@lucern/contracts 0.3.0-alpha.12 → 0.3.0-alpha.13

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (128) hide show
  1. package/dist/auth-context.contract.js +13 -1
  2. package/dist/auth-context.contract.js.map +1 -1
  3. package/dist/auth-session.contract.js +13 -1
  4. package/dist/auth-session.contract.js.map +1 -1
  5. package/dist/auth.contract.d.ts +1 -1
  6. package/dist/auth.contract.js +13 -1
  7. package/dist/auth.contract.js.map +1 -1
  8. package/dist/component-boundary.contract.js +1 -0
  9. package/dist/component-boundary.contract.js.map +1 -1
  10. package/dist/function-registry/beliefs.d.ts +10 -10
  11. package/dist/function-registry/beliefs.js +53 -2
  12. package/dist/function-registry/beliefs.js.map +1 -1
  13. package/dist/function-registry/coding.d.ts +6 -6
  14. package/dist/function-registry/coding.js +53 -2
  15. package/dist/function-registry/coding.js.map +1 -1
  16. package/dist/function-registry/context.d.ts +3 -3
  17. package/dist/function-registry/context.js +53 -2
  18. package/dist/function-registry/context.js.map +1 -1
  19. package/dist/function-registry/contracts.d.ts +3 -3
  20. package/dist/function-registry/contracts.js +53 -2
  21. package/dist/function-registry/contracts.js.map +1 -1
  22. package/dist/function-registry/coordination.d.ts +9 -9
  23. package/dist/function-registry/coordination.js +53 -2
  24. package/dist/function-registry/coordination.js.map +1 -1
  25. package/dist/function-registry/edges.d.ts +6 -6
  26. package/dist/function-registry/edges.js +53 -2
  27. package/dist/function-registry/edges.js.map +1 -1
  28. package/dist/function-registry/evidence.d.ts +8 -8
  29. package/dist/function-registry/evidence.js +53 -2
  30. package/dist/function-registry/evidence.js.map +1 -1
  31. package/dist/function-registry/graph.d.ts +15 -15
  32. package/dist/function-registry/graph.js +53 -2
  33. package/dist/function-registry/graph.js.map +1 -1
  34. package/dist/function-registry/helpers.d.ts +2 -2
  35. package/dist/function-registry/helpers.js +53 -2
  36. package/dist/function-registry/helpers.js.map +1 -1
  37. package/dist/function-registry/identity.d.ts +56 -16
  38. package/dist/function-registry/identity.js +75 -4
  39. package/dist/function-registry/identity.js.map +1 -1
  40. package/dist/function-registry/index.d.ts +1 -1
  41. package/dist/function-registry/index.js +53 -2
  42. package/dist/function-registry/index.js.map +1 -1
  43. package/dist/function-registry/judgments.d.ts +2 -2
  44. package/dist/function-registry/judgments.js +53 -2
  45. package/dist/function-registry/judgments.js.map +1 -1
  46. package/dist/function-registry/legacy.d.ts +1 -1
  47. package/dist/function-registry/legacy.js +53 -2
  48. package/dist/function-registry/legacy.js.map +1 -1
  49. package/dist/function-registry/lenses.d.ts +4 -4
  50. package/dist/function-registry/lenses.js +53 -2
  51. package/dist/function-registry/lenses.js.map +1 -1
  52. package/dist/function-registry/manifest.d.ts +3 -3
  53. package/dist/function-registry/manifest.js +1 -0
  54. package/dist/function-registry/manifest.js.map +1 -1
  55. package/dist/function-registry/nodes.d.ts +8 -8
  56. package/dist/function-registry/nodes.js +53 -2
  57. package/dist/function-registry/nodes.js.map +1 -1
  58. package/dist/function-registry/ontologies.d.ts +11 -11
  59. package/dist/function-registry/ontologies.js +53 -2
  60. package/dist/function-registry/ontologies.js.map +1 -1
  61. package/dist/function-registry/pipeline.d.ts +3 -3
  62. package/dist/function-registry/pipeline.js +53 -2
  63. package/dist/function-registry/pipeline.js.map +1 -1
  64. package/dist/function-registry/questions.d.ts +12 -12
  65. package/dist/function-registry/questions.js +53 -2
  66. package/dist/function-registry/questions.js.map +1 -1
  67. package/dist/function-registry/tasks.d.ts +4 -4
  68. package/dist/function-registry/tasks.js +53 -2
  69. package/dist/function-registry/tasks.js.map +1 -1
  70. package/dist/function-registry/topics.d.ts +7 -7
  71. package/dist/function-registry/topics.js +53 -2
  72. package/dist/function-registry/topics.js.map +1 -1
  73. package/dist/function-registry/types.d.ts +2 -2
  74. package/dist/function-registry/worktrees.d.ts +11 -11
  75. package/dist/function-registry/worktrees.js +53 -2
  76. package/dist/function-registry/worktrees.js.map +1 -1
  77. package/dist/generated/convexSchemas.js +2 -1
  78. package/dist/generated/convexSchemas.js.map +1 -1
  79. package/dist/generated/infisicalRuntimeEnv.js +111 -0
  80. package/dist/generated/infisicalRuntimeEnv.js.map +1 -1
  81. package/dist/generated/schema-manifest.json +88 -3
  82. package/dist/generated/tableOwnership.d.ts +2 -1
  83. package/dist/generated/tableOwnership.js +2 -0
  84. package/dist/generated/tableOwnership.js.map +1 -1
  85. package/dist/generated/tier-expectations.json +6 -3
  86. package/dist/index.d.ts +2 -2
  87. package/dist/index.js +290 -20
  88. package/dist/index.js.map +1 -1
  89. package/dist/infisical-runtime.contract.d.ts +18 -0
  90. package/dist/infisical-runtime.contract.js +21 -0
  91. package/dist/infisical-runtime.contract.js.map +1 -1
  92. package/dist/manifests/infisical-runtime-manifest.d.ts +18 -0
  93. package/dist/manifests/infisical-runtime-manifest.js +21 -0
  94. package/dist/manifests/infisical-runtime-manifest.js.map +1 -1
  95. package/dist/manifests/tenant-client-manifest.d.ts +8 -3
  96. package/dist/manifests/tenant-client-manifest.js +18 -1
  97. package/dist/manifests/tenant-client-manifest.js.map +1 -1
  98. package/dist/permit-principal-projection.contract.js +2 -3
  99. package/dist/permit-principal-projection.contract.js.map +1 -1
  100. package/dist/proof-attestation.json +1 -1
  101. package/dist/schemas/index.js +33 -0
  102. package/dist/schemas/index.js.map +1 -1
  103. package/dist/schemas/manifest.d.ts +75 -0
  104. package/dist/schemas/manifest.js +33 -0
  105. package/dist/schemas/manifest.js.map +1 -1
  106. package/dist/schemas/tables/controlPlane/accessControl.js +3 -0
  107. package/dist/schemas/tables/controlPlane/accessControl.js.map +1 -1
  108. package/dist/schemas/tables/kernel/events.d.ts +21 -0
  109. package/dist/schemas/tables/kernel/events.js +43 -0
  110. package/dist/schemas/tables/kernel/events.js.map +1 -0
  111. package/dist/{sdk-tools.contract-BNklQDfB.d.ts → sdk-tools.contract-CKmSsrZ2.d.ts} +1 -1
  112. package/dist/sdk-tools.contract.d.ts +2 -2
  113. package/dist/sdk-tools.contract.js +45 -1
  114. package/dist/sdk-tools.contract.js.map +1 -1
  115. package/dist/tenant-bootstrap-seed.contract.d.ts +22 -2
  116. package/dist/tenant-bootstrap-seed.contract.js +15 -2
  117. package/dist/tenant-bootstrap-seed.contract.js.map +1 -1
  118. package/dist/tenant-bootstrap-seed.defaults.d.ts +1 -1
  119. package/dist/tenant-bootstrap-seed.defaults.js +30 -12
  120. package/dist/tenant-bootstrap-seed.defaults.js.map +1 -1
  121. package/dist/tenant-client.contract.d.ts +8 -3
  122. package/dist/tenant-client.contract.js +18 -1
  123. package/dist/tenant-client.contract.js.map +1 -1
  124. package/dist/{tool-contracts-BevD9Ho2.d.ts → tool-contracts-C_xvM9q2.d.ts} +4 -2
  125. package/dist/tool-contracts.d.ts +1 -1
  126. package/dist/tool-contracts.js +46 -2
  127. package/dist/tool-contracts.js.map +1 -1
  128. package/package.json +1 -1
@@ -1,11 +1,11 @@
1
1
  import { z } from 'zod';
2
2
  import { F as FunctionEffect } from '../defineFunction-DO97DKs4.js';
3
- import { M as McpToolContract } from '../tool-contracts-BevD9Ho2.js';
3
+ import { M as McpToolContract } from '../tool-contracts-C_xvM9q2.js';
4
4
 
5
5
  type FunctionKind = "query" | "mutation" | "action";
6
6
  type FunctionIdempotency = boolean | "required";
7
7
  type FunctionSurfaceIntent = "mcp_core" | "mcp_analysis" | "mcp_workflow" | "mcp_governance" | "system" | "compatibility" | "sdk_granular";
8
- type FunctionPrincipalType = "user" | "service" | "agent";
8
+ type FunctionPrincipalType = "user" | "service" | "agent" | "group" | "external_viewer";
9
9
  type SurfaceClass = "platform_public" | "tenant_public" | "platform_internal" | "legacy_compat" | "application_tool" | "external_connector";
10
10
  type SurfaceExposure = "public" | "internal" | "none";
11
11
  type FunctionSurfaceMap = {
@@ -115,7 +115,7 @@ declare const worktreesContracts: readonly [{
115
115
  };
116
116
  auth: {
117
117
  scopes: string[];
118
- allowedPrincipalTypes: ("user" | "service" | "agent")[];
118
+ allowedPrincipalTypes: ("user" | "service" | "agent" | "group" | "external_viewer")[];
119
119
  };
120
120
  convex: FunctionConvexTarget | undefined;
121
121
  gateway: FunctionGatewayTarget | undefined;
@@ -155,7 +155,7 @@ declare const worktreesContracts: readonly [{
155
155
  };
156
156
  auth: {
157
157
  scopes: string[];
158
- allowedPrincipalTypes: ("user" | "service" | "agent")[];
158
+ allowedPrincipalTypes: ("user" | "service" | "agent" | "group" | "external_viewer")[];
159
159
  };
160
160
  convex: FunctionConvexTarget | undefined;
161
161
  gateway: FunctionGatewayTarget | undefined;
@@ -195,7 +195,7 @@ declare const worktreesContracts: readonly [{
195
195
  };
196
196
  auth: {
197
197
  scopes: string[];
198
- allowedPrincipalTypes: ("user" | "service" | "agent")[];
198
+ allowedPrincipalTypes: ("user" | "service" | "agent" | "group" | "external_viewer")[];
199
199
  };
200
200
  convex: FunctionConvexTarget | undefined;
201
201
  gateway: FunctionGatewayTarget | undefined;
@@ -235,7 +235,7 @@ declare const worktreesContracts: readonly [{
235
235
  };
236
236
  auth: {
237
237
  scopes: string[];
238
- allowedPrincipalTypes: ("user" | "service" | "agent")[];
238
+ allowedPrincipalTypes: ("user" | "service" | "agent" | "group" | "external_viewer")[];
239
239
  };
240
240
  convex: FunctionConvexTarget | undefined;
241
241
  gateway: FunctionGatewayTarget | undefined;
@@ -275,7 +275,7 @@ declare const worktreesContracts: readonly [{
275
275
  };
276
276
  auth: {
277
277
  scopes: string[];
278
- allowedPrincipalTypes: ("user" | "service" | "agent")[];
278
+ allowedPrincipalTypes: ("user" | "service" | "agent" | "group" | "external_viewer")[];
279
279
  };
280
280
  convex: FunctionConvexTarget | undefined;
281
281
  gateway: FunctionGatewayTarget | undefined;
@@ -315,7 +315,7 @@ declare const worktreesContracts: readonly [{
315
315
  };
316
316
  auth: {
317
317
  scopes: string[];
318
- allowedPrincipalTypes: ("user" | "service" | "agent")[];
318
+ allowedPrincipalTypes: ("user" | "service" | "agent" | "group" | "external_viewer")[];
319
319
  };
320
320
  convex: FunctionConvexTarget | undefined;
321
321
  gateway: FunctionGatewayTarget | undefined;
@@ -355,7 +355,7 @@ declare const worktreesContracts: readonly [{
355
355
  };
356
356
  auth: {
357
357
  scopes: string[];
358
- allowedPrincipalTypes: ("user" | "service" | "agent")[];
358
+ allowedPrincipalTypes: ("user" | "service" | "agent" | "group" | "external_viewer")[];
359
359
  };
360
360
  convex: FunctionConvexTarget | undefined;
361
361
  gateway: FunctionGatewayTarget | undefined;
@@ -395,7 +395,7 @@ declare const worktreesContracts: readonly [{
395
395
  };
396
396
  auth: {
397
397
  scopes: string[];
398
- allowedPrincipalTypes: ("user" | "service" | "agent")[];
398
+ allowedPrincipalTypes: ("user" | "service" | "agent" | "group" | "external_viewer")[];
399
399
  };
400
400
  convex: FunctionConvexTarget | undefined;
401
401
  gateway: FunctionGatewayTarget | undefined;
@@ -435,7 +435,7 @@ declare const worktreesContracts: readonly [{
435
435
  };
436
436
  auth: {
437
437
  scopes: string[];
438
- allowedPrincipalTypes: ("user" | "service" | "agent")[];
438
+ allowedPrincipalTypes: ("user" | "service" | "agent" | "group" | "external_viewer")[];
439
439
  };
440
440
  convex: FunctionConvexTarget | undefined;
441
441
  gateway: FunctionGatewayTarget | undefined;
@@ -475,7 +475,7 @@ declare const worktreesContracts: readonly [{
475
475
  };
476
476
  auth: {
477
477
  scopes: string[];
478
- allowedPrincipalTypes: ("user" | "service" | "agent")[];
478
+ allowedPrincipalTypes: ("user" | "service" | "agent" | "group" | "external_viewer")[];
479
479
  };
480
480
  convex: FunctionConvexTarget | undefined;
481
481
  gateway: FunctionGatewayTarget | undefined;
@@ -515,7 +515,7 @@ declare const worktreesContracts: readonly [{
515
515
  };
516
516
  auth: {
517
517
  scopes: string[];
518
- allowedPrincipalTypes: ("user" | "service" | "agent")[];
518
+ allowedPrincipalTypes: ("user" | "service" | "agent" | "group" | "external_viewer")[];
519
519
  };
520
520
  convex: FunctionConvexTarget | undefined;
521
521
  gateway: FunctionGatewayTarget | undefined;
@@ -2328,7 +2328,7 @@ var IDENTITY_WHOAMI = {
2328
2328
  description: "Canonical identity summary for the current session",
2329
2329
  fields: {
2330
2330
  principalId: "string \u2014 canonical federated principal identifier",
2331
- principalType: "string \u2014 human, service, or agent",
2331
+ principalType: "string \u2014 human, service, agent, group, or external_viewer",
2332
2332
  tenantId: "string | undefined \u2014 resolved tenant scope",
2333
2333
  workspaceId: "string | undefined \u2014 resolved workspace scope",
2334
2334
  scopes: "string[] | undefined \u2014 granted scopes for this session",
@@ -2339,6 +2339,49 @@ var IDENTITY_WHOAMI = {
2339
2339
  ontologyPrimitive: "identity",
2340
2340
  tier: "workhorse"
2341
2341
  };
2342
+ var RESOLVE_INTERACTIVE_PRINCIPAL = {
2343
+ name: "resolve_interactive_principal",
2344
+ description: "Read the Permit-backed Lucern principal context for an authenticated Clerk user. Like `git config --get user.email` plus the repository ACL \u2014 resolves the identity alias into the canonical authorization subject.",
2345
+ parameters: {
2346
+ clerkId: {
2347
+ type: "string",
2348
+ description: "Authenticated Clerk subject (`sub`). Clerk proves identity only; it is not the authorization record."
2349
+ },
2350
+ tenantId: {
2351
+ type: "string",
2352
+ description: "Optional tenant scope. Omit only when the Clerk alias is globally unambiguous."
2353
+ },
2354
+ workspaceId: {
2355
+ type: "string",
2356
+ description: "Optional workspace scope. Required when the principal has access to multiple workspaces and no default can be inferred."
2357
+ },
2358
+ providerProjectId: {
2359
+ type: "string",
2360
+ description: "Optional Clerk project or provider instance id for tenants with multiple identity providers."
2361
+ }
2362
+ },
2363
+ required: ["clerkId"],
2364
+ response: {
2365
+ description: "Permit-backed Lucern principal context for tenant SDK bootstrap",
2366
+ fields: {
2367
+ principalId: "string \u2014 canonical Lucern principal identifier",
2368
+ principalType: "string \u2014 human, service, agent, group, or external_viewer",
2369
+ clerkId: "string \u2014 authenticated Clerk subject alias",
2370
+ tenantId: "string \u2014 resolved tenant scope",
2371
+ workspaceId: "string | null \u2014 resolved workspace scope",
2372
+ roles: "string[] \u2014 effective Permit roles",
2373
+ scopes: "string[] \u2014 effective scopes derived from Permit/control-plane projection",
2374
+ groupIds: "string[] \u2014 active Permit group memberships",
2375
+ principalStatus: "string \u2014 active, invited, suspended, disabled, revoked, or missing",
2376
+ tenantStatus: "string \u2014 projected tenant resource status",
2377
+ workspaceStatus: "string \u2014 projected workspace resource status",
2378
+ permit: "object \u2014 Permit subject, tenant, and optional workspace tuple"
2379
+ }
2380
+ },
2381
+ ownerModule: "control-plane",
2382
+ ontologyPrimitive: "identity",
2383
+ tier: "workhorse"
2384
+ };
2342
2385
  var COMPILE_CONTEXT = {
2343
2386
  name: "compile_context",
2344
2387
  description: "Compile a focused reasoning context. If topicId is omitted, Lucern resolves the best topic from the query. Like `git log --graph --decorate` for the reasoning substrate \u2014 returns the canonical Pillar 3 context pack through the public API shape.",
@@ -4241,6 +4284,7 @@ var MCP_TOOL_CONTRACTS = {
4241
4284
  update_worktree_targets: UPDATE_WORKTREE_TARGETS,
4242
4285
  update_worktree_metadata: UPDATE_WORKTREE_METADATA,
4243
4286
  identity_whoami: IDENTITY_WHOAMI,
4287
+ resolve_interactive_principal: RESOLVE_INTERACTIVE_PRINCIPAL,
4244
4288
  compile_context: COMPILE_CONTEXT,
4245
4289
  record_scope_learning: RECORD_SCOPE_LEARNING,
4246
4290
  pipeline_snapshot: PIPELINE_SNAPSHOT,
@@ -4358,6 +4402,7 @@ function entries(names, surfaceClass, surfaceIntent, surfaces, rationale) {
4358
4402
  var MCP_CORE_OPERATION_NAMES = [
4359
4403
  "compile_context",
4360
4404
  "identity_whoami",
4405
+ "resolve_interactive_principal",
4361
4406
  "check_permission",
4362
4407
  "filter_by_permission",
4363
4408
  "create_belief",
@@ -4915,7 +4960,13 @@ function surfaceContract(args) {
4915
4960
  scopes: args.scopes ?? [
4916
4961
  args.kind === "query" ? `${args.domain}.read` : `${args.domain}.write`
4917
4962
  ],
4918
- allowedPrincipalTypes: ["user", "service", "agent"]
4963
+ allowedPrincipalTypes: [
4964
+ "user",
4965
+ "service",
4966
+ "agent",
4967
+ "group",
4968
+ "external_viewer"
4969
+ ]
4919
4970
  },
4920
4971
  convex: args.convex,
4921
4972
  gateway: args.gateway,