@lucern/contracts 0.3.0-alpha.12 → 0.3.0-alpha.13
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/auth-context.contract.js +13 -1
- package/dist/auth-context.contract.js.map +1 -1
- package/dist/auth-session.contract.js +13 -1
- package/dist/auth-session.contract.js.map +1 -1
- package/dist/auth.contract.d.ts +1 -1
- package/dist/auth.contract.js +13 -1
- package/dist/auth.contract.js.map +1 -1
- package/dist/component-boundary.contract.js +1 -0
- package/dist/component-boundary.contract.js.map +1 -1
- package/dist/function-registry/beliefs.d.ts +10 -10
- package/dist/function-registry/beliefs.js +53 -2
- package/dist/function-registry/beliefs.js.map +1 -1
- package/dist/function-registry/coding.d.ts +6 -6
- package/dist/function-registry/coding.js +53 -2
- package/dist/function-registry/coding.js.map +1 -1
- package/dist/function-registry/context.d.ts +3 -3
- package/dist/function-registry/context.js +53 -2
- package/dist/function-registry/context.js.map +1 -1
- package/dist/function-registry/contracts.d.ts +3 -3
- package/dist/function-registry/contracts.js +53 -2
- package/dist/function-registry/contracts.js.map +1 -1
- package/dist/function-registry/coordination.d.ts +9 -9
- package/dist/function-registry/coordination.js +53 -2
- package/dist/function-registry/coordination.js.map +1 -1
- package/dist/function-registry/edges.d.ts +6 -6
- package/dist/function-registry/edges.js +53 -2
- package/dist/function-registry/edges.js.map +1 -1
- package/dist/function-registry/evidence.d.ts +8 -8
- package/dist/function-registry/evidence.js +53 -2
- package/dist/function-registry/evidence.js.map +1 -1
- package/dist/function-registry/graph.d.ts +15 -15
- package/dist/function-registry/graph.js +53 -2
- package/dist/function-registry/graph.js.map +1 -1
- package/dist/function-registry/helpers.d.ts +2 -2
- package/dist/function-registry/helpers.js +53 -2
- package/dist/function-registry/helpers.js.map +1 -1
- package/dist/function-registry/identity.d.ts +56 -16
- package/dist/function-registry/identity.js +75 -4
- package/dist/function-registry/identity.js.map +1 -1
- package/dist/function-registry/index.d.ts +1 -1
- package/dist/function-registry/index.js +53 -2
- package/dist/function-registry/index.js.map +1 -1
- package/dist/function-registry/judgments.d.ts +2 -2
- package/dist/function-registry/judgments.js +53 -2
- package/dist/function-registry/judgments.js.map +1 -1
- package/dist/function-registry/legacy.d.ts +1 -1
- package/dist/function-registry/legacy.js +53 -2
- package/dist/function-registry/legacy.js.map +1 -1
- package/dist/function-registry/lenses.d.ts +4 -4
- package/dist/function-registry/lenses.js +53 -2
- package/dist/function-registry/lenses.js.map +1 -1
- package/dist/function-registry/manifest.d.ts +3 -3
- package/dist/function-registry/manifest.js +1 -0
- package/dist/function-registry/manifest.js.map +1 -1
- package/dist/function-registry/nodes.d.ts +8 -8
- package/dist/function-registry/nodes.js +53 -2
- package/dist/function-registry/nodes.js.map +1 -1
- package/dist/function-registry/ontologies.d.ts +11 -11
- package/dist/function-registry/ontologies.js +53 -2
- package/dist/function-registry/ontologies.js.map +1 -1
- package/dist/function-registry/pipeline.d.ts +3 -3
- package/dist/function-registry/pipeline.js +53 -2
- package/dist/function-registry/pipeline.js.map +1 -1
- package/dist/function-registry/questions.d.ts +12 -12
- package/dist/function-registry/questions.js +53 -2
- package/dist/function-registry/questions.js.map +1 -1
- package/dist/function-registry/tasks.d.ts +4 -4
- package/dist/function-registry/tasks.js +53 -2
- package/dist/function-registry/tasks.js.map +1 -1
- package/dist/function-registry/topics.d.ts +7 -7
- package/dist/function-registry/topics.js +53 -2
- package/dist/function-registry/topics.js.map +1 -1
- package/dist/function-registry/types.d.ts +2 -2
- package/dist/function-registry/worktrees.d.ts +11 -11
- package/dist/function-registry/worktrees.js +53 -2
- package/dist/function-registry/worktrees.js.map +1 -1
- package/dist/generated/convexSchemas.js +2 -1
- package/dist/generated/convexSchemas.js.map +1 -1
- package/dist/generated/infisicalRuntimeEnv.js +111 -0
- package/dist/generated/infisicalRuntimeEnv.js.map +1 -1
- package/dist/generated/schema-manifest.json +88 -3
- package/dist/generated/tableOwnership.d.ts +2 -1
- package/dist/generated/tableOwnership.js +2 -0
- package/dist/generated/tableOwnership.js.map +1 -1
- package/dist/generated/tier-expectations.json +6 -3
- package/dist/index.d.ts +2 -2
- package/dist/index.js +290 -20
- package/dist/index.js.map +1 -1
- package/dist/infisical-runtime.contract.d.ts +18 -0
- package/dist/infisical-runtime.contract.js +21 -0
- package/dist/infisical-runtime.contract.js.map +1 -1
- package/dist/manifests/infisical-runtime-manifest.d.ts +18 -0
- package/dist/manifests/infisical-runtime-manifest.js +21 -0
- package/dist/manifests/infisical-runtime-manifest.js.map +1 -1
- package/dist/manifests/tenant-client-manifest.d.ts +8 -3
- package/dist/manifests/tenant-client-manifest.js +18 -1
- package/dist/manifests/tenant-client-manifest.js.map +1 -1
- package/dist/permit-principal-projection.contract.js +2 -3
- package/dist/permit-principal-projection.contract.js.map +1 -1
- package/dist/proof-attestation.json +1 -1
- package/dist/schemas/index.js +33 -0
- package/dist/schemas/index.js.map +1 -1
- package/dist/schemas/manifest.d.ts +75 -0
- package/dist/schemas/manifest.js +33 -0
- package/dist/schemas/manifest.js.map +1 -1
- package/dist/schemas/tables/controlPlane/accessControl.js +3 -0
- package/dist/schemas/tables/controlPlane/accessControl.js.map +1 -1
- package/dist/schemas/tables/kernel/events.d.ts +21 -0
- package/dist/schemas/tables/kernel/events.js +43 -0
- package/dist/schemas/tables/kernel/events.js.map +1 -0
- package/dist/{sdk-tools.contract-BNklQDfB.d.ts → sdk-tools.contract-CKmSsrZ2.d.ts} +1 -1
- package/dist/sdk-tools.contract.d.ts +2 -2
- package/dist/sdk-tools.contract.js +45 -1
- package/dist/sdk-tools.contract.js.map +1 -1
- package/dist/tenant-bootstrap-seed.contract.d.ts +22 -2
- package/dist/tenant-bootstrap-seed.contract.js +15 -2
- package/dist/tenant-bootstrap-seed.contract.js.map +1 -1
- package/dist/tenant-bootstrap-seed.defaults.d.ts +1 -1
- package/dist/tenant-bootstrap-seed.defaults.js +30 -12
- package/dist/tenant-bootstrap-seed.defaults.js.map +1 -1
- package/dist/tenant-client.contract.d.ts +8 -3
- package/dist/tenant-client.contract.js +18 -1
- package/dist/tenant-client.contract.js.map +1 -1
- package/dist/{tool-contracts-BevD9Ho2.d.ts → tool-contracts-C_xvM9q2.d.ts} +4 -2
- package/dist/tool-contracts.d.ts +1 -1
- package/dist/tool-contracts.js +46 -2
- package/dist/tool-contracts.js.map +1 -1
- package/package.json +1 -1
|
@@ -115,7 +115,7 @@ declare const contractsContracts: readonly [{
|
|
|
115
115
|
};
|
|
116
116
|
auth: {
|
|
117
117
|
scopes: string[];
|
|
118
|
-
allowedPrincipalTypes: ("user" | "service" | "agent")[];
|
|
118
|
+
allowedPrincipalTypes: ("user" | "service" | "agent" | "group" | "external_viewer")[];
|
|
119
119
|
};
|
|
120
120
|
convex: FunctionConvexTarget | undefined;
|
|
121
121
|
gateway: FunctionGatewayTarget | undefined;
|
|
@@ -155,7 +155,7 @@ declare const contractsContracts: readonly [{
|
|
|
155
155
|
};
|
|
156
156
|
auth: {
|
|
157
157
|
scopes: string[];
|
|
158
|
-
allowedPrincipalTypes: ("user" | "service" | "agent")[];
|
|
158
|
+
allowedPrincipalTypes: ("user" | "service" | "agent" | "group" | "external_viewer")[];
|
|
159
159
|
};
|
|
160
160
|
convex: FunctionConvexTarget | undefined;
|
|
161
161
|
gateway: FunctionGatewayTarget | undefined;
|
|
@@ -195,7 +195,7 @@ declare const contractsContracts: readonly [{
|
|
|
195
195
|
};
|
|
196
196
|
auth: {
|
|
197
197
|
scopes: string[];
|
|
198
|
-
allowedPrincipalTypes: ("user" | "service" | "agent")[];
|
|
198
|
+
allowedPrincipalTypes: ("user" | "service" | "agent" | "group" | "external_viewer")[];
|
|
199
199
|
};
|
|
200
200
|
convex: FunctionConvexTarget | undefined;
|
|
201
201
|
gateway: FunctionGatewayTarget | undefined;
|
|
@@ -2328,7 +2328,7 @@ var IDENTITY_WHOAMI = {
|
|
|
2328
2328
|
description: "Canonical identity summary for the current session",
|
|
2329
2329
|
fields: {
|
|
2330
2330
|
principalId: "string \u2014 canonical federated principal identifier",
|
|
2331
|
-
principalType: "string \u2014 human, service, or
|
|
2331
|
+
principalType: "string \u2014 human, service, agent, group, or external_viewer",
|
|
2332
2332
|
tenantId: "string | undefined \u2014 resolved tenant scope",
|
|
2333
2333
|
workspaceId: "string | undefined \u2014 resolved workspace scope",
|
|
2334
2334
|
scopes: "string[] | undefined \u2014 granted scopes for this session",
|
|
@@ -2339,6 +2339,49 @@ var IDENTITY_WHOAMI = {
|
|
|
2339
2339
|
ontologyPrimitive: "identity",
|
|
2340
2340
|
tier: "workhorse"
|
|
2341
2341
|
};
|
|
2342
|
+
var RESOLVE_INTERACTIVE_PRINCIPAL = {
|
|
2343
|
+
name: "resolve_interactive_principal",
|
|
2344
|
+
description: "Read the Permit-backed Lucern principal context for an authenticated Clerk user. Like `git config --get user.email` plus the repository ACL \u2014 resolves the identity alias into the canonical authorization subject.",
|
|
2345
|
+
parameters: {
|
|
2346
|
+
clerkId: {
|
|
2347
|
+
type: "string",
|
|
2348
|
+
description: "Authenticated Clerk subject (`sub`). Clerk proves identity only; it is not the authorization record."
|
|
2349
|
+
},
|
|
2350
|
+
tenantId: {
|
|
2351
|
+
type: "string",
|
|
2352
|
+
description: "Optional tenant scope. Omit only when the Clerk alias is globally unambiguous."
|
|
2353
|
+
},
|
|
2354
|
+
workspaceId: {
|
|
2355
|
+
type: "string",
|
|
2356
|
+
description: "Optional workspace scope. Required when the principal has access to multiple workspaces and no default can be inferred."
|
|
2357
|
+
},
|
|
2358
|
+
providerProjectId: {
|
|
2359
|
+
type: "string",
|
|
2360
|
+
description: "Optional Clerk project or provider instance id for tenants with multiple identity providers."
|
|
2361
|
+
}
|
|
2362
|
+
},
|
|
2363
|
+
required: ["clerkId"],
|
|
2364
|
+
response: {
|
|
2365
|
+
description: "Permit-backed Lucern principal context for tenant SDK bootstrap",
|
|
2366
|
+
fields: {
|
|
2367
|
+
principalId: "string \u2014 canonical Lucern principal identifier",
|
|
2368
|
+
principalType: "string \u2014 human, service, agent, group, or external_viewer",
|
|
2369
|
+
clerkId: "string \u2014 authenticated Clerk subject alias",
|
|
2370
|
+
tenantId: "string \u2014 resolved tenant scope",
|
|
2371
|
+
workspaceId: "string | null \u2014 resolved workspace scope",
|
|
2372
|
+
roles: "string[] \u2014 effective Permit roles",
|
|
2373
|
+
scopes: "string[] \u2014 effective scopes derived from Permit/control-plane projection",
|
|
2374
|
+
groupIds: "string[] \u2014 active Permit group memberships",
|
|
2375
|
+
principalStatus: "string \u2014 active, invited, suspended, disabled, revoked, or missing",
|
|
2376
|
+
tenantStatus: "string \u2014 projected tenant resource status",
|
|
2377
|
+
workspaceStatus: "string \u2014 projected workspace resource status",
|
|
2378
|
+
permit: "object \u2014 Permit subject, tenant, and optional workspace tuple"
|
|
2379
|
+
}
|
|
2380
|
+
},
|
|
2381
|
+
ownerModule: "control-plane",
|
|
2382
|
+
ontologyPrimitive: "identity",
|
|
2383
|
+
tier: "workhorse"
|
|
2384
|
+
};
|
|
2342
2385
|
var COMPILE_CONTEXT = {
|
|
2343
2386
|
name: "compile_context",
|
|
2344
2387
|
description: "Compile a focused reasoning context. If topicId is omitted, Lucern resolves the best topic from the query. Like `git log --graph --decorate` for the reasoning substrate \u2014 returns the canonical Pillar 3 context pack through the public API shape.",
|
|
@@ -4241,6 +4284,7 @@ var MCP_TOOL_CONTRACTS = {
|
|
|
4241
4284
|
update_worktree_targets: UPDATE_WORKTREE_TARGETS,
|
|
4242
4285
|
update_worktree_metadata: UPDATE_WORKTREE_METADATA,
|
|
4243
4286
|
identity_whoami: IDENTITY_WHOAMI,
|
|
4287
|
+
resolve_interactive_principal: RESOLVE_INTERACTIVE_PRINCIPAL,
|
|
4244
4288
|
compile_context: COMPILE_CONTEXT,
|
|
4245
4289
|
record_scope_learning: RECORD_SCOPE_LEARNING,
|
|
4246
4290
|
pipeline_snapshot: PIPELINE_SNAPSHOT,
|
|
@@ -4358,6 +4402,7 @@ function entries(names, surfaceClass, surfaceIntent, surfaces, rationale) {
|
|
|
4358
4402
|
var MCP_CORE_OPERATION_NAMES = [
|
|
4359
4403
|
"compile_context",
|
|
4360
4404
|
"identity_whoami",
|
|
4405
|
+
"resolve_interactive_principal",
|
|
4361
4406
|
"check_permission",
|
|
4362
4407
|
"filter_by_permission",
|
|
4363
4408
|
"create_belief",
|
|
@@ -4895,7 +4940,13 @@ function surfaceContract(args) {
|
|
|
4895
4940
|
scopes: args.scopes ?? [
|
|
4896
4941
|
args.kind === "query" ? `${args.domain}.read` : `${args.domain}.write`
|
|
4897
4942
|
],
|
|
4898
|
-
allowedPrincipalTypes: [
|
|
4943
|
+
allowedPrincipalTypes: [
|
|
4944
|
+
"user",
|
|
4945
|
+
"service",
|
|
4946
|
+
"agent",
|
|
4947
|
+
"group",
|
|
4948
|
+
"external_viewer"
|
|
4949
|
+
]
|
|
4899
4950
|
},
|
|
4900
4951
|
convex: args.convex,
|
|
4901
4952
|
gateway: args.gateway,
|