@lucern/contracts 0.3.0-alpha.11 → 0.3.0-alpha.12

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/dist/index.d.ts CHANGED
@@ -25,6 +25,7 @@ export { ProjectionRegistry, projections } from './projections/index.js';
25
25
  export * from './function-registry/index.js';
26
26
  export { t as mcpToolsContract } from './tool-contracts-BevD9Ho2.js';
27
27
  export { EntityConnectionMatch, EntityMatchCandidate, EntityTypeMatch, OntologyEntityType, rankEntityConnections, rankEntityTypeMatches, scoreEntityConnection, scoreEntityTypeMatch } from './v1/ontologies/v1.js';
28
+ export { PermitAliasProjection, PermitGroupMembershipProjection, PermitPrincipalProjection, PermitProjectedUserRecord, PermitProjectionPlatformRole, PermitProjectionRows, PermitRoleAssignmentProjection, buildProjectedUserFromPermitPrincipal, findProjectedUserByPermitClerkId, findProjectedUserByPermitPrincipalId, isActivePermitProjectionStatus, mapPermitRoleToPlatformRole, readPermitProjectionString } from './permit-principal-projection.contract.js';
28
29
  export { LucernPrompt, LucernPromptModelHint, isLucernPrompt } from './prompt.contract.js';
29
30
  export { AddEvidenceInput, AddWorktreeInput, BeliefResult, BisectConfidenceInput, BisectResult, BranchResult, CompileContextInput, CompiledContextResult, ConfidenceResult, ContradictionResult, CreateBeliefInput, CreateBranchInput, CreateEdgeInput, EdgeResult, EvidenceResult, FlagContradictionInput, ForkBeliefInput, ForkResult, JudgmentResult, LineageResult, LucernClient, LucernClientConfig, LucernGraphMethods, LucernWorkflowMethods, MergeInput, MergeResult, ModulateConfidenceInput, OpenPullRequestInput, PullRequestResult, PushInput, PushResult, QueryLineageInput, RecordJudgmentInput, RefineBeliefInput, SearchBeliefsInput, WorktreeResult } from './sdk-methods.contract.js';
30
31
  export { s as sdkToolsContract } from './sdk-tools.contract-BNklQDfB.js';
package/dist/index.js CHANGED
@@ -5789,7 +5789,9 @@ var permitObjectType = z.enum([
5789
5789
  "group",
5790
5790
  "resource_instance",
5791
5791
  "relationship_tuple",
5792
- "role_assignment"
5792
+ "role_assignment",
5793
+ "attribute_binding",
5794
+ "policy_bundle"
5793
5795
  ]);
5794
5796
  var permitOutboxOperation = z.enum([
5795
5797
  "upsert",
@@ -8732,6 +8734,37 @@ var PLATFORM_SECRET_DEFINITIONS = [
8732
8734
  ],
8733
8735
  description: "Permit.io API key used for MC sync and policy checks. Must fail closed if missing."
8734
8736
  },
8737
+ {
8738
+ id: "platform.permit.webhook-secret",
8739
+ canonicalName: "LUCERN_PERMIT_WEBHOOK_SECRET",
8740
+ aliases: ["PERMIT_WEBHOOK_SECRET"],
8741
+ owner: "lucern_platform",
8742
+ scope: "environment",
8743
+ sourcePath: "/platform/permit",
8744
+ environmentPolicy: "environment_specific",
8745
+ required: true,
8746
+ secret: true,
8747
+ public: false,
8748
+ consumers: ["mc-convex", "lucern-gateway", "mc-operator-tooling"],
8749
+ destinations: [
8750
+ {
8751
+ kind: "convex",
8752
+ target: "master-control",
8753
+ environmentPolicy: "environment_specific"
8754
+ },
8755
+ {
8756
+ kind: "vercel",
8757
+ target: "lucern-gateway",
8758
+ environmentPolicy: "environment_specific"
8759
+ },
8760
+ {
8761
+ kind: "operator_local",
8762
+ target: "mc-credential-maintenance",
8763
+ environmentPolicy: "environment_specific"
8764
+ }
8765
+ ],
8766
+ description: "Permit.io webhook secret used by gateway and MC webhook handlers. Must fail closed if missing."
8767
+ },
8735
8768
  {
8736
8769
  id: "platform.permit.pdp-url",
8737
8770
  canonicalName: "LUCERN_PERMIT_PDP_URL",
@@ -11127,6 +11160,7 @@ var GENERATED_INFISICAL_RUNTIME_ENV = {
11127
11160
  "LUCERN_PERMIT_API_KEY",
11128
11161
  "LUCERN_PERMIT_API_URL",
11129
11162
  "LUCERN_PERMIT_PDP_URL",
11163
+ "LUCERN_PERMIT_WEBHOOK_SECRET",
11130
11164
  "LUCERN_PROD_DEPLOY_KEY",
11131
11165
  "LUCERN_PROD_URL",
11132
11166
  "LUCERN_PROFILE",
@@ -11197,6 +11231,7 @@ var GENERATED_INFISICAL_RUNTIME_ENV = {
11197
11231
  "PERMIT_API_KEY",
11198
11232
  "PERMIT_API_URL",
11199
11233
  "PERMIT_PDP_URL",
11234
+ "PERMIT_WEBHOOK_SECRET",
11200
11235
  "PINECONE_API_KEY",
11201
11236
  "PINECONE_HOST",
11202
11237
  "PINECONE_INDEX",
@@ -11376,6 +11411,7 @@ var GENERATED_INFISICAL_RUNTIME_ENV = {
11376
11411
  "LUCERN_PERMIT_API_KEY",
11377
11412
  "LUCERN_PERMIT_API_URL",
11378
11413
  "LUCERN_PERMIT_PDP_URL",
11414
+ "LUCERN_PERMIT_WEBHOOK_SECRET",
11379
11415
  "LUCERN_PROD_DEPLOY_KEY",
11380
11416
  "LUCERN_PROD_URL",
11381
11417
  "LUCERN_PROFILE",
@@ -11449,6 +11485,7 @@ var GENERATED_INFISICAL_RUNTIME_ENV = {
11449
11485
  "PERMIT_API_KEY",
11450
11486
  "PERMIT_API_URL",
11451
11487
  "PERMIT_PDP_URL",
11488
+ "PERMIT_WEBHOOK_SECRET",
11452
11489
  "PINECONE_API_KEY",
11453
11490
  "PINECONE_HOST",
11454
11491
  "PINECONE_INDEX",
@@ -14209,6 +14246,54 @@ var GENERATED_INFISICAL_RUNTIME_ENV = {
14209
14246
  ],
14210
14247
  "description": "Optional Permit PDP URL override."
14211
14248
  },
14249
+ "LUCERN_PERMIT_WEBHOOK_SECRET": {
14250
+ "secretId": "platform.permit.webhook-secret",
14251
+ "canonicalName": "LUCERN_PERMIT_WEBHOOK_SECRET",
14252
+ "envNames": [
14253
+ "LUCERN_PERMIT_WEBHOOK_SECRET",
14254
+ "PERMIT_WEBHOOK_SECRET"
14255
+ ],
14256
+ "aliases": [
14257
+ "PERMIT_WEBHOOK_SECRET"
14258
+ ],
14259
+ "writeNames": [
14260
+ "LUCERN_PERMIT_WEBHOOK_SECRET"
14261
+ ],
14262
+ "required": true,
14263
+ "secret": true,
14264
+ "public": false,
14265
+ "sourcePath": "/platform/permit",
14266
+ "environmentPolicy": "environment_specific",
14267
+ "consumers": [
14268
+ "mc-convex",
14269
+ "lucern-gateway",
14270
+ "mc-operator-tooling"
14271
+ ],
14272
+ "destinations": [
14273
+ {
14274
+ "kind": "convex",
14275
+ "target": "master-control",
14276
+ "writeNames": [
14277
+ "LUCERN_PERMIT_WEBHOOK_SECRET"
14278
+ ]
14279
+ },
14280
+ {
14281
+ "kind": "vercel",
14282
+ "target": "lucern-gateway",
14283
+ "writeNames": [
14284
+ "LUCERN_PERMIT_WEBHOOK_SECRET"
14285
+ ]
14286
+ },
14287
+ {
14288
+ "kind": "operator_local",
14289
+ "target": "mc-credential-maintenance",
14290
+ "writeNames": [
14291
+ "LUCERN_PERMIT_WEBHOOK_SECRET"
14292
+ ]
14293
+ }
14294
+ ],
14295
+ "description": "Permit.io webhook secret used by gateway and MC webhook handlers. Must fail closed if missing."
14296
+ },
14212
14297
  "LUCERN_PROXY_TOKEN_SECRET": {
14213
14298
  "secretId": "tenant.stack-frontend.lucern.proxy-token-secret",
14214
14299
  "canonicalName": "LUCERN_PROXY_TOKEN_SECRET",
@@ -16907,6 +16992,8 @@ var GENERATED_INFISICAL_RUNTIME_ENV = {
16907
16992
  "PERMIT_API_URL": "LUCERN_PERMIT_API_URL",
16908
16993
  "LUCERN_PERMIT_PDP_URL": "LUCERN_PERMIT_PDP_URL",
16909
16994
  "PERMIT_PDP_URL": "LUCERN_PERMIT_PDP_URL",
16995
+ "LUCERN_PERMIT_WEBHOOK_SECRET": "LUCERN_PERMIT_WEBHOOK_SECRET",
16996
+ "PERMIT_WEBHOOK_SECRET": "LUCERN_PERMIT_WEBHOOK_SECRET",
16910
16997
  "LUCERN_PROXY_TOKEN_SECRET": "LUCERN_PROXY_TOKEN_SECRET",
16911
16998
  "LUCERN_REQUIRE_DEPLOYMENT_HOST_REGISTRY": "LUCERN_REQUIRE_DEPLOYMENT_HOST_REGISTRY",
16912
16999
  "LUCERN_KERNEL_INSTALL_SPEC": "LUCERN_SDK_NPM_TOKEN",
@@ -18190,6 +18277,54 @@ var GENERATED_INFISICAL_RUNTIME_ENV = {
18190
18277
  ],
18191
18278
  "description": "Optional Permit PDP URL override."
18192
18279
  },
18280
+ {
18281
+ "secretId": "platform.permit.webhook-secret",
18282
+ "canonicalName": "LUCERN_PERMIT_WEBHOOK_SECRET",
18283
+ "envNames": [
18284
+ "LUCERN_PERMIT_WEBHOOK_SECRET",
18285
+ "PERMIT_WEBHOOK_SECRET"
18286
+ ],
18287
+ "aliases": [
18288
+ "PERMIT_WEBHOOK_SECRET"
18289
+ ],
18290
+ "writeNames": [
18291
+ "LUCERN_PERMIT_WEBHOOK_SECRET"
18292
+ ],
18293
+ "required": true,
18294
+ "secret": true,
18295
+ "public": false,
18296
+ "sourcePath": "/platform/permit",
18297
+ "environmentPolicy": "environment_specific",
18298
+ "consumers": [
18299
+ "mc-convex",
18300
+ "lucern-gateway",
18301
+ "mc-operator-tooling"
18302
+ ],
18303
+ "destinations": [
18304
+ {
18305
+ "kind": "convex",
18306
+ "target": "master-control",
18307
+ "writeNames": [
18308
+ "LUCERN_PERMIT_WEBHOOK_SECRET"
18309
+ ]
18310
+ },
18311
+ {
18312
+ "kind": "vercel",
18313
+ "target": "lucern-gateway",
18314
+ "writeNames": [
18315
+ "LUCERN_PERMIT_WEBHOOK_SECRET"
18316
+ ]
18317
+ },
18318
+ {
18319
+ "kind": "operator_local",
18320
+ "target": "mc-credential-maintenance",
18321
+ "writeNames": [
18322
+ "LUCERN_PERMIT_WEBHOOK_SECRET"
18323
+ ]
18324
+ }
18325
+ ],
18326
+ "description": "Permit.io webhook secret used by gateway and MC webhook handlers. Must fail closed if missing."
18327
+ },
18193
18328
  {
18194
18329
  "secretId": "platform.runtime.require-deployment-host-registry",
18195
18330
  "canonicalName": "LUCERN_REQUIRE_DEPLOYMENT_HOST_REGISTRY",
@@ -21882,6 +22017,54 @@ var GENERATED_INFISICAL_RUNTIME_ENV = {
21882
22017
  ],
21883
22018
  "description": "Optional Permit PDP URL override."
21884
22019
  },
22020
+ {
22021
+ "secretId": "platform.permit.webhook-secret",
22022
+ "canonicalName": "LUCERN_PERMIT_WEBHOOK_SECRET",
22023
+ "envNames": [
22024
+ "LUCERN_PERMIT_WEBHOOK_SECRET",
22025
+ "PERMIT_WEBHOOK_SECRET"
22026
+ ],
22027
+ "aliases": [
22028
+ "PERMIT_WEBHOOK_SECRET"
22029
+ ],
22030
+ "writeNames": [
22031
+ "LUCERN_PERMIT_WEBHOOK_SECRET"
22032
+ ],
22033
+ "required": true,
22034
+ "secret": true,
22035
+ "public": false,
22036
+ "sourcePath": "/platform/permit",
22037
+ "environmentPolicy": "environment_specific",
22038
+ "consumers": [
22039
+ "mc-convex",
22040
+ "lucern-gateway",
22041
+ "mc-operator-tooling"
22042
+ ],
22043
+ "destinations": [
22044
+ {
22045
+ "kind": "convex",
22046
+ "target": "master-control",
22047
+ "writeNames": [
22048
+ "LUCERN_PERMIT_WEBHOOK_SECRET"
22049
+ ]
22050
+ },
22051
+ {
22052
+ "kind": "vercel",
22053
+ "target": "lucern-gateway",
22054
+ "writeNames": [
22055
+ "LUCERN_PERMIT_WEBHOOK_SECRET"
22056
+ ]
22057
+ },
22058
+ {
22059
+ "kind": "operator_local",
22060
+ "target": "mc-credential-maintenance",
22061
+ "writeNames": [
22062
+ "LUCERN_PERMIT_WEBHOOK_SECRET"
22063
+ ]
22064
+ }
22065
+ ],
22066
+ "description": "Permit.io webhook secret used by gateway and MC webhook handlers. Must fail closed if missing."
22067
+ },
21885
22068
  {
21886
22069
  "secretId": "platform.mc.session-token-secret",
21887
22070
  "canonicalName": "LUCERN_SESSION_TOKEN_SECRET",
@@ -29694,6 +29877,54 @@ var GENERATED_INFISICAL_RUNTIME_ENV = {
29694
29877
  }
29695
29878
  ],
29696
29879
  "operator_local:mc-credential-maintenance": [
29880
+ {
29881
+ "secretId": "platform.permit.webhook-secret",
29882
+ "canonicalName": "LUCERN_PERMIT_WEBHOOK_SECRET",
29883
+ "envNames": [
29884
+ "LUCERN_PERMIT_WEBHOOK_SECRET",
29885
+ "PERMIT_WEBHOOK_SECRET"
29886
+ ],
29887
+ "aliases": [
29888
+ "PERMIT_WEBHOOK_SECRET"
29889
+ ],
29890
+ "writeNames": [
29891
+ "LUCERN_PERMIT_WEBHOOK_SECRET"
29892
+ ],
29893
+ "required": true,
29894
+ "secret": true,
29895
+ "public": false,
29896
+ "sourcePath": "/platform/permit",
29897
+ "environmentPolicy": "environment_specific",
29898
+ "consumers": [
29899
+ "mc-convex",
29900
+ "lucern-gateway",
29901
+ "mc-operator-tooling"
29902
+ ],
29903
+ "destinations": [
29904
+ {
29905
+ "kind": "convex",
29906
+ "target": "master-control",
29907
+ "writeNames": [
29908
+ "LUCERN_PERMIT_WEBHOOK_SECRET"
29909
+ ]
29910
+ },
29911
+ {
29912
+ "kind": "vercel",
29913
+ "target": "lucern-gateway",
29914
+ "writeNames": [
29915
+ "LUCERN_PERMIT_WEBHOOK_SECRET"
29916
+ ]
29917
+ },
29918
+ {
29919
+ "kind": "operator_local",
29920
+ "target": "mc-credential-maintenance",
29921
+ "writeNames": [
29922
+ "LUCERN_PERMIT_WEBHOOK_SECRET"
29923
+ ]
29924
+ }
29925
+ ],
29926
+ "description": "Permit.io webhook secret used by gateway and MC webhook handlers. Must fail closed if missing."
29927
+ },
29697
29928
  {
29698
29929
  "secretId": "platform.mc.tenant-secret-encryption-key",
29699
29930
  "canonicalName": "LUCERN_TENANT_SECRET_ENCRYPTION_KEY",
@@ -34016,6 +34247,54 @@ var GENERATED_INFISICAL_RUNTIME_ENV = {
34016
34247
  ],
34017
34248
  "description": "Optional Permit PDP URL override."
34018
34249
  },
34250
+ {
34251
+ "secretId": "platform.permit.webhook-secret",
34252
+ "canonicalName": "LUCERN_PERMIT_WEBHOOK_SECRET",
34253
+ "envNames": [
34254
+ "LUCERN_PERMIT_WEBHOOK_SECRET",
34255
+ "PERMIT_WEBHOOK_SECRET"
34256
+ ],
34257
+ "aliases": [
34258
+ "PERMIT_WEBHOOK_SECRET"
34259
+ ],
34260
+ "writeNames": [
34261
+ "LUCERN_PERMIT_WEBHOOK_SECRET"
34262
+ ],
34263
+ "required": true,
34264
+ "secret": true,
34265
+ "public": false,
34266
+ "sourcePath": "/platform/permit",
34267
+ "environmentPolicy": "environment_specific",
34268
+ "consumers": [
34269
+ "mc-convex",
34270
+ "lucern-gateway",
34271
+ "mc-operator-tooling"
34272
+ ],
34273
+ "destinations": [
34274
+ {
34275
+ "kind": "convex",
34276
+ "target": "master-control",
34277
+ "writeNames": [
34278
+ "LUCERN_PERMIT_WEBHOOK_SECRET"
34279
+ ]
34280
+ },
34281
+ {
34282
+ "kind": "vercel",
34283
+ "target": "lucern-gateway",
34284
+ "writeNames": [
34285
+ "LUCERN_PERMIT_WEBHOOK_SECRET"
34286
+ ]
34287
+ },
34288
+ {
34289
+ "kind": "operator_local",
34290
+ "target": "mc-credential-maintenance",
34291
+ "writeNames": [
34292
+ "LUCERN_PERMIT_WEBHOOK_SECRET"
34293
+ ]
34294
+ }
34295
+ ],
34296
+ "description": "Permit.io webhook secret used by gateway and MC webhook handlers. Must fail closed if missing."
34297
+ },
34019
34298
  {
34020
34299
  "secretId": "platform.runtime.require-deployment-host-registry",
34021
34300
  "canonicalName": "LUCERN_REQUIRE_DEPLOYMENT_HOST_REGISTRY",
@@ -42713,6 +42992,164 @@ function rankEntityConnections(nodeText, candidates, options) {
42713
42992
  ).filter((m) => m.score >= minScore).sort((a, b) => b.score - a.score).slice(0, limit);
42714
42993
  }
42715
42994
 
42995
+ // src/permit-principal-projection.contract.ts
42996
+ var PLATFORM_ROLE_PRIORITY = {
42997
+ platform_admin: 70,
42998
+ tenant_admin: 60,
42999
+ workspace_admin: 50,
43000
+ editor: 40,
43001
+ auditor: 30,
43002
+ viewer: 20,
43003
+ service_agent: 10
43004
+ };
43005
+ function readPermitProjectionString(value) {
43006
+ return typeof value === "string" && value.trim() ? value.trim() : void 0;
43007
+ }
43008
+ function isActivePermitProjectionStatus(value) {
43009
+ const status = readPermitProjectionString(value)?.toLowerCase();
43010
+ return !status || status === "active" || status === "synced";
43011
+ }
43012
+ function mapPermitRoleToPlatformRole(role) {
43013
+ switch (readPermitProjectionString(role)?.toLowerCase()) {
43014
+ case "platform_admin":
43015
+ return "platform_admin";
43016
+ case "tenant_admin":
43017
+ return "tenant_admin";
43018
+ case "workspace_admin":
43019
+ case "deployment_admin":
43020
+ case "graph_admin":
43021
+ return "workspace_admin";
43022
+ case "editor":
43023
+ case "workspace_member":
43024
+ case "graph_editor":
43025
+ case "evidence_contributor":
43026
+ case "question_resolver":
43027
+ case "theme_promoter":
43028
+ return "editor";
43029
+ case "auditor":
43030
+ return "auditor";
43031
+ case "viewer":
43032
+ case "graph_viewer":
43033
+ case "stakeholder_viewer":
43034
+ case "stakeholder_summarizer":
43035
+ case "source_drilldown_viewer":
43036
+ case "restricted_data_viewer":
43037
+ case "proprietary_data_viewer":
43038
+ return "viewer";
43039
+ case "service_agent":
43040
+ case "agent_runner":
43041
+ return "service_agent";
43042
+ default:
43043
+ return void 0;
43044
+ }
43045
+ }
43046
+ function highestPlatformRole(roles) {
43047
+ return roles.reduce(
43048
+ (best, role) => PLATFORM_ROLE_PRIORITY[role] > PLATFORM_ROLE_PRIORITY[best] ? role : best,
43049
+ "viewer"
43050
+ );
43051
+ }
43052
+ function isClerkAliasFor(alias, clerkId) {
43053
+ return isActivePermitProjectionStatus(alias.status) && readPermitProjectionString(alias.provider)?.toLowerCase() === "clerk" && (readPermitProjectionString(alias.providerSubjectId) === clerkId || readPermitProjectionString(alias.alias) === clerkId);
43054
+ }
43055
+ function emailFromAlias(aliases, principal) {
43056
+ return aliases.find(
43057
+ (alias) => readPermitProjectionString(alias.aliasKind)?.toLowerCase() === "email"
43058
+ )?.alias ?? readPermitProjectionString(principal.metadata?.email);
43059
+ }
43060
+ function groupIdsForPrincipal(memberships2, principal) {
43061
+ const principalId = readPermitProjectionString(principal.principalId);
43062
+ if (!principalId) return [];
43063
+ return [
43064
+ ...new Set(
43065
+ memberships2.filter(
43066
+ (membership) => isActivePermitProjectionStatus(membership.status) && readPermitProjectionString(membership.tenantId) === readPermitProjectionString(principal.tenantId) && readPermitProjectionString(membership.memberType) === "principal" && (readPermitProjectionString(membership.memberId) === principalId || readPermitProjectionString(membership.principalId) === principalId)
43067
+ ).map((membership) => readPermitProjectionString(membership.groupId)).filter((groupId) => Boolean(groupId))
43068
+ )
43069
+ ];
43070
+ }
43071
+ function rolesForPrincipal(assignments, principal, groupIds) {
43072
+ const principalId = readPermitProjectionString(principal.principalId);
43073
+ const tenantId = readPermitProjectionString(principal.tenantId);
43074
+ const roles = assignments.filter(
43075
+ (assignment) => isActivePermitProjectionStatus(assignment.status) && readPermitProjectionString(assignment.tenantId) === tenantId && (readPermitProjectionString(assignment.targetType) === "principal" && readPermitProjectionString(assignment.targetId) === principalId || readPermitProjectionString(assignment.targetType) === "group" && groupIds.includes(
43076
+ readPermitProjectionString(assignment.targetId) ?? ""
43077
+ ))
43078
+ ).map((assignment) => mapPermitRoleToPlatformRole(assignment.role)).filter(
43079
+ (role) => Boolean(role)
43080
+ );
43081
+ if (readPermitProjectionString(principal.principalType) === "agent" || readPermitProjectionString(principal.principalType) === "service_principal") {
43082
+ roles.push("service_agent");
43083
+ }
43084
+ return [...new Set(roles)];
43085
+ }
43086
+ function workspaceFromPermitProjection(principal, alias, assignments) {
43087
+ return readPermitProjectionString(principal.workspaceId) ?? readPermitProjectionString(alias?.workspaceId) ?? readPermitProjectionString(
43088
+ assignments.find(
43089
+ (assignment) => readPermitProjectionString(assignment.targetId) === readPermitProjectionString(principal.principalId) && readPermitProjectionString(assignment.resourceType) === "workspace"
43090
+ )?.resourceKey
43091
+ ) ?? readPermitProjectionString(
43092
+ assignments.find((assignment) => assignment.workspaceId)?.workspaceId
43093
+ );
43094
+ }
43095
+ function buildProjectedUserFromPermitPrincipal(rows, principal, matchingAlias, now = Date.now()) {
43096
+ const principalId = readPermitProjectionString(principal.principalId);
43097
+ const tenantId = readPermitProjectionString(principal.tenantId);
43098
+ if (!principalId || !tenantId || !isActivePermitProjectionStatus(principal.status)) {
43099
+ return null;
43100
+ }
43101
+ const aliases = rows.aliases.filter(
43102
+ (alias2) => readPermitProjectionString(alias2.tenantId) === tenantId && readPermitProjectionString(alias2.principalId) === principalId && isActivePermitProjectionStatus(alias2.status)
43103
+ );
43104
+ const groupIds = groupIdsForPrincipal(rows.groupMemberships, principal);
43105
+ const roles = rolesForPrincipal(rows.roleAssignments, principal, groupIds);
43106
+ if (roles.length === 0) {
43107
+ return null;
43108
+ }
43109
+ const alias = matchingAlias ?? aliases[0];
43110
+ const clerkId = readPermitProjectionString(
43111
+ aliases.find(
43112
+ (entry) => readPermitProjectionString(entry.provider)?.toLowerCase() === "clerk"
43113
+ )?.providerSubjectId
43114
+ ) ?? principalId;
43115
+ return {
43116
+ clerkId,
43117
+ email: emailFromAlias(aliases, principal) ?? `${principalId}@permit.local`,
43118
+ name: readPermitProjectionString(principal.displayName),
43119
+ lastSeenAt: principal.lastSeenAt ?? principal.updatedAt ?? now,
43120
+ chatCount: 0,
43121
+ messageCount: 0,
43122
+ mcRole: highestPlatformRole(roles),
43123
+ mcRoleSyncedAt: principal.updatedAt ?? now,
43124
+ defaultTenantId: tenantId,
43125
+ defaultWorkspaceId: workspaceFromPermitProjection(principal, alias, rows.roleAssignments) ?? tenantId,
43126
+ defaultPrincipalId: principalId,
43127
+ principalGroupIds: groupIds,
43128
+ governanceGrantsSyncedAt: principal.updatedAt ?? now,
43129
+ createdAt: principal.createdAt ?? now,
43130
+ updatedAt: principal.updatedAt ?? now
43131
+ };
43132
+ }
43133
+ function findProjectedUserByPermitPrincipalId(rows, principalId, now = Date.now()) {
43134
+ const normalizedPrincipalId = principalId.trim();
43135
+ const principal = rows.principals.find(
43136
+ (row) => isActivePermitProjectionStatus(row.status) && readPermitProjectionString(row.principalId) === normalizedPrincipalId
43137
+ );
43138
+ return principal ? buildProjectedUserFromPermitPrincipal(rows, principal, void 0, now) : null;
43139
+ }
43140
+ function findProjectedUserByPermitClerkId(rows, clerkId, now = Date.now()) {
43141
+ const normalizedClerkId = clerkId.trim();
43142
+ const matchingAlias = rows.aliases.find(
43143
+ (alias) => isClerkAliasFor(alias, normalizedClerkId)
43144
+ );
43145
+ const principal = matchingAlias ? rows.principals.find(
43146
+ (row) => readPermitProjectionString(row.tenantId) === readPermitProjectionString(matchingAlias.tenantId) && readPermitProjectionString(row.principalId) === readPermitProjectionString(matchingAlias.principalId)
43147
+ ) : rows.principals.find(
43148
+ (row) => readPermitProjectionString(row.principalId) === normalizedClerkId || readPermitProjectionString(row.principalId) === `user:${normalizedClerkId}`
43149
+ );
43150
+ return principal ? buildProjectedUserFromPermitPrincipal(rows, principal, matchingAlias, now) : null;
43151
+ }
43152
+
42716
43153
  // src/prompt.contract.ts
42717
43154
  function isLucernPrompt(value) {
42718
43155
  if (!value || typeof value !== "object") {
@@ -45296,6 +45733,6 @@ var CANONICAL_WORKFLOW_DEFINITIONS = [
45296
45733
  }
45297
45734
  ];
45298
45735
 
45299
- export { BELIEF_STATUSES, BELIEF_TYPE_BONUS, BRANCH_STATUSES, CANONICAL_WORKFLOW_DEFINITIONS, COMPONENT_BOUNDARY_COMPONENT_LAYERS, COMPONENT_BOUNDARY_CONTRACT_VERSION, COMPONENT_BOUNDARY_DIRECT_DB_METHODS, COMPONENT_BOUNDARY_HIGH_RISK_TABLES, COMPONENT_BOUNDARY_HOST_SOURCE_ROOTS, COMPONENT_HOST_BOUNDARY_CONTRACT_VERSION, COMPONENT_HOST_DB_READ_OPERATIONS, COMPONENT_HOST_DB_WRITE_OPERATIONS, COMPONENT_HOST_PROTECTED_TABLES, COMPONENT_HOST_PROTECTED_TABLE_OWNERS, COMPONENT_HOST_WRITE_ALLOWED_EXCEPTIONS, COMPONENT_HOST_WRITE_AUDIT_ROOTS, CONFIDENCE_TRIGGERS, CONTEXT_PACK_SCHEMA_VERSION, CONTEXT_PACK_SECTION_KEYS, CONTEXT_RANKING_PROFILES, CONTRADICTION_SEVERITIES, CONTRADICTION_STATUSES, ComponentTableManifestSchema, DEFAULT_BELIEF_TYPE_BONUS, DEFAULT_COMPILATION_MODE, DEFAULT_ENTITY_LIMIT, DEFAULT_PRIORITY_SCORE, DEFAULT_RANKING_PROFILE, DEFAULT_SECTION_LIMIT, DEFAULT_SEVERITY_SCORE, DEFAULT_TIER_APPROVAL_MODE, DEFAULT_TOKEN_BUDGET, DEFAULT_WORKFLOW_AUTO_FIX_POLICY, DEFEAT_TYPES, DOMAIN_EVENT_TYPES, DOMAIN_EVENT_VERSION, ENTITY_RANKING_WEIGHTS, EPISTEMIC_LAYERS, EVENT_RETENTION_DEFAULT_DAYS, EdgePolicyEntrySchema, EdgePolicyManifestSchema, EpistemicNodeTypeSchema, FORK_REASONS, GENERATED_INFISICAL_BOOTSTRAP_ENV_NAMES, GENERATED_INFISICAL_CONTROL_ENV_NAMES, GENERATED_INFISICAL_KNOWN_ENV_NAMES, GENERATED_INFISICAL_MANAGED_ENV_NAMES, GENERATED_INFISICAL_RUNTIME_ENV, GENERATED_LUCERN_GATEWAY_ENV_NAMES, GENERATED_LUCERN_WEB_PUBLIC_ENV_NAMES, GENERATED_LUCERN_WEB_SERVER_ENV_NAMES, GRAPH_INTELLIGENCE_MODE_TOOL_NAMES, GRAPH_INTELLIGENCE_PUBLIC_TOOL_NAMES, GRAPH_INTELLIGENCE_QUERIES, GRAPH_INTELLIGENCE_QUERIES_WITH_TOOLS, GRAPH_INTELLIGENCE_QUERY_CATALOG_VERSION, GRAPH_INTELLIGENCE_QUERY_CATEGORIES, GRAPH_INTELLIGENCE_QUERY_MODES, GRAPH_INTELLIGENCE_QUICK_QUERIES, GRAPH_REF_NODE_TYPES, GraphRefSchema, INFISICAL_CONVEX_TIERS, INFISICAL_CONVEX_TIER_BY_VERCEL_ENVIRONMENT, INFISICAL_RUNTIME_BOOTSTRAP_ENV, INFISICAL_RUNTIME_CONTRACT_VERSION, INFISICAL_RUNTIME_CONTROL_ENV, INFISICAL_RUNTIME_DEFAULT_API_URL, INFISICAL_RUNTIME_DEFAULT_PROJECT_ID, INFISICAL_RUNTIME_DELIVERY_MODES, INFISICAL_RUNTIME_ENVIRONMENTS, INFISICAL_RUNTIME_MANIFEST, INFISICAL_RUNTIME_PATHS, INFISICAL_RUNTIME_SURFACES, INFISICAL_RUNTIME_SURFACE_IDS, INFISICAL_SECRET_CONSUMERS, INFISICAL_SECRET_DEFINITIONS, INFISICAL_SECRET_DESTINATION_KINDS, INFISICAL_SECRET_ENVIRONMENT_POLICIES, INFISICAL_SECRET_OWNERS, INFISICAL_SECRET_SCOPES, INFISICAL_TENANT_SOFTWARE_SYSTEMS, INFISICAL_VERCEL_DESTINATION_ENVIRONMENTS, INFISICAL_VERCEL_SYNC_DESTINATIONS, INFISICAL_VERCEL_SYNC_RECONCILIATION, INFISICAL_VERCEL_TARGETS, INTEGRATION_EDGE_TYPES, InvariantManifestSchema, JUDGMENT_TYPES, MAX_ENTITY_LIMIT, MAX_SECTION_LIMIT, MAX_TOKEN_BUDGET, MERGE_OUTCOMES, MIN_CONTRADICTION_BUDGET, MIN_TOKEN_BUDGET, MIN_TOKEN_ESTIMATE, MORNING_BRIEF_WORKFLOW_ID, NIGHTLY_RECONCILIATION_WORKFLOW_ID, PRIORITY_SCORES, PULL_REQUEST_STATUSES, RANKING_WEIGHTS, REASONING_METHODS, RECENCY_HALF_LIFE_DAYS, RESOLVED_QUESTION_STATUSES, ROOT_TOPIC_ID, SECTION_BUDGET_RATIOS, SESSION_AUTH_MODES, SESSION_LIFECYCLE_STATUSES, SESSION_PRINCIPAL_TYPES, SEVERITY_SCORES, SLOpinionInputSchema, TENANT_BOOTSTRAP_FORBIDDEN_SEED_TABLES, TENANT_BOOTSTRAP_SEED_AUTH_METADATA_FIELDS, TENANT_BOOTSTRAP_SEED_COMPONENTS, TENANT_BOOTSTRAP_SEED_CONTRACT_VERSION, TENANT_BOOTSTRAP_SEED_MANIFEST, TENANT_BOOTSTRAP_SEED_TABLES, TENANT_BOOTSTRAP_TABLE_REQUIREMENTS, TENANT_BOOTSTRAP_TEMPLATE_ACTOR, TENANT_BOOTSTRAP_TEMPLATE_SEED_VERSION, TENANT_BOOTSTRAP_TEMPLATE_TENANT_ID, TENANT_CLIENT_AUTH_MODES, TENANT_CLIENT_CAPABILITIES, TENANT_CLIENT_COMPONENT_CONFIG_IMPORTS, TENANT_CLIENT_CONTRACT_VERSION, TENANT_CLIENT_FORBIDDEN_IMPORT_PATTERNS, TENANT_CLIENT_FORBIDDEN_INSTALL_TOKEN_INFISICAL_PATHS, TENANT_CLIENT_FORBIDDEN_SECRET_ENV, TENANT_CLIENT_FULL_SUITE_PACKAGE_NAMES, TENANT_CLIENT_INSTALLABLE_PACKAGES, TENANT_CLIENT_INSTALL_PROFILES, TENANT_CLIENT_INSTALL_TOKEN_ENV, TENANT_CLIENT_INSTALL_TOKEN_INFISICAL_PATH, TENANT_CLIENT_ISOLATION_RULES, TENANT_CLIENT_MANIFEST, TENANT_CLIENT_OPTIONAL_CONTEXT_FIELDS, TENANT_CLIENT_PRINCIPAL_TYPES, TENANT_CLIENT_PUBLIC_IMPORTS, TENANT_CLIENT_REQUIRED_CONTEXT_FIELDS, TENANT_CLIENT_REQUIRED_SDK_NAMESPACES, TOKENS_PER_WORD, WEBHOOK_MAX_ATTEMPTS, WEBHOOK_RETRY_DELAYS_MS, WORKFLOW_ACTION_KINDS, WORKFLOW_APPROVAL_MODES, WORKFLOW_AUTO_FIX_MODES, WORKFLOW_HOOK_EVENTS, WORKFLOW_INTEGRITY_CHECKS, WORKFLOW_MUTATION_TIERS, WORKFLOW_OUTPUT_KINDS, WORKFLOW_PROOF_ARTIFACT_KINDS, WORKFLOW_RUNTIME_SCHEMA_VERSION, WORKFLOW_RUN_STATUSES, WORKFLOW_STAFFING_HINTS, WORKFLOW_TRIGGER_KINDS, WORKTREE_PHASES, assertEdgePolicyAllowed, assertTenantClientImportAllowed, bigramTokenize, buildDomainEvent, buildTenantBootstrapTemplateSeedRows, canonicalGeneratedInfisicalEnvName, classifyTenantClientImport, collectTopicNeighborhood, compareEventCursor, dsl_exports as contractDsl, convexTierForVercelDestinationEnvironment, createEventId, createEvidenceProjection, decodeEventCursor, decodePrefixedId, defineProjection, edgePolicyManifest, emitDomainEvent, encodeEventCursor, encodePrefixedId, expectedTenantConvexDeploymentForVercelEnvironment, fillGraphIntelligencePromptTemplate, findEdgePolicy, findInfisicalRuntimePath, findInfisicalRuntimeSurface, findInfisicalSecretDefinition, findInfisicalTenantSoftwareSystem, findInfisicalVercelSyncDestination, findTenantBootstrapSeedTable, findTenantBootstrapTableRequirement, findTenantClientInstallablePackage, formatTenantClientImportViolation, generatedInfisicalVariableForName, getComponentBoundaryTableLayer, getGraphIntelligenceQuery, hasPrefixedIdPrefix, inferActorType, inferSessionPrincipalType, infisicalSecretDefinitionsForConsumer, infisicalSecretDefinitionsForDestination, isAfterCursor, isComponentBoundaryComponentOwnedTable, isGeneratedInfisicalKnownEnvName, isGeneratedInfisicalManagedEnvName, isGraphIntelligenceQueryMode, isLucernPrompt, isTenantBootstrapForbiddenSeedTable, isTenantBootstrapSeedTable, isTenantClientAllowedImport, isTenantClientComponentConfigImport, isTenantClientInstallablePackage, isTenantClientPublicImport, jaccardSimilarity, lastDelegator, listBeliefsProjection, listGraphIntelligenceQueries, listTasksProjection, tool_contracts_exports as mcpToolsContract, modulateConfidenceProjection, normalizeDelegationChain, normalizeRetentionDays, prepareLexicalQuery, projections, rankEntityConnections, rankEntityTypeMatches, rankWindowScore, readGeneratedInfisicalDestinationEnv, readGeneratedInfisicalEnvValue, readGeneratedInfisicalRuntimeEnvSurface, readGeneratedLucernGatewayEnv, readGeneratedLucernWebPublicEnv, readGeneratedLucernWebServerEnv, requireActorPrincipalId, rerankLexicalWindow, schemas_exports as schemaContracts, scoreEntityConnection, scoreEntityTypeMatch, scoreLexicalSignal, scoreLexicalSignals, sdk_tools_contract_exports as sdkToolsContract, sortEventsByCursor, stemToken, tenantSoftwareSystemConvexEnvNames, tenantSoftwareSystemOwnsConvexEnvName, tokenOverlapScore, tokenizeSearchText, validateInfisicalSecretDefinitions, vercelCustomEnvironmentIdForTenantSoftwareSystem, wordOverlapScore, wordTokenize };
45736
+ export { BELIEF_STATUSES, BELIEF_TYPE_BONUS, BRANCH_STATUSES, CANONICAL_WORKFLOW_DEFINITIONS, COMPONENT_BOUNDARY_COMPONENT_LAYERS, COMPONENT_BOUNDARY_CONTRACT_VERSION, COMPONENT_BOUNDARY_DIRECT_DB_METHODS, COMPONENT_BOUNDARY_HIGH_RISK_TABLES, COMPONENT_BOUNDARY_HOST_SOURCE_ROOTS, COMPONENT_HOST_BOUNDARY_CONTRACT_VERSION, COMPONENT_HOST_DB_READ_OPERATIONS, COMPONENT_HOST_DB_WRITE_OPERATIONS, COMPONENT_HOST_PROTECTED_TABLES, COMPONENT_HOST_PROTECTED_TABLE_OWNERS, COMPONENT_HOST_WRITE_ALLOWED_EXCEPTIONS, COMPONENT_HOST_WRITE_AUDIT_ROOTS, CONFIDENCE_TRIGGERS, CONTEXT_PACK_SCHEMA_VERSION, CONTEXT_PACK_SECTION_KEYS, CONTEXT_RANKING_PROFILES, CONTRADICTION_SEVERITIES, CONTRADICTION_STATUSES, ComponentTableManifestSchema, DEFAULT_BELIEF_TYPE_BONUS, DEFAULT_COMPILATION_MODE, DEFAULT_ENTITY_LIMIT, DEFAULT_PRIORITY_SCORE, DEFAULT_RANKING_PROFILE, DEFAULT_SECTION_LIMIT, DEFAULT_SEVERITY_SCORE, DEFAULT_TIER_APPROVAL_MODE, DEFAULT_TOKEN_BUDGET, DEFAULT_WORKFLOW_AUTO_FIX_POLICY, DEFEAT_TYPES, DOMAIN_EVENT_TYPES, DOMAIN_EVENT_VERSION, ENTITY_RANKING_WEIGHTS, EPISTEMIC_LAYERS, EVENT_RETENTION_DEFAULT_DAYS, EdgePolicyEntrySchema, EdgePolicyManifestSchema, EpistemicNodeTypeSchema, FORK_REASONS, GENERATED_INFISICAL_BOOTSTRAP_ENV_NAMES, GENERATED_INFISICAL_CONTROL_ENV_NAMES, GENERATED_INFISICAL_KNOWN_ENV_NAMES, GENERATED_INFISICAL_MANAGED_ENV_NAMES, GENERATED_INFISICAL_RUNTIME_ENV, GENERATED_LUCERN_GATEWAY_ENV_NAMES, GENERATED_LUCERN_WEB_PUBLIC_ENV_NAMES, GENERATED_LUCERN_WEB_SERVER_ENV_NAMES, GRAPH_INTELLIGENCE_MODE_TOOL_NAMES, GRAPH_INTELLIGENCE_PUBLIC_TOOL_NAMES, GRAPH_INTELLIGENCE_QUERIES, GRAPH_INTELLIGENCE_QUERIES_WITH_TOOLS, GRAPH_INTELLIGENCE_QUERY_CATALOG_VERSION, GRAPH_INTELLIGENCE_QUERY_CATEGORIES, GRAPH_INTELLIGENCE_QUERY_MODES, GRAPH_INTELLIGENCE_QUICK_QUERIES, GRAPH_REF_NODE_TYPES, GraphRefSchema, INFISICAL_CONVEX_TIERS, INFISICAL_CONVEX_TIER_BY_VERCEL_ENVIRONMENT, INFISICAL_RUNTIME_BOOTSTRAP_ENV, INFISICAL_RUNTIME_CONTRACT_VERSION, INFISICAL_RUNTIME_CONTROL_ENV, INFISICAL_RUNTIME_DEFAULT_API_URL, INFISICAL_RUNTIME_DEFAULT_PROJECT_ID, INFISICAL_RUNTIME_DELIVERY_MODES, INFISICAL_RUNTIME_ENVIRONMENTS, INFISICAL_RUNTIME_MANIFEST, INFISICAL_RUNTIME_PATHS, INFISICAL_RUNTIME_SURFACES, INFISICAL_RUNTIME_SURFACE_IDS, INFISICAL_SECRET_CONSUMERS, INFISICAL_SECRET_DEFINITIONS, INFISICAL_SECRET_DESTINATION_KINDS, INFISICAL_SECRET_ENVIRONMENT_POLICIES, INFISICAL_SECRET_OWNERS, INFISICAL_SECRET_SCOPES, INFISICAL_TENANT_SOFTWARE_SYSTEMS, INFISICAL_VERCEL_DESTINATION_ENVIRONMENTS, INFISICAL_VERCEL_SYNC_DESTINATIONS, INFISICAL_VERCEL_SYNC_RECONCILIATION, INFISICAL_VERCEL_TARGETS, INTEGRATION_EDGE_TYPES, InvariantManifestSchema, JUDGMENT_TYPES, MAX_ENTITY_LIMIT, MAX_SECTION_LIMIT, MAX_TOKEN_BUDGET, MERGE_OUTCOMES, MIN_CONTRADICTION_BUDGET, MIN_TOKEN_BUDGET, MIN_TOKEN_ESTIMATE, MORNING_BRIEF_WORKFLOW_ID, NIGHTLY_RECONCILIATION_WORKFLOW_ID, PRIORITY_SCORES, PULL_REQUEST_STATUSES, RANKING_WEIGHTS, REASONING_METHODS, RECENCY_HALF_LIFE_DAYS, RESOLVED_QUESTION_STATUSES, ROOT_TOPIC_ID, SECTION_BUDGET_RATIOS, SESSION_AUTH_MODES, SESSION_LIFECYCLE_STATUSES, SESSION_PRINCIPAL_TYPES, SEVERITY_SCORES, SLOpinionInputSchema, TENANT_BOOTSTRAP_FORBIDDEN_SEED_TABLES, TENANT_BOOTSTRAP_SEED_AUTH_METADATA_FIELDS, TENANT_BOOTSTRAP_SEED_COMPONENTS, TENANT_BOOTSTRAP_SEED_CONTRACT_VERSION, TENANT_BOOTSTRAP_SEED_MANIFEST, TENANT_BOOTSTRAP_SEED_TABLES, TENANT_BOOTSTRAP_TABLE_REQUIREMENTS, TENANT_BOOTSTRAP_TEMPLATE_ACTOR, TENANT_BOOTSTRAP_TEMPLATE_SEED_VERSION, TENANT_BOOTSTRAP_TEMPLATE_TENANT_ID, TENANT_CLIENT_AUTH_MODES, TENANT_CLIENT_CAPABILITIES, TENANT_CLIENT_COMPONENT_CONFIG_IMPORTS, TENANT_CLIENT_CONTRACT_VERSION, TENANT_CLIENT_FORBIDDEN_IMPORT_PATTERNS, TENANT_CLIENT_FORBIDDEN_INSTALL_TOKEN_INFISICAL_PATHS, TENANT_CLIENT_FORBIDDEN_SECRET_ENV, TENANT_CLIENT_FULL_SUITE_PACKAGE_NAMES, TENANT_CLIENT_INSTALLABLE_PACKAGES, TENANT_CLIENT_INSTALL_PROFILES, TENANT_CLIENT_INSTALL_TOKEN_ENV, TENANT_CLIENT_INSTALL_TOKEN_INFISICAL_PATH, TENANT_CLIENT_ISOLATION_RULES, TENANT_CLIENT_MANIFEST, TENANT_CLIENT_OPTIONAL_CONTEXT_FIELDS, TENANT_CLIENT_PRINCIPAL_TYPES, TENANT_CLIENT_PUBLIC_IMPORTS, TENANT_CLIENT_REQUIRED_CONTEXT_FIELDS, TENANT_CLIENT_REQUIRED_SDK_NAMESPACES, TOKENS_PER_WORD, WEBHOOK_MAX_ATTEMPTS, WEBHOOK_RETRY_DELAYS_MS, WORKFLOW_ACTION_KINDS, WORKFLOW_APPROVAL_MODES, WORKFLOW_AUTO_FIX_MODES, WORKFLOW_HOOK_EVENTS, WORKFLOW_INTEGRITY_CHECKS, WORKFLOW_MUTATION_TIERS, WORKFLOW_OUTPUT_KINDS, WORKFLOW_PROOF_ARTIFACT_KINDS, WORKFLOW_RUNTIME_SCHEMA_VERSION, WORKFLOW_RUN_STATUSES, WORKFLOW_STAFFING_HINTS, WORKFLOW_TRIGGER_KINDS, WORKTREE_PHASES, assertEdgePolicyAllowed, assertTenantClientImportAllowed, bigramTokenize, buildDomainEvent, buildProjectedUserFromPermitPrincipal, buildTenantBootstrapTemplateSeedRows, canonicalGeneratedInfisicalEnvName, classifyTenantClientImport, collectTopicNeighborhood, compareEventCursor, dsl_exports as contractDsl, convexTierForVercelDestinationEnvironment, createEventId, createEvidenceProjection, decodeEventCursor, decodePrefixedId, defineProjection, edgePolicyManifest, emitDomainEvent, encodeEventCursor, encodePrefixedId, expectedTenantConvexDeploymentForVercelEnvironment, fillGraphIntelligencePromptTemplate, findEdgePolicy, findInfisicalRuntimePath, findInfisicalRuntimeSurface, findInfisicalSecretDefinition, findInfisicalTenantSoftwareSystem, findInfisicalVercelSyncDestination, findProjectedUserByPermitClerkId, findProjectedUserByPermitPrincipalId, findTenantBootstrapSeedTable, findTenantBootstrapTableRequirement, findTenantClientInstallablePackage, formatTenantClientImportViolation, generatedInfisicalVariableForName, getComponentBoundaryTableLayer, getGraphIntelligenceQuery, hasPrefixedIdPrefix, inferActorType, inferSessionPrincipalType, infisicalSecretDefinitionsForConsumer, infisicalSecretDefinitionsForDestination, isActivePermitProjectionStatus, isAfterCursor, isComponentBoundaryComponentOwnedTable, isGeneratedInfisicalKnownEnvName, isGeneratedInfisicalManagedEnvName, isGraphIntelligenceQueryMode, isLucernPrompt, isTenantBootstrapForbiddenSeedTable, isTenantBootstrapSeedTable, isTenantClientAllowedImport, isTenantClientComponentConfigImport, isTenantClientInstallablePackage, isTenantClientPublicImport, jaccardSimilarity, lastDelegator, listBeliefsProjection, listGraphIntelligenceQueries, listTasksProjection, mapPermitRoleToPlatformRole, tool_contracts_exports as mcpToolsContract, modulateConfidenceProjection, normalizeDelegationChain, normalizeRetentionDays, prepareLexicalQuery, projections, rankEntityConnections, rankEntityTypeMatches, rankWindowScore, readGeneratedInfisicalDestinationEnv, readGeneratedInfisicalEnvValue, readGeneratedInfisicalRuntimeEnvSurface, readGeneratedLucernGatewayEnv, readGeneratedLucernWebPublicEnv, readGeneratedLucernWebServerEnv, readPermitProjectionString, requireActorPrincipalId, rerankLexicalWindow, schemas_exports as schemaContracts, scoreEntityConnection, scoreEntityTypeMatch, scoreLexicalSignal, scoreLexicalSignals, sdk_tools_contract_exports as sdkToolsContract, sortEventsByCursor, stemToken, tenantSoftwareSystemConvexEnvNames, tenantSoftwareSystemOwnsConvexEnvName, tokenOverlapScore, tokenizeSearchText, validateInfisicalSecretDefinitions, vercelCustomEnvironmentIdForTenantSoftwareSystem, wordOverlapScore, wordTokenize };
45300
45737
  //# sourceMappingURL=index.js.map
45301
45738
  //# sourceMappingURL=index.js.map