSchemaTables;
|
|
@@ -17,4 +17,4 @@ declare const FULL_TIER_SCHEMA_TABLES: GeneratedSchemaTables;
|
|
|
17
17
|
declare const TIER_SCHEMA_TABLES: Record<string, GeneratedSchemaTables>;
|
|
18
18
|
declare const _default: convex_server.SchemaDefinition<GenericSchema, true>;
|
|
19
19
|
|
|
20
|
-
export {
|
|
20
|
+
export { CONTROL_PLANE_SCHEMA_TABLES, CONTROL_PLANE_TIER_SCHEMA_TABLES, DEVELOPER_PACK_SCHEMA_TABLES, EMPTY_SCHEMA_TABLES, FULL_TIER_SCHEMA_TABLES, KERNEL_COMPONENT_TIER_SCHEMA_TABLES, KERNEL_SCHEMA_TABLES, KERNEL_TIER_SCHEMA_TABLES, MC_SCHEMA_TABLES, MC_TIER_SCHEMA_TABLES, STACK_TIER_SCHEMA_TABLES, STACK_V2_TIER_SCHEMA_TABLES, TIER_SCHEMA_TABLES, _default as default };
|