@lucern/contracts 0.3.0-alpha.16 → 0.3.0-alpha.17
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +3 -0
- package/dist/auth-context.contract.js +1 -1
- package/dist/auth-context.contract.js.map +1 -1
- package/dist/auth-session.contract.js +1 -1
- package/dist/auth-session.contract.js.map +1 -1
- package/dist/auth.contract.js +1 -1
- package/dist/auth.contract.js.map +1 -1
- package/dist/function-registry/beliefs.js +4 -4
- package/dist/function-registry/beliefs.js.map +1 -1
- package/dist/function-registry/coding.js +4 -4
- package/dist/function-registry/coding.js.map +1 -1
- package/dist/function-registry/context.js +4 -4
- package/dist/function-registry/context.js.map +1 -1
- package/dist/function-registry/contracts.js +4 -4
- package/dist/function-registry/contracts.js.map +1 -1
- package/dist/function-registry/coordination.js +4 -4
- package/dist/function-registry/coordination.js.map +1 -1
- package/dist/function-registry/edges.js +4 -4
- package/dist/function-registry/edges.js.map +1 -1
- package/dist/function-registry/evidence.js +4 -4
- package/dist/function-registry/evidence.js.map +1 -1
- package/dist/function-registry/graph.js +4 -4
- package/dist/function-registry/graph.js.map +1 -1
- package/dist/function-registry/helpers.js +4 -4
- package/dist/function-registry/helpers.js.map +1 -1
- package/dist/function-registry/identity.js +4 -4
- package/dist/function-registry/identity.js.map +1 -1
- package/dist/function-registry/index.js +4 -4
- package/dist/function-registry/index.js.map +1 -1
- package/dist/function-registry/judgments.js +4 -4
- package/dist/function-registry/judgments.js.map +1 -1
- package/dist/function-registry/legacy.js +4 -4
- package/dist/function-registry/legacy.js.map +1 -1
- package/dist/function-registry/lenses.js +4 -4
- package/dist/function-registry/lenses.js.map +1 -1
- package/dist/function-registry/nodes.js +4 -4
- package/dist/function-registry/nodes.js.map +1 -1
- package/dist/function-registry/ontologies.js +4 -4
- package/dist/function-registry/ontologies.js.map +1 -1
- package/dist/function-registry/pipeline.js +4 -4
- package/dist/function-registry/pipeline.js.map +1 -1
- package/dist/function-registry/questions.js +4 -4
- package/dist/function-registry/questions.js.map +1 -1
- package/dist/function-registry/tasks.js +4 -4
- package/dist/function-registry/tasks.js.map +1 -1
- package/dist/function-registry/topics.js +4 -4
- package/dist/function-registry/topics.js.map +1 -1
- package/dist/function-registry/worktrees.js +20 -4
- package/dist/function-registry/worktrees.js.map +1 -1
- package/dist/gateway.contract.d.ts +1 -0
- package/dist/gateway.contract.js.map +1 -1
- package/dist/generated/convexSchemas.js +1 -1
- package/dist/generated/convexSchemas.js.map +1 -1
- package/dist/generated/infisicalRuntimeEnv.js +300 -6
- package/dist/generated/infisicalRuntimeEnv.js.map +1 -1
- package/dist/index.js +363 -16
- package/dist/index.js.map +1 -1
- package/dist/infisical-runtime.contract.d.ts +41 -3
- package/dist/infisical-runtime.contract.js +49 -3
- package/dist/infisical-runtime.contract.js.map +1 -1
- package/dist/manifests/infisical-runtime-manifest.d.ts +41 -3
- package/dist/manifests/infisical-runtime-manifest.js +49 -3
- package/dist/manifests/infisical-runtime-manifest.js.map +1 -1
- package/dist/permit-principal-projection.contract.js +8 -1
- package/dist/permit-principal-projection.contract.js.map +1 -1
- package/dist/proof-attestation.json +1 -1
- package/dist/schemas/index.js +1 -1
- package/dist/schemas/index.js.map +1 -1
- package/dist/schemas/manifest.d.ts +5 -5
- package/dist/schemas/manifest.js +1 -1
- package/dist/schemas/manifest.js.map +1 -1
- package/dist/schemas/tables/mc/tenant.d.ts +1 -1
- package/dist/schemas/tables/mc/tenant.js +1 -1
- package/dist/schemas/tables/mc/tenant.js.map +1 -1
- package/dist/sdk-tools.contract.js +4 -4
- package/dist/sdk-tools.contract.js.map +1 -1
- package/dist/tool-contracts.js +4 -4
- package/dist/tool-contracts.js.map +1 -1
- package/package.json +1 -1
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"sources":["../src/gateway.contract.ts"],"names":[],"mappings":";
|
|
1
|
+
{"version":3,"sources":["../src/gateway.contract.ts"],"names":[],"mappings":";AAiJO,SAAS,wBACd,WAAA,EACQ;AACR,EAAA,MAAM,WAAA,GACJ,OAAO,WAAA,CAAY,WAAA,KAAgB,WAC/B,WAAA,CAAY,WAAA,CAAY,MAAK,GAC7B,EAAA;AACN,EAAA,IAAI,WAAA,CAAY,SAAS,CAAA,EAAG;AAC1B,IAAA,OAAO,WAAA;AAAA,EACT;AACA,EAAA,MAAM,IAAI,MAAM,sDAAsD,CAAA;AACxE","file":"gateway.contract.js","sourcesContent":["/**\n * Gateway contract types — shared between Stack's gateway middleware and\n * Lucern's server-core / gateway route handlers.\n *\n * These types describe the authenticated request context that flows from\n * the gateway into Lucern route handlers. The gateway (Stack-side) creates\n * the context; Lucern consumes it read-only.\n *\n * @module @lucern/contracts/src/gateway\n */\n\nimport type {\n SessionAuthMode,\n SessionDelegationHop,\n SessionPrincipalType,\n} from \"./auth-session.contract\";\n\n// ---------------------------------------------------------------------------\n// Error codes\n// ---------------------------------------------------------------------------\n\nexport type PlatformApiErrorCode =\n | \"AUTH_REQUIRED\"\n | \"AUTHENTICATION_REQUIRED\"\n | \"AUTH_TOKEN_MISSING\"\n | \"INVALID_REQUEST\"\n | \"IDEMPOTENCY_KEY_REQUIRED\"\n | \"FORBIDDEN\"\n | \"SCOPE_INSUFFICIENT\"\n | \"ENVIRONMENT_MISMATCH\"\n | \"KEY_EXPIRED\"\n | \"KEY_REVOKED\"\n | \"RATE_LIMIT_EXCEEDED\"\n | \"NOT_FOUND\"\n | \"CONFLICT\"\n | \"UPSTREAM_ERROR\"\n | \"INTERNAL_ERROR\";\n\n// ---------------------------------------------------------------------------\n// Gateway scope and environment\n// ---------------------------------------------------------------------------\n\nexport type GatewayScope = {\n tenantId?: string;\n workspaceId?: string;\n};\n\nexport type GatewayEnvironment = \"sandbox\" | \"production\";\n\nexport type GatewayAuthMode =\n | \"interactive_user\"\n | \"service_principal\"\n | \"tenant_api_key\"\n | \"session_token\";\n\nexport type KeyLifecycleStatus =\n | \"active\"\n | \"rotating\"\n | \"rotated\"\n | \"expired\"\n | \"revoked\";\n\nexport type CutoverDomain =\n | \"graph\"\n | \"schema\"\n | \"identity\"\n | \"policy\"\n | \"audit\"\n | \"admin\"\n | \"agent\"\n | \"tool\"\n | \"prompt\"\n | \"intelligence\";\n\nexport type CutoverFlagState = \"legacy\" | \"cutover\" | \"disabled\";\n\n// ---------------------------------------------------------------------------\n// Gateway auth context — the canonical authenticated request shape\n// ---------------------------------------------------------------------------\n\n/**\n * Authenticated request context created by the gateway middleware.\n * Lucern route handlers receive this as a read-only parameter.\n *\n * The `convex` field is typed as `unknown` in the contract because Lucern\n * consumers should not use the gateway's Convex client directly — they\n * have their own kernel client. The gateway (Stack-side) narrows this to\n * `ConvexHttpClient` at the construction site.\n */\nexport type GatewayAuthContext = {\n userId: string;\n clerkId?: string;\n convexToken?: string;\n /** Opaque in contract — narrowed to ConvexHttpClient at the gateway. */\n convex: any; // eslint-disable-line @typescript-eslint/no-explicit-any\n authMode: GatewayAuthMode;\n principalId?: string;\n principalType?: SessionPrincipalType;\n tenantId?: string;\n canonicalTenantId?: string;\n tenantSlug?: string;\n workspaceId?: string;\n workspaceSlug?: string;\n workspaceKey?: string;\n roles?: string[];\n membershipId?: string;\n sessionId?: string;\n sessionAuthMode?: SessionAuthMode;\n sessionExpiresAt?: number;\n delegationChain?: SessionDelegationHop[];\n servicePrincipalId?: string;\n servicePrincipalKeyId?: string;\n servicePrincipalTenantId?: string;\n servicePrincipalWorkspaceId?: string;\n requestEnvironment: GatewayEnvironment;\n keyEnvironment?: GatewayEnvironment;\n keyStatus: KeyLifecycleStatus | \"unknown\";\n grantedScopes: Set<string>;\n cutoverDomain: CutoverDomain;\n cutoverState: CutoverFlagState;\n};\n\n// ---------------------------------------------------------------------------\n// Gateway response helpers — portable (no Next.js dependency)\n// ---------------------------------------------------------------------------\n\nexport type GatewayErrorArgs = {\n code: PlatformApiErrorCode;\n message: string;\n status: number;\n correlationId: string;\n policyTraceId?: string;\n invariant?: string;\n suggestion?: string;\n details?: unknown;\n headers?: HeadersInit;\n};\n\nexport type GatewaySuccessArgs = {\n status?: number;\n correlationId: string;\n policyTraceId?: string;\n idempotentReplay?: boolean;\n};\n\nexport function requireActorPrincipalId(\n authContext: GatewayAuthContext\n): string {\n const principalId =\n typeof authContext.principalId === \"string\"\n ? authContext.principalId.trim()\n : \"\";\n if (principalId.length > 0) {\n return principalId;\n }\n throw new Error(\"Access denied: federated principal context required.\");\n}\n"]}
|
|
@@ -103,7 +103,7 @@ var CONTROL_PLANE_SCHEMA_TABLES = {
|
|
|
103
103
|
var MC_SCHEMA_TABLES = {
|
|
104
104
|
"agentRegistryEntries": defineTable(v.object({ "agentDefinitionId": v.string(), "agentKey": v.string(), "createdAt": v.number(), "createdBy": v.string(), "description": v.string(), "displayName": v.string(), "exampleInvocations": v.array(v.object({ "expectedOutput": v.optional(v.record(v.string(), v.any())), "input": v.record(v.string(), v.any()) })), "executionAdapter": v.union(v.literal("convex_mutation"), v.literal("convex_action"), v.literal("http_callback"), v.literal("mcp_tool"), v.literal("sdk_invocation"), v.literal("external_observed")), "guardrails": v.optional(v.object({ "allowedOrigins": v.optional(v.array(v.string())), "allowNetworkEgress": v.optional(v.boolean()), "heartbeatIntervalMs": v.optional(v.number()), "isolationMode": v.optional(v.union(v.literal("direct"), v.literal("sandbox"))), "maxExecutionMs": v.optional(v.number()), "maxToolCalls": v.optional(v.number()) })), "metadata": v.optional(v.record(v.string(), v.any())), "modelSlot": v.optional(v.string()), "outputSchema": v.optional(v.record(v.string(), v.any())), "parameterSchema": v.record(v.string(), v.any()), "promptName": v.optional(v.string()), "promptReleaseChannel": v.union(v.literal("dev"), v.literal("staging"), v.literal("prod")), "requiredModelCapabilities": v.optional(v.array(v.string())), "runtimeConfig": v.optional(v.object({ "auditMode": v.optional(v.union(v.literal("harness"), v.literal("master_control"))), "callbackUrl": v.optional(v.string()), "entryPoint": v.optional(v.string()), "modelRouting": v.optional(v.union(v.literal("model_machine"), v.literal("tenant_proxy"), v.literal("bring_your_own"))) })), "scopeRequirements": v.array(v.string()), "status": v.union(v.literal("active"), v.literal("deprecated"), v.literal("disabled")), "systemPrompt": v.optional(v.string()), "tenantId": v.id("tenants"), "toolIds": v.optional(v.array(v.string())), "updatedAt": v.number(), "version": v.string(), "workspaceId": v.optional(v.id("workspaces")) })).index("by_agentDefinitionId", ["agentDefinitionId"]).index("by_tenant_agentDefinitionId", ["tenantId", "agentDefinitionId"]).index("by_tenant_agentDefinitionId_version", ["tenantId", "agentDefinitionId", "version"]).index("by_tenant_agentKey", ["tenantId", "agentKey"]).index("by_tenant_agentKey_version", ["tenantId", "agentKey", "version"]).index("by_workspace_agentKey_version", ["workspaceId", "agentKey", "version"]).index("by_tenant_status", ["tenantId", "status"]),
|
|
105
105
|
"apiKeys": defineTable(v.object({ "createdAt": v.number(), "createdBy": v.string(), "environment": v.optional(v.union(v.literal("dev"), v.literal("staging"), v.literal("prod"))), "expiresAt": v.optional(v.number()), "keyHash": v.string(), "keyHint": v.string(), "keyPrefix": v.union(v.literal("luc"), v.literal("stk")), "label": v.optional(v.string()), "lastUsedAt": v.optional(v.number()), "revokedAt": v.optional(v.number()), "revokedBy": v.optional(v.string()), "status": v.union(v.literal("active"), v.literal("revoked"), v.literal("expired")), "tenantId": v.id("tenants"), "updatedAt": v.number(), "workspaceId": v.optional(v.id("workspaces")) })).index("by_tenantId", ["tenantId"]).index("by_keyHash", ["keyHash"]).index("by_tenant_prefix", ["tenantId", "keyPrefix"]).index("by_status", ["status"]),
|
|
106
|
-
"auditLog": defineTable(v.object({ "action": v.union(v.literal("key_created"), v.literal("key_revoked"), v.literal("key_expired"), v.literal("key_used"), v.literal("tenant_secret_created"), v.literal("tenant_secret_rotated"), v.literal("tenant_secret_revoked"), v.literal("tenant_slot_binding_upserted"), v.literal("tenant_slot_binding_revoked"), v.literal("proxy_token_minted"), v.literal("proxy_token_lease_issued"), v.literal("proxy_token_lease_renewed"), v.literal("proxy_token_lease_revoked"), v.literal("proxy_request_recorded"), v.literal("tenant_created"), v.literal("tenant_updated"), v.literal("tenant_suspended"), v.literal("tenant_archived"), v.literal("tenant_reactivated"), v.literal("principal_created"), v.literal("principal_updated"), v.literal("principal_suspended"), v.literal("principal_identity_alias_upserted"), v.literal("principal_identity_alias_revoked"), v.literal("membership_created"), v.literal("membership_updated"), v.literal("membership_revoked"), v.literal("group_created"), v.literal("group_updated"), v.literal("group_deleted"), v.literal("group_member_added"), v.literal("group_member_removed"), v.literal("workspace_created"), v.literal("workspace_updated"), v.literal("workspace_archived"), v.literal("workspace_deployment_set"), v.literal("workspace_deployment_removed"), v.literal("deployment_host_registered"), v.literal("deployment_host_revoked"), v.literal("service_key_created"), v.literal("service_key_rotated"), v.literal("service_key_revoked"), v.literal("service_key_used"), v.literal("service_key_auth_failed"), v.literal("session_created"), v.literal("session_validated"), v.literal("session_revoked"), v.literal("session_cascade_revoked"), v.literal("session_expired"), v.literal("sandbox_created"), v.literal("sandbox_secret_injected"), v.literal("sandbox_execution_started"), v.literal("sandbox_execution_completed"), v.literal("sandbox_limit_violated"), v.literal("policy_created"), v.literal("policy_updated"), v.literal("policy_enforced"), v.literal("policy_archived"), v.literal("permit_sync_enqueued"), v.literal("permit_sync_succeeded"), v.literal("permit_sync_failed"), v.literal("permit_sync_skipped"), v.literal("agent_registered"), v.literal("agent_updated"), v.literal("tool_registered"), v.literal("tool_updated"), v.literal("pack_entitled"), v.literal("pack_installed"), v.literal("pack_enabled"), v.literal("pack_disabled"), v.literal("pack_entitlement_revoked"), v.literal("pack_upgraded"), v.literal("pack_upgrade_committed"), v.literal("pack_upgrade_rolled_back"), v.literal("pack_group_assigned"), v.literal("pack_group_unassigned"), v.literal("methodology_pack_created"), v.literal("methodology_pack_updated"), v.literal("methodology_pack_assigned"), v.literal("methodology_pack_removed"), v.literal("pack_assigned_to_group"), v.literal("pack_revoked_from_group"), v.literal("pack_ontology_materialized"), v.literal("pack_ontology_topic_bound"), v.literal("cutover_flag_set"), v.literal("cutover_flag_cleared")), "actorClerkId": v.string(), "apiKeyId": v.optional(v.id("apiKeys")), "createdAt": v.number(), "details": v.optional(v.any()), "tenantId": v.optional(v.id("tenants")) })).index("by_tenantId", ["tenantId", "createdAt"]).index("by_apiKeyId", ["apiKeyId", "createdAt"]).index("by_action", ["action", "createdAt"]),
|
|
106
|
+
"auditLog": defineTable(v.object({ "action": v.union(v.literal("key_created"), v.literal("key_revoked"), v.literal("key_expired"), v.literal("key_used"), v.literal("tenant_secret_created"), v.literal("tenant_secret_rotated"), v.literal("tenant_secret_revoked"), v.literal("tenant_slot_binding_upserted"), v.literal("tenant_slot_binding_revoked"), v.literal("proxy_token_minted"), v.literal("proxy_token_lease_issued"), v.literal("proxy_token_lease_renewed"), v.literal("proxy_token_lease_revoked"), v.literal("proxy_request_recorded"), v.literal("tenant_created"), v.literal("tenant_updated"), v.literal("tenant_suspended"), v.literal("tenant_archived"), v.literal("tenant_reactivated"), v.literal("tenant_clerk_organization_linked"), v.literal("principal_created"), v.literal("principal_updated"), v.literal("principal_suspended"), v.literal("principal_identity_alias_upserted"), v.literal("principal_identity_alias_revoked"), v.literal("membership_created"), v.literal("membership_updated"), v.literal("membership_revoked"), v.literal("group_created"), v.literal("group_updated"), v.literal("group_deleted"), v.literal("group_member_added"), v.literal("group_member_removed"), v.literal("workspace_created"), v.literal("workspace_updated"), v.literal("workspace_archived"), v.literal("workspace_deployment_set"), v.literal("workspace_deployment_removed"), v.literal("deployment_host_registered"), v.literal("deployment_host_revoked"), v.literal("service_key_created"), v.literal("service_key_rotated"), v.literal("service_key_revoked"), v.literal("service_key_used"), v.literal("service_key_auth_failed"), v.literal("session_created"), v.literal("session_validated"), v.literal("session_revoked"), v.literal("session_cascade_revoked"), v.literal("session_expired"), v.literal("sandbox_created"), v.literal("sandbox_secret_injected"), v.literal("sandbox_execution_started"), v.literal("sandbox_execution_completed"), v.literal("sandbox_limit_violated"), v.literal("policy_created"), v.literal("policy_updated"), v.literal("policy_enforced"), v.literal("policy_archived"), v.literal("permit_sync_enqueued"), v.literal("permit_sync_succeeded"), v.literal("permit_sync_failed"), v.literal("permit_sync_skipped"), v.literal("agent_registered"), v.literal("agent_updated"), v.literal("tool_registered"), v.literal("tool_updated"), v.literal("pack_entitled"), v.literal("pack_installed"), v.literal("pack_enabled"), v.literal("pack_disabled"), v.literal("pack_entitlement_revoked"), v.literal("pack_upgraded"), v.literal("pack_upgrade_committed"), v.literal("pack_upgrade_rolled_back"), v.literal("pack_group_assigned"), v.literal("pack_group_unassigned"), v.literal("methodology_pack_created"), v.literal("methodology_pack_updated"), v.literal("methodology_pack_assigned"), v.literal("methodology_pack_removed"), v.literal("pack_assigned_to_group"), v.literal("pack_revoked_from_group"), v.literal("pack_ontology_materialized"), v.literal("pack_ontology_topic_bound"), v.literal("cutover_flag_set"), v.literal("cutover_flag_cleared")), "actorClerkId": v.string(), "apiKeyId": v.optional(v.id("apiKeys")), "createdAt": v.number(), "details": v.optional(v.any()), "tenantId": v.optional(v.id("tenants")) })).index("by_tenantId", ["tenantId", "createdAt"]).index("by_apiKeyId", ["apiKeyId", "createdAt"]).index("by_action", ["action", "createdAt"]),
|
|
107
107
|
"compatibilityShims": defineTable(v.object({ "bridgeTarget": v.object({ "harnessPath": v.string(), "legacyPath": v.string(), "type": v.union(v.literal("tool"), v.literal("agent")) }), "bridgeType": v.union(v.literal("tool"), v.literal("agent")), "createdAt": v.string(), "description": v.string(), "gateId": v.string(), "lastAuditedAt": v.number(), "metadata": v.optional(v.record(v.string(), v.any())), "owner": v.string(), "producesLedgerEntries": v.boolean(), "removalDate": v.string(), "removalPriority": v.union(v.literal("P1"), v.literal("P2"), v.literal("P3")), "shimBehavior": v.union(v.literal("passthrough_with_logging"), v.literal("adapter"), v.literal("feature_flag_gate")), "shimId": v.string(), "status": v.union(v.literal("active"), v.literal("overdue"), v.literal("removed")) })).index("by_shimId", ["shimId"]).index("by_status", ["status"]).index("by_bridgeType_status", ["bridgeType", "status"]),
|
|
108
108
|
"controlPlaneTenantModelSlotBindings": defineTable(v.object({ "bindingId": v.string(), "createdAt": v.number(), "createdBy": v.string(), "environment": v.optional(v.union(v.literal("dev"), v.literal("staging"), v.literal("prod"))), "metadata": v.optional(v.record(v.string(), v.any())), "modelSlotId": v.string(), "passThroughOnly": v.boolean(), "providerId": v.string(), "revokedAt": v.optional(v.number()), "revokedBy": v.optional(v.string()), "secretRef": v.string(), "status": v.union(v.literal("active"), v.literal("revoked")), "tenantId": v.id("tenants"), "updatedAt": v.number(), "workspaceId": v.optional(v.id("workspaces")) })).index("by_bindingId", ["bindingId"]).index("by_tenantId", ["tenantId"]).index("by_tenant_slot", ["tenantId", "modelSlotId"]).index("by_tenant_provider_slot", ["tenantId", "providerId", "modelSlotId"]).index("by_secretRef", ["secretRef"]).index("by_status", ["status"]),
|
|
109
109
|
"controlPlaneTenantProviderSecrets": defineTable(v.object({ "createdAt": v.number(), "createdBy": v.string(), "encryptedSecret": v.optional(v.string()), "encryptionVersion": v.string(), "environment": v.optional(v.union(v.literal("dev"), v.literal("staging"), v.literal("prod"))), "infisicalPath": v.optional(v.string()), "infisicalProjectId": v.optional(v.string()), "infisicalSecretKey": v.optional(v.string()), "keyHint": v.string(), "label": v.optional(v.string()), "lastUsedAt": v.optional(v.number()), "metadata": v.optional(v.record(v.string(), v.any())), "providerId": v.string(), "revokedAt": v.optional(v.number()), "revokedBy": v.optional(v.string()), "rotatedFromSecretRef": v.optional(v.string()), "secretFingerprint": v.string(), "secretRef": v.string(), "status": v.union(v.literal("active"), v.literal("revoked")), "tenantId": v.id("tenants"), "updatedAt": v.number(), "workspaceId": v.optional(v.id("workspaces")) })).index("by_secretRef", ["secretRef"]).index("by_tenantId", ["tenantId"]).index("by_tenant_provider", ["tenantId", "providerId"]).index("by_tenant_provider_status", ["tenantId", "providerId", "status"]).index("by_status", ["status"]),
|