@lucern/contracts 0.3.0-alpha.16 → 0.3.0-alpha.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (316) hide show
  1. package/CHANGELOG.md +0 -7
  2. package/dist/api-enums.contract.d.ts +3 -5
  3. package/dist/api-enums.contract.js +12 -14
  4. package/dist/api-enums.contract.js.map +1 -1
  5. package/dist/auth-context.contract.js +1 -13
  6. package/dist/auth-context.contract.js.map +1 -1
  7. package/dist/auth-session.contract.js +1 -13
  8. package/dist/auth-session.contract.js.map +1 -1
  9. package/dist/auth.contract.d.ts +1 -1
  10. package/dist/auth.contract.js +1 -13
  11. package/dist/auth.contract.js.map +1 -1
  12. package/dist/context-pack.contract.d.ts +3 -5
  13. package/dist/context-pack.contract.js.map +1 -1
  14. package/dist/{defineTable-t1wr5wgn.d.ts → defineTable-CBQ03FXl.d.ts} +1 -1
  15. package/dist/{dsl-DVPthQGY.d.ts → dsl-BgpoVOVQ.d.ts} +2 -2
  16. package/dist/dsl.d.ts +2 -2
  17. package/dist/dsl.js +4 -1
  18. package/dist/dsl.js.map +1 -1
  19. package/dist/function-registry/beliefs.d.ts +51 -64
  20. package/dist/function-registry/beliefs.js +55 -815
  21. package/dist/function-registry/beliefs.js.map +1 -1
  22. package/dist/function-registry/coding.d.ts +6 -15
  23. package/dist/function-registry/coding.js +41 -864
  24. package/dist/function-registry/coding.js.map +1 -1
  25. package/dist/function-registry/context.d.ts +16 -22
  26. package/dist/function-registry/context.js +44 -803
  27. package/dist/function-registry/context.js.map +1 -1
  28. package/dist/function-registry/contracts.d.ts +3 -9
  29. package/dist/function-registry/contracts.js +37 -768
  30. package/dist/function-registry/contracts.js.map +1 -1
  31. package/dist/function-registry/coordination.d.ts +9 -21
  32. package/dist/function-registry/coordination.js +37 -768
  33. package/dist/function-registry/coordination.js.map +1 -1
  34. package/dist/function-registry/edges.d.ts +2 -167
  35. package/dist/function-registry/edges.js +69 -976
  36. package/dist/function-registry/edges.js.map +1 -1
  37. package/dist/function-registry/evidence.d.ts +41 -52
  38. package/dist/function-registry/evidence.js +60 -824
  39. package/dist/function-registry/evidence.js.map +1 -1
  40. package/dist/function-registry/graph.d.ts +66 -162
  41. package/dist/function-registry/graph.js +44 -884
  42. package/dist/function-registry/graph.js.map +1 -1
  43. package/dist/function-registry/helpers.d.ts +4 -7
  44. package/dist/function-registry/helpers.js +38 -769
  45. package/dist/function-registry/helpers.js.map +1 -1
  46. package/dist/function-registry/identity.d.ts +16 -62
  47. package/dist/function-registry/identity.js +43 -791
  48. package/dist/function-registry/identity.js.map +1 -1
  49. package/dist/function-registry/index.d.ts +3 -5
  50. package/dist/function-registry/index.js +41 -775
  51. package/dist/function-registry/index.js.map +1 -1
  52. package/dist/function-registry/judgments.d.ts +11 -16
  53. package/dist/function-registry/judgments.js +40 -780
  54. package/dist/function-registry/judgments.js.map +1 -1
  55. package/dist/function-registry/legacy.d.ts +1 -5
  56. package/dist/function-registry/legacy.js +37 -768
  57. package/dist/function-registry/legacy.js.map +1 -1
  58. package/dist/function-registry/lenses.d.ts +21 -28
  59. package/dist/function-registry/lenses.js +40 -791
  60. package/dist/function-registry/lenses.js.map +1 -1
  61. package/dist/function-registry/manifest.d.ts +6 -6
  62. package/dist/function-registry/manifest.js +2 -19
  63. package/dist/function-registry/manifest.js.map +1 -1
  64. package/dist/function-registry/ontologies.d.ts +56 -70
  65. package/dist/function-registry/ontologies.js +43 -786
  66. package/dist/function-registry/ontologies.js.map +1 -1
  67. package/dist/function-registry/pipeline.d.ts +16 -22
  68. package/dist/function-registry/pipeline.js +40 -777
  69. package/dist/function-registry/pipeline.js.map +1 -1
  70. package/dist/function-registry/questions.d.ts +61 -76
  71. package/dist/function-registry/questions.js +50 -867
  72. package/dist/function-registry/questions.js.map +1 -1
  73. package/dist/function-registry/tasks.d.ts +21 -28
  74. package/dist/function-registry/tasks.js +46 -843
  75. package/dist/function-registry/tasks.js.map +1 -1
  76. package/dist/function-registry/topics.d.ts +26 -114
  77. package/dist/function-registry/topics.js +41 -850
  78. package/dist/function-registry/topics.js.map +1 -1
  79. package/dist/function-registry/types.d.ts +3 -7
  80. package/dist/function-registry/worktrees.d.ts +51 -104
  81. package/dist/function-registry/worktrees.js +49 -907
  82. package/dist/function-registry/worktrees.js.map +1 -1
  83. package/dist/gateway.contract.d.ts +0 -5
  84. package/dist/gateway.contract.js.map +1 -1
  85. package/dist/generated/convexSchemas.d.ts +3 -3
  86. package/dist/generated/convexSchemas.js +18 -39
  87. package/dist/generated/convexSchemas.js.map +1 -1
  88. package/dist/generated/schema-manifest.json +98 -1244
  89. package/dist/generated/tableOwnership.d.ts +28 -49
  90. package/dist/generated/tableOwnership.js +26 -68
  91. package/dist/generated/tableOwnership.js.map +1 -1
  92. package/dist/generated/tier-expectations.json +9 -66
  93. package/dist/graph-types/index.d.ts +1 -5
  94. package/dist/graph-types/index.js +4 -15
  95. package/dist/graph-types/index.js.map +1 -1
  96. package/dist/index-CV-0_VWJ.d.ts +25 -0
  97. package/dist/index.d.ts +414 -30
  98. package/dist/index.js +339 -34916
  99. package/dist/index.js.map +1 -1
  100. package/dist/lens-filter.contract.js +3 -4
  101. package/dist/lens-filter.contract.js.map +1 -1
  102. package/dist/lens-workflow.contract.js +3 -4
  103. package/dist/lens-workflow.contract.js.map +1 -1
  104. package/dist/schema-helpers/enumValidation.js +5 -2
  105. package/dist/schema-helpers/enumValidation.js.map +1 -1
  106. package/dist/schema-helpers/spine/nodes/decision.js +1 -2
  107. package/dist/schema-helpers/spine/nodes/decision.js.map +1 -1
  108. package/dist/schema-helpers/spine/tables/epistemicNodes.js +27 -27
  109. package/dist/schema-helpers/spine/tables/epistemicNodes.js.map +1 -1
  110. package/dist/schemas/component-table-manifest.d.ts +6 -6
  111. package/dist/schemas/component-table-manifest.js +2 -2
  112. package/dist/schemas/component-table-manifest.js.map +1 -1
  113. package/dist/schemas/enums.d.ts +2 -5
  114. package/dist/schemas/enums.js +2 -5
  115. package/dist/schemas/enums.js.map +1 -1
  116. package/dist/schemas/index.d.ts +3 -3
  117. package/dist/schemas/index.js +139 -1165
  118. package/dist/schemas/index.js.map +1 -1
  119. package/dist/schemas/manifest.d.ts +932 -3042
  120. package/dist/schemas/manifest.js +137 -1163
  121. package/dist/schemas/manifest.js.map +1 -1
  122. package/dist/schemas/sl-opinion.d.ts +4 -4
  123. package/dist/schemas/tables/{controlPlane → identity}/agent.d.ts +1 -1
  124. package/dist/schemas/tables/{controlPlane → identity}/agent.js +3 -3
  125. package/dist/schemas/tables/identity/agent.js.map +1 -0
  126. package/dist/schemas/tables/{controlPlane → identity}/epistemic.d.ts +1 -1
  127. package/dist/schemas/tables/{controlPlane → identity}/epistemic.js +3 -3
  128. package/dist/schemas/tables/identity/epistemic.js.map +1 -0
  129. package/dist/schemas/tables/{controlPlane → identity}/model.d.ts +1 -1
  130. package/dist/schemas/tables/{controlPlane → identity}/model.js +6 -6
  131. package/dist/schemas/tables/identity/model.js.map +1 -0
  132. package/dist/schemas/tables/{controlPlane → identity}/platform.d.ts +11 -11
  133. package/dist/schemas/tables/{controlPlane → identity}/platform.js +18 -18
  134. package/dist/schemas/tables/identity/platform.js.map +1 -0
  135. package/dist/schemas/tables/{controlPlane → identity}/project.d.ts +1 -1
  136. package/dist/schemas/tables/{controlPlane → identity}/project.js +3 -3
  137. package/dist/schemas/tables/identity/project.js.map +1 -0
  138. package/dist/schemas/tables/{controlPlane → identity}/user.d.ts +1 -1
  139. package/dist/schemas/tables/{controlPlane → identity}/user.js +3 -3
  140. package/dist/schemas/tables/identity/user.js.map +1 -0
  141. package/dist/schemas/tables/kernel/config.d.ts +1 -1
  142. package/dist/schemas/tables/kernel/config.js.map +1 -1
  143. package/dist/schemas/tables/kernel/coordination.d.ts +1 -1
  144. package/dist/schemas/tables/kernel/coordination.js.map +1 -1
  145. package/dist/schemas/tables/kernel/decision.d.ts +1 -1
  146. package/dist/schemas/tables/kernel/decision.js.map +1 -1
  147. package/dist/schemas/tables/kernel/embedding.d.ts +1 -1
  148. package/dist/schemas/tables/kernel/embedding.js.map +1 -1
  149. package/dist/schemas/tables/kernel/epistemic.d.ts +7 -7
  150. package/dist/schemas/tables/kernel/epistemic.js.map +1 -1
  151. package/dist/schemas/tables/kernel/idempotency.d.ts +1 -1
  152. package/dist/schemas/tables/kernel/idempotency.js.map +1 -1
  153. package/dist/schemas/tables/kernel/infra.d.ts +5 -5
  154. package/dist/schemas/tables/kernel/infra.js.map +1 -1
  155. package/dist/schemas/tables/kernel/intelligence.d.ts +11 -11
  156. package/dist/schemas/tables/kernel/intelligence.js.map +1 -1
  157. package/dist/schemas/tables/kernel/lens.d.ts +5 -5
  158. package/dist/schemas/tables/kernel/lens.js.map +1 -1
  159. package/dist/schemas/tables/kernel/ontology.d.ts +1 -1
  160. package/dist/schemas/tables/kernel/ontology.js.map +1 -1
  161. package/dist/schemas/tables/kernel/platform.d.ts +13 -13
  162. package/dist/schemas/tables/kernel/platform.js.map +1 -1
  163. package/dist/schemas/tables/kernel/spine.d.ts +4 -5
  164. package/dist/schemas/tables/kernel/spine.js +2 -6
  165. package/dist/schemas/tables/kernel/spine.js.map +1 -1
  166. package/dist/schemas/tables/kernel/task.d.ts +43 -43
  167. package/dist/schemas/tables/kernel/task.js.map +1 -1
  168. package/dist/schemas/tables/kernel/topic.d.ts +1 -1
  169. package/dist/schemas/tables/kernel/topic.js +1 -5
  170. package/dist/schemas/tables/kernel/topic.js.map +1 -1
  171. package/dist/schemas/tables/kernel/workflow.d.ts +1 -1
  172. package/dist/schemas/tables/kernel/workflow.js.map +1 -1
  173. package/dist/schemas/tables/kernel/worktree.d.ts +55 -55
  174. package/dist/schemas/tables/kernel/worktree.js.map +1 -1
  175. package/dist/schemas/tables/mc/identity.d.ts +4 -44
  176. package/dist/schemas/tables/mc/identity.js +1 -66
  177. package/dist/schemas/tables/mc/identity.js.map +1 -1
  178. package/dist/schemas/tables/mc/methodology.d.ts +1 -1
  179. package/dist/schemas/tables/mc/methodology.js.map +1 -1
  180. package/dist/schemas/tables/mc/pack.d.ts +21 -21
  181. package/dist/schemas/tables/mc/pack.js.map +1 -1
  182. package/dist/schemas/tables/mc/policy.d.ts +2 -2
  183. package/dist/schemas/tables/mc/policy.js +1 -1
  184. package/dist/schemas/tables/mc/policy.js.map +1 -1
  185. package/dist/schemas/tables/mc/registry.d.ts +5 -5
  186. package/dist/schemas/tables/mc/registry.js.map +1 -1
  187. package/dist/schemas/tables/mc/runtime.d.ts +3 -109
  188. package/dist/schemas/tables/mc/runtime.js +104 -330
  189. package/dist/schemas/tables/mc/runtime.js.map +1 -1
  190. package/dist/schemas/tables/mc/tenant.d.ts +2 -4
  191. package/dist/schemas/tables/mc/tenant.js +1 -3
  192. package/dist/schemas/tables/mc/tenant.js.map +1 -1
  193. package/dist/schemas/tables/mc/workspace.d.ts +5 -28
  194. package/dist/schemas/tables/mc/workspace.js +2 -36
  195. package/dist/schemas/tables/mc/workspace.js.map +1 -1
  196. package/dist/sdk-methods.contract.d.ts +2 -2
  197. package/dist/{sdk-tools.contract-CKmSsrZ2.d.ts → sdk-tools.contract-S4ia0TTo.d.ts} +2 -2
  198. package/dist/sdk-tools.contract.d.ts +2 -2
  199. package/dist/sdk-tools.contract.js +25 -717
  200. package/dist/sdk-tools.contract.js.map +1 -1
  201. package/dist/{tool-contracts-C_xvM9q2.d.ts → tool-contracts-C92-9ueT.d.ts} +2 -38
  202. package/dist/tool-contracts.d.ts +1 -1
  203. package/dist/tool-contracts.js +26 -718
  204. package/dist/tool-contracts.js.map +1 -1
  205. package/package.json +1 -30
  206. package/dist/component-boundary.contract.d.ts +0 -14
  207. package/dist/component-boundary.contract.js +0 -175
  208. package/dist/component-boundary.contract.js.map +0 -1
  209. package/dist/component-host-boundary.contract.d.ts +0 -46
  210. package/dist/component-host-boundary.contract.js +0 -60
  211. package/dist/component-host-boundary.contract.js.map +0 -1
  212. package/dist/edge-policy-manifest-Dw5IhT1L.d.ts +0 -133
  213. package/dist/function-registry/nodes.d.ts +0 -412
  214. package/dist/function-registry/nodes.js +0 -5354
  215. package/dist/function-registry/nodes.js.map +0 -1
  216. package/dist/function-registry-input-audit.d.ts +0 -13
  217. package/dist/function-registry-input-audit.js +0 -166
  218. package/dist/function-registry-input-audit.js.map +0 -1
  219. package/dist/generated/infisicalRuntimeEnv.d.ts +0 -70
  220. package/dist/generated/infisicalRuntimeEnv.js +0 -27051
  221. package/dist/generated/infisicalRuntimeEnv.js.map +0 -1
  222. package/dist/generated/lucernGatewayEnv.d.ts +0 -17
  223. package/dist/generated/lucernGatewayEnv.js +0 -38
  224. package/dist/generated/lucernGatewayEnv.js.map +0 -1
  225. package/dist/generated/lucernWebPublicEnv.d.ts +0 -26
  226. package/dist/generated/lucernWebPublicEnv.js +0 -32
  227. package/dist/generated/lucernWebPublicEnv.js.map +0 -1
  228. package/dist/generated/lucernWebServerEnv.d.ts +0 -33
  229. package/dist/generated/lucernWebServerEnv.js +0 -51
  230. package/dist/generated/lucernWebServerEnv.js.map +0 -1
  231. package/dist/graph-intelligence.contract.d.ts +0 -506
  232. package/dist/graph-intelligence.contract.js +0 -595
  233. package/dist/graph-intelligence.contract.js.map +0 -1
  234. package/dist/index-CM1Pl_vI.d.ts +0 -28
  235. package/dist/infisical-runtime.contract.d.ts +0 -1851
  236. package/dist/infisical-runtime.contract.js +0 -3189
  237. package/dist/infisical-runtime.contract.js.map +0 -1
  238. package/dist/manifests/edge-policy-manifest.d.ts +0 -2
  239. package/dist/manifests/edge-policy-manifest.data.d.ts +0 -13
  240. package/dist/manifests/edge-policy-manifest.data.js +0 -26
  241. package/dist/manifests/edge-policy-manifest.data.js.map +0 -1
  242. package/dist/manifests/edge-policy-manifest.js +0 -92
  243. package/dist/manifests/edge-policy-manifest.js.map +0 -1
  244. package/dist/manifests/infisical-runtime-manifest.d.ts +0 -1754
  245. package/dist/manifests/infisical-runtime-manifest.js +0 -3044
  246. package/dist/manifests/infisical-runtime-manifest.js.map +0 -1
  247. package/dist/manifests/invariant-manifest.d.ts +0 -65
  248. package/dist/manifests/invariant-manifest.js +0 -18
  249. package/dist/manifests/invariant-manifest.js.map +0 -1
  250. package/dist/manifests/invariants/ast-utils.d.ts +0 -14
  251. package/dist/manifests/invariants/ast-utils.js +0 -54
  252. package/dist/manifests/invariants/ast-utils.js.map +0 -1
  253. package/dist/manifests/invariants/index.d.ts +0 -15
  254. package/dist/manifests/invariants/index.js +0 -183
  255. package/dist/manifests/invariants/index.js.map +0 -1
  256. package/dist/manifests/invariants/inv-1-beliefs-append-only.d.ts +0 -12
  257. package/dist/manifests/invariants/inv-1-beliefs-append-only.js +0 -94
  258. package/dist/manifests/invariants/inv-1-beliefs-append-only.js.map +0 -1
  259. package/dist/manifests/invariants/inv-14-no-silent-transitions.d.ts +0 -12
  260. package/dist/manifests/invariants/inv-14-no-silent-transitions.js +0 -99
  261. package/dist/manifests/invariants/inv-14-no-silent-transitions.js.map +0 -1
  262. package/dist/manifests/invariants/manifest-1-projections-declare-audit.d.ts +0 -12
  263. package/dist/manifests/invariants/manifest-1-projections-declare-audit.js +0 -42
  264. package/dist/manifests/invariants/manifest-1-projections-declare-audit.js.map +0 -1
  265. package/dist/manifests/tenant-client-manifest.d.ts +0 -327
  266. package/dist/manifests/tenant-client-manifest.js +0 -449
  267. package/dist/manifests/tenant-client-manifest.js.map +0 -1
  268. package/dist/mcp-gateway-boundary.contract.d.ts +0 -201
  269. package/dist/mcp-gateway-boundary.contract.js +0 -45
  270. package/dist/mcp-gateway-boundary.contract.js.map +0 -1
  271. package/dist/permit-principal-projection.contract.d.ts +0 -74
  272. package/dist/permit-principal-projection.contract.js +0 -160
  273. package/dist/permit-principal-projection.contract.js.map +0 -1
  274. package/dist/projections/check-convex-args-shape.d.ts +0 -3
  275. package/dist/projections/check-convex-args-shape.js +0 -403
  276. package/dist/projections/check-convex-args-shape.js.map +0 -1
  277. package/dist/projections/create-evidence.projection.d.ts +0 -176
  278. package/dist/projections/create-evidence.projection.js +0 -130
  279. package/dist/projections/create-evidence.projection.js.map +0 -1
  280. package/dist/projections/index.d.ts +0 -102
  281. package/dist/projections/index.js +0 -352
  282. package/dist/projections/index.js.map +0 -1
  283. package/dist/projections/list-beliefs.projection.d.ts +0 -36
  284. package/dist/projections/list-beliefs.projection.js +0 -54
  285. package/dist/projections/list-beliefs.projection.js.map +0 -1
  286. package/dist/projections/list-tasks.projection.d.ts +0 -44
  287. package/dist/projections/list-tasks.projection.js +0 -57
  288. package/dist/projections/list-tasks.projection.js.map +0 -1
  289. package/dist/projections/modulate-confidence.projection.d.ts +0 -219
  290. package/dist/projections/modulate-confidence.projection.js +0 -148
  291. package/dist/projections/modulate-confidence.projection.js.map +0 -1
  292. package/dist/projections/projection-dsl.d.ts +0 -11
  293. package/dist/projections/projection-dsl.js +0 -8
  294. package/dist/projections/projection-dsl.js.map +0 -1
  295. package/dist/proof-attestation.json +0 -45
  296. package/dist/schemas/tables/controlPlane/accessControl.d.ts +0 -260
  297. package/dist/schemas/tables/controlPlane/accessControl.js +0 -658
  298. package/dist/schemas/tables/controlPlane/accessControl.js.map +0 -1
  299. package/dist/schemas/tables/controlPlane/agent.js.map +0 -1
  300. package/dist/schemas/tables/controlPlane/epistemic.js.map +0 -1
  301. package/dist/schemas/tables/controlPlane/model.js.map +0 -1
  302. package/dist/schemas/tables/controlPlane/platform.js.map +0 -1
  303. package/dist/schemas/tables/controlPlane/project.js.map +0 -1
  304. package/dist/schemas/tables/controlPlane/user.js.map +0 -1
  305. package/dist/schemas/tables/kernel/events.d.ts +0 -21
  306. package/dist/schemas/tables/kernel/events.js +0 -43
  307. package/dist/schemas/tables/kernel/events.js.map +0 -1
  308. package/dist/tenant-bootstrap-seed.contract.d.ts +0 -1289
  309. package/dist/tenant-bootstrap-seed.contract.js +0 -764
  310. package/dist/tenant-bootstrap-seed.contract.js.map +0 -1
  311. package/dist/tenant-bootstrap-seed.defaults.d.ts +0 -16
  312. package/dist/tenant-bootstrap-seed.defaults.js +0 -321
  313. package/dist/tenant-bootstrap-seed.defaults.js.map +0 -1
  314. package/dist/tenant-client.contract.d.ts +0 -354
  315. package/dist/tenant-client.contract.js +0 -505
  316. package/dist/tenant-client.contract.js.map +0 -1
@@ -1,201 +0,0 @@
1
- import { SessionPrincipalType, SessionAuthMode, SessionDelegationHop } from './auth.contract.js';
2
- import './convex-admin.contract.js';
3
-
4
- /**
5
- * MCP gateway boundary contract
6
- *
7
- * Defines the target thin-client boundary for the Lucern MCP server. MCP is a
8
- * client of the Lucern gateway, not a privileged Convex or Master Control
9
- * process. The gateway owns tenant resolution, deploy-key access, policy, and
10
- * session persistence.
11
- */
12
-
13
- declare const MCP_GATEWAY_BOUNDARY_CONTRACT_VERSION: "2026-04-27";
14
- declare const MCP_GATEWAY_BOOTSTRAP_ENDPOINT: "/api/platform/v1/mcp/session";
15
- declare const MCP_GATEWAY_WRITE_POLICY_CHECK_ENDPOINT: "/api/platform/v1/mcp/write-policy/check";
16
- declare const MCP_GATEWAY_BEGIN_BUILD_SESSION_ENDPOINT: "/api/platform/v1/mcp/build-session/begin";
17
- declare const MCP_GATEWAY_EVALUATE_ENGINEERING_CONTRACT_ENDPOINT: "/api/platform/v1/mcp/contracts/evaluate-engineering";
18
- declare const MCP_GATEWAY_EVALUATE_RESEARCH_CONTRACT_ENDPOINT: "/api/platform/v1/mcp/contracts/evaluate-research";
19
- declare const MCP_GATEWAY_ALLOWED_CLIENT_ENV: readonly ["LUCERN_API_KEY", "LUCERN_API_BASE_URL", "LUCERN_ENVIRONMENT", "LUCERN_USER_TOKEN"];
20
- type McpGatewayAllowedClientEnv = (typeof MCP_GATEWAY_ALLOWED_CLIENT_ENV)[number];
21
- declare const MCP_GATEWAY_FORBIDDEN_CLIENT_ENV: readonly ["CONVEX_MC_URL", "CONVEX_MC_DEPLOY_KEY", "MC_CONVEX_URL", "MC_DEPLOY_KEY", "LUCERN_CONVEX_URL", "LUCERN_DEPLOY_KEY", "TENANT_CONVEX_URL", "TENANT_DEPLOY_KEY"];
22
- type McpGatewayForbiddenClientEnv = (typeof MCP_GATEWAY_FORBIDDEN_CLIENT_ENV)[number];
23
- declare const MCP_GATEWAY_BOOTSTRAP_REQUIRED_FIELDS: readonly ["tenant", "session", "permissions"];
24
- type McpGatewayBootstrapRequiredField = (typeof MCP_GATEWAY_BOOTSTRAP_REQUIRED_FIELDS)[number];
25
- type McpGatewayTenantContext = {
26
- tenantId: string;
27
- slug: string;
28
- name: string;
29
- tier: string;
30
- methodologyPackIds: string[];
31
- apiKeyId?: string;
32
- };
33
- type McpGatewaySessionContext = {
34
- sessionType: "agent" | "user";
35
- userId: string;
36
- principalId: string;
37
- principalType: SessionPrincipalType;
38
- workspaceId?: string;
39
- authMode: SessionAuthMode;
40
- roles: string[];
41
- scopes: string[];
42
- sessionId?: string;
43
- userEmail?: string;
44
- expiresAt?: number;
45
- delegatedBy?: string;
46
- delegationChain?: SessionDelegationHop[];
47
- worktreeId?: string;
48
- };
49
- type McpGatewayPermissionContext = {
50
- allowedTools: string[] | null;
51
- allowedTopics: string[] | null;
52
- groupIds: string[];
53
- permittedPackKeys: string[];
54
- permittedToolNames: string[];
55
- permittedTools: Array<{
56
- toolName: string;
57
- requiredRole?: string;
58
- approvalGateId?: string;
59
- isCore?: boolean;
60
- category?: string;
61
- }>;
62
- };
63
- type McpGatewayBootstrapRequest = {
64
- transportKind?: "stdio" | "hosted";
65
- sessionId?: string;
66
- agentIdentity?: string;
67
- workspaceId?: string;
68
- worktreeId?: string;
69
- };
70
- type McpGatewayWritePolicyCheckRequest = {
71
- topicId?: string;
72
- role: string;
73
- toolName: string;
74
- };
75
- type McpGatewayBeginBuildSessionRequest = {
76
- worktreeId: string;
77
- branch?: string;
78
- branchBase?: string;
79
- prBase?: string;
80
- sessionMode?: string;
81
- activateIfPlanning?: boolean;
82
- };
83
- type McpGatewayJsonObject = {
84
- [key: string]: McpGatewayJsonValue | undefined;
85
- };
86
- type McpGatewayJsonArray = McpGatewayJsonValue[];
87
- type McpGatewayJsonValue = null | boolean | number | string | McpGatewayJsonArray | McpGatewayJsonObject;
88
- type McpGatewayEvaluateEngineeringContractRequest = {
89
- beliefNodeId?: McpGatewayJsonValue;
90
- trigger?: McpGatewayJsonValue;
91
- testOutput?: McpGatewayJsonValue;
92
- tscOutput?: McpGatewayJsonValue;
93
- lintOutput?: McpGatewayJsonValue;
94
- sentryData?: McpGatewayJsonValue;
95
- };
96
- type McpGatewayEvaluateResearchContractRequest = {
97
- beliefNodeId?: McpGatewayJsonValue;
98
- trigger?: McpGatewayJsonValue;
99
- metricData?: McpGatewayJsonValue;
100
- referenceCheckData?: McpGatewayJsonValue;
101
- marketIndexData?: McpGatewayJsonValue;
102
- temporalData?: McpGatewayJsonValue;
103
- };
104
- type McpGatewayContractEvaluationResponse = McpGatewayJsonObject;
105
- type McpGatewayWritePolicyCheckResponse = {
106
- allowed: boolean;
107
- permission: string;
108
- rationale?: string;
109
- maxWritesPerSession?: number;
110
- toolCategory?: string | null;
111
- policy?: McpGatewayJsonObject | null;
112
- explanation?: McpGatewayJsonObject;
113
- reason: string;
114
- };
115
- type McpGatewayBootstrapResponse = {
116
- tenant: McpGatewayTenantContext;
117
- session: McpGatewaySessionContext;
118
- permissions: McpGatewayPermissionContext;
119
- };
120
- type McpGatewayBuildSessionBelief = {
121
- nodeId: string;
122
- text: string;
123
- confidence: number | null;
124
- };
125
- type McpGatewayBuildSessionQuestion = {
126
- nodeId: string;
127
- text: string;
128
- priority: string;
129
- };
130
- type McpGatewayBuildSessionDecision = {
131
- question: string;
132
- decision: string;
133
- };
134
- type McpGatewayBuildSessionTask = {
135
- taskId: string;
136
- title: string;
137
- status: "todo" | "in_progress" | "blocked" | "done";
138
- priority: "low" | "medium" | "high" | "urgent";
139
- description?: string;
140
- taskType?: string;
141
- linkedBeliefId?: string;
142
- linkedQuestionId?: string;
143
- linkedWorktreeId?: string;
144
- outputSummary?: string;
145
- tags?: string[];
146
- };
147
- type McpGatewayBuildSessionWorktreeSummary = {
148
- worktreeId: string;
149
- title: string;
150
- status?: string;
151
- };
152
- type McpGatewayBeginBuildSessionResponse = {
153
- topicId: string;
154
- topicName: string;
155
- worktreeId: string;
156
- worktreeName: string;
157
- branch: string;
158
- branchBase: string;
159
- prBase: string;
160
- campaign: number | null;
161
- lane: string;
162
- laneOrderInCampaign: number | null;
163
- orderInLane: number | null;
164
- gate: string;
165
- hypothesis: string;
166
- focus: string;
167
- status: string;
168
- sessionMode: string;
169
- targetBeliefIds: string[];
170
- targetQuestionIds: string[];
171
- taskIds: string[];
172
- incompleteTaskIds: string[];
173
- tasks: McpGatewayBuildSessionTask[];
174
- topBeliefs: McpGatewayBuildSessionBelief[];
175
- openQuestions: McpGatewayBuildSessionQuestion[];
176
- resolvedDecisions: McpGatewayBuildSessionDecision[];
177
- exitCriteria: string[];
178
- requiredDocs: string[];
179
- keyFiles: string[];
180
- pillarBeliefs: Array<{
181
- pillar: string;
182
- text: string;
183
- nodeId: string;
184
- }>;
185
- visionDocs: Array<{
186
- path: string;
187
- description: string;
188
- }>;
189
- dependencies: McpGatewayBuildSessionWorktreeSummary[];
190
- unblocks: Array<{
191
- worktreeId: string;
192
- title: string;
193
- }>;
194
- mergeOrderNotes: string;
195
- };
196
- declare const MCP_GATEWAY_OWNED_BOOTSTRAP_OPERATIONS: readonly ["validate_mcp_session", "record_key_usage", "resolve_default_workspace", "resolve_user_context", "create_user_session", "upsert_agent_principal"];
197
- type McpGatewayOwnedBootstrapOperation = (typeof MCP_GATEWAY_OWNED_BOOTSTRAP_OPERATIONS)[number];
198
- declare const MCP_GATEWAY_CLIENT_ONLY_PACKAGES: readonly ["@lucern/sdk", "@lucern/mcp", "@lucern/contracts"];
199
- type McpGatewayClientOnlyPackage = (typeof MCP_GATEWAY_CLIENT_ONLY_PACKAGES)[number];
200
-
201
- export { MCP_GATEWAY_ALLOWED_CLIENT_ENV, MCP_GATEWAY_BEGIN_BUILD_SESSION_ENDPOINT, MCP_GATEWAY_BOOTSTRAP_ENDPOINT, MCP_GATEWAY_BOOTSTRAP_REQUIRED_FIELDS, MCP_GATEWAY_BOUNDARY_CONTRACT_VERSION, MCP_GATEWAY_CLIENT_ONLY_PACKAGES, MCP_GATEWAY_EVALUATE_ENGINEERING_CONTRACT_ENDPOINT, MCP_GATEWAY_EVALUATE_RESEARCH_CONTRACT_ENDPOINT, MCP_GATEWAY_FORBIDDEN_CLIENT_ENV, MCP_GATEWAY_OWNED_BOOTSTRAP_OPERATIONS, MCP_GATEWAY_WRITE_POLICY_CHECK_ENDPOINT, type McpGatewayAllowedClientEnv, type McpGatewayBeginBuildSessionRequest, type McpGatewayBeginBuildSessionResponse, type McpGatewayBootstrapRequest, type McpGatewayBootstrapRequiredField, type McpGatewayBootstrapResponse, type McpGatewayBuildSessionBelief, type McpGatewayBuildSessionDecision, type McpGatewayBuildSessionQuestion, type McpGatewayBuildSessionTask, type McpGatewayBuildSessionWorktreeSummary, type McpGatewayClientOnlyPackage, type McpGatewayContractEvaluationResponse, type McpGatewayEvaluateEngineeringContractRequest, type McpGatewayEvaluateResearchContractRequest, type McpGatewayForbiddenClientEnv, type McpGatewayJsonArray, type McpGatewayJsonObject, type McpGatewayJsonValue, type McpGatewayOwnedBootstrapOperation, type McpGatewayPermissionContext, type McpGatewaySessionContext, type McpGatewayTenantContext, type McpGatewayWritePolicyCheckRequest, type McpGatewayWritePolicyCheckResponse };
@@ -1,45 +0,0 @@
1
- // src/mcp-gateway-boundary.contract.ts
2
- var MCP_GATEWAY_BOUNDARY_CONTRACT_VERSION = "2026-04-27";
3
- var MCP_GATEWAY_BOOTSTRAP_ENDPOINT = "/api/platform/v1/mcp/session";
4
- var MCP_GATEWAY_WRITE_POLICY_CHECK_ENDPOINT = "/api/platform/v1/mcp/write-policy/check";
5
- var MCP_GATEWAY_BEGIN_BUILD_SESSION_ENDPOINT = "/api/platform/v1/mcp/build-session/begin";
6
- var MCP_GATEWAY_EVALUATE_ENGINEERING_CONTRACT_ENDPOINT = "/api/platform/v1/mcp/contracts/evaluate-engineering";
7
- var MCP_GATEWAY_EVALUATE_RESEARCH_CONTRACT_ENDPOINT = "/api/platform/v1/mcp/contracts/evaluate-research";
8
- var MCP_GATEWAY_ALLOWED_CLIENT_ENV = [
9
- "LUCERN_API_KEY",
10
- "LUCERN_API_BASE_URL",
11
- "LUCERN_ENVIRONMENT",
12
- "LUCERN_USER_TOKEN"
13
- ];
14
- var MCP_GATEWAY_FORBIDDEN_CLIENT_ENV = [
15
- "CONVEX_MC_URL",
16
- "CONVEX_MC_DEPLOY_KEY",
17
- "MC_CONVEX_URL",
18
- "MC_DEPLOY_KEY",
19
- "LUCERN_CONVEX_URL",
20
- "LUCERN_DEPLOY_KEY",
21
- "TENANT_CONVEX_URL",
22
- "TENANT_DEPLOY_KEY"
23
- ];
24
- var MCP_GATEWAY_BOOTSTRAP_REQUIRED_FIELDS = [
25
- "tenant",
26
- "session",
27
- "permissions"
28
- ];
29
- var MCP_GATEWAY_OWNED_BOOTSTRAP_OPERATIONS = [
30
- "validate_mcp_session",
31
- "record_key_usage",
32
- "resolve_default_workspace",
33
- "resolve_user_context",
34
- "create_user_session",
35
- "upsert_agent_principal"
36
- ];
37
- var MCP_GATEWAY_CLIENT_ONLY_PACKAGES = [
38
- "@lucern/sdk",
39
- "@lucern/mcp",
40
- "@lucern/contracts"
41
- ];
42
-
43
- export { MCP_GATEWAY_ALLOWED_CLIENT_ENV, MCP_GATEWAY_BEGIN_BUILD_SESSION_ENDPOINT, MCP_GATEWAY_BOOTSTRAP_ENDPOINT, MCP_GATEWAY_BOOTSTRAP_REQUIRED_FIELDS, MCP_GATEWAY_BOUNDARY_CONTRACT_VERSION, MCP_GATEWAY_CLIENT_ONLY_PACKAGES, MCP_GATEWAY_EVALUATE_ENGINEERING_CONTRACT_ENDPOINT, MCP_GATEWAY_EVALUATE_RESEARCH_CONTRACT_ENDPOINT, MCP_GATEWAY_FORBIDDEN_CLIENT_ENV, MCP_GATEWAY_OWNED_BOOTSTRAP_OPERATIONS, MCP_GATEWAY_WRITE_POLICY_CHECK_ENDPOINT };
44
- //# sourceMappingURL=mcp-gateway-boundary.contract.js.map
45
- //# sourceMappingURL=mcp-gateway-boundary.contract.js.map
@@ -1 +0,0 @@
1
- {"version":3,"sources":["../src/mcp-gateway-boundary.contract.ts"],"names":[],"mappings":";AAeO,IAAM,qCAAA,GAAwC;AAE9C,IAAM,8BAAA,GACX;AAEK,IAAM,uCAAA,GACX;AAEK,IAAM,wCAAA,GACX;AAEK,IAAM,kDAAA,GACX;AAEK,IAAM,+CAAA,GACX;AAEK,IAAM,8BAAA,GAAiC;AAAA,EAC5C,gBAAA;AAAA,EACA,qBAAA;AAAA,EACA,oBAAA;AAAA,EACA;AACF;AAIO,IAAM,gCAAA,GAAmC;AAAA,EAC9C,eAAA;AAAA,EACA,sBAAA;AAAA,EACA,eAAA;AAAA,EACA,eAAA;AAAA,EACA,mBAAA;AAAA,EACA,mBAAA;AAAA,EACA,mBAAA;AAAA,EACA;AACF;AAIO,IAAM,qCAAA,GAAwC;AAAA,EACnD,QAAA;AAAA,EACA,SAAA;AAAA,EACA;AACF;AAyMO,IAAM,sCAAA,GAAyC;AAAA,EACpD,sBAAA;AAAA,EACA,kBAAA;AAAA,EACA,2BAAA;AAAA,EACA,sBAAA;AAAA,EACA,qBAAA;AAAA,EACA;AACF;AAIO,IAAM,gCAAA,GAAmC;AAAA,EAC9C,aAAA;AAAA,EACA,aAAA;AAAA,EACA;AACF","file":"mcp-gateway-boundary.contract.js","sourcesContent":["/**\n * MCP gateway boundary contract\n *\n * Defines the target thin-client boundary for the Lucern MCP server. MCP is a\n * client of the Lucern gateway, not a privileged Convex or Master Control\n * process. The gateway owns tenant resolution, deploy-key access, policy, and\n * session persistence.\n */\n\nimport type {\n SessionAuthMode,\n SessionDelegationHop,\n SessionPrincipalType,\n} from \"./auth.contract\";\n\nexport const MCP_GATEWAY_BOUNDARY_CONTRACT_VERSION = \"2026-04-27\" as const;\n\nexport const MCP_GATEWAY_BOOTSTRAP_ENDPOINT =\n \"/api/platform/v1/mcp/session\" as const;\n\nexport const MCP_GATEWAY_WRITE_POLICY_CHECK_ENDPOINT =\n \"/api/platform/v1/mcp/write-policy/check\" as const;\n\nexport const MCP_GATEWAY_BEGIN_BUILD_SESSION_ENDPOINT =\n \"/api/platform/v1/mcp/build-session/begin\" as const;\n\nexport const MCP_GATEWAY_EVALUATE_ENGINEERING_CONTRACT_ENDPOINT =\n \"/api/platform/v1/mcp/contracts/evaluate-engineering\" as const;\n\nexport const MCP_GATEWAY_EVALUATE_RESEARCH_CONTRACT_ENDPOINT =\n \"/api/platform/v1/mcp/contracts/evaluate-research\" as const;\n\nexport const MCP_GATEWAY_ALLOWED_CLIENT_ENV = [\n \"LUCERN_API_KEY\",\n \"LUCERN_API_BASE_URL\",\n \"LUCERN_ENVIRONMENT\",\n \"LUCERN_USER_TOKEN\",\n] as const;\nexport type McpGatewayAllowedClientEnv =\n (typeof MCP_GATEWAY_ALLOWED_CLIENT_ENV)[number];\n\nexport const MCP_GATEWAY_FORBIDDEN_CLIENT_ENV = [\n \"CONVEX_MC_URL\",\n \"CONVEX_MC_DEPLOY_KEY\",\n \"MC_CONVEX_URL\",\n \"MC_DEPLOY_KEY\",\n \"LUCERN_CONVEX_URL\",\n \"LUCERN_DEPLOY_KEY\",\n \"TENANT_CONVEX_URL\",\n \"TENANT_DEPLOY_KEY\",\n] as const;\nexport type McpGatewayForbiddenClientEnv =\n (typeof MCP_GATEWAY_FORBIDDEN_CLIENT_ENV)[number];\n\nexport const MCP_GATEWAY_BOOTSTRAP_REQUIRED_FIELDS = [\n \"tenant\",\n \"session\",\n \"permissions\",\n] as const;\nexport type McpGatewayBootstrapRequiredField =\n (typeof MCP_GATEWAY_BOOTSTRAP_REQUIRED_FIELDS)[number];\n\nexport type McpGatewayTenantContext = {\n tenantId: string;\n slug: string;\n name: string;\n tier: string;\n methodologyPackIds: string[];\n apiKeyId?: string;\n};\n\nexport type McpGatewaySessionContext = {\n sessionType: \"agent\" | \"user\";\n userId: string;\n principalId: string;\n principalType: SessionPrincipalType;\n workspaceId?: string;\n authMode: SessionAuthMode;\n roles: string[];\n scopes: string[];\n sessionId?: string;\n userEmail?: string;\n expiresAt?: number;\n delegatedBy?: string;\n delegationChain?: SessionDelegationHop[];\n worktreeId?: string;\n};\n\nexport type McpGatewayPermissionContext = {\n allowedTools: string[] | null;\n allowedTopics: string[] | null;\n groupIds: string[];\n permittedPackKeys: string[];\n permittedToolNames: string[];\n permittedTools: Array<{\n toolName: string;\n requiredRole?: string;\n approvalGateId?: string;\n isCore?: boolean;\n category?: string;\n }>;\n};\n\nexport type McpGatewayBootstrapRequest = {\n transportKind?: \"stdio\" | \"hosted\";\n sessionId?: string;\n agentIdentity?: string;\n workspaceId?: string;\n worktreeId?: string;\n};\n\nexport type McpGatewayWritePolicyCheckRequest = {\n topicId?: string;\n role: string;\n toolName: string;\n};\n\nexport type McpGatewayBeginBuildSessionRequest = {\n worktreeId: string;\n branch?: string;\n branchBase?: string;\n prBase?: string;\n sessionMode?: string;\n activateIfPlanning?: boolean;\n};\n\nexport type McpGatewayJsonObject = {\n [key: string]: McpGatewayJsonValue | undefined;\n};\n\nexport type McpGatewayJsonArray = McpGatewayJsonValue[];\n\nexport type McpGatewayJsonValue =\n | null\n | boolean\n | number\n | string\n | McpGatewayJsonArray\n | McpGatewayJsonObject;\n\nexport type McpGatewayEvaluateEngineeringContractRequest = {\n beliefNodeId?: McpGatewayJsonValue;\n trigger?: McpGatewayJsonValue;\n testOutput?: McpGatewayJsonValue;\n tscOutput?: McpGatewayJsonValue;\n lintOutput?: McpGatewayJsonValue;\n sentryData?: McpGatewayJsonValue;\n};\n\nexport type McpGatewayEvaluateResearchContractRequest = {\n beliefNodeId?: McpGatewayJsonValue;\n trigger?: McpGatewayJsonValue;\n metricData?: McpGatewayJsonValue;\n referenceCheckData?: McpGatewayJsonValue;\n marketIndexData?: McpGatewayJsonValue;\n temporalData?: McpGatewayJsonValue;\n};\n\nexport type McpGatewayContractEvaluationResponse = McpGatewayJsonObject;\n\nexport type McpGatewayWritePolicyCheckResponse = {\n allowed: boolean;\n permission: string;\n rationale?: string;\n maxWritesPerSession?: number;\n toolCategory?: string | null;\n policy?: McpGatewayJsonObject | null;\n explanation?: McpGatewayJsonObject;\n reason: string;\n};\n\nexport type McpGatewayBootstrapResponse = {\n tenant: McpGatewayTenantContext;\n session: McpGatewaySessionContext;\n permissions: McpGatewayPermissionContext;\n};\n\nexport type McpGatewayBuildSessionBelief = {\n nodeId: string;\n text: string;\n confidence: number | null;\n};\n\nexport type McpGatewayBuildSessionQuestion = {\n nodeId: string;\n text: string;\n priority: string;\n};\n\nexport type McpGatewayBuildSessionDecision = {\n question: string;\n decision: string;\n};\n\nexport type McpGatewayBuildSessionTask = {\n taskId: string;\n title: string;\n status: \"todo\" | \"in_progress\" | \"blocked\" | \"done\";\n priority: \"low\" | \"medium\" | \"high\" | \"urgent\";\n description?: string;\n taskType?: string;\n linkedBeliefId?: string;\n linkedQuestionId?: string;\n linkedWorktreeId?: string;\n outputSummary?: string;\n tags?: string[];\n};\n\nexport type McpGatewayBuildSessionWorktreeSummary = {\n worktreeId: string;\n title: string;\n status?: string;\n};\n\nexport type McpGatewayBeginBuildSessionResponse = {\n topicId: string;\n topicName: string;\n worktreeId: string;\n worktreeName: string;\n branch: string;\n branchBase: string;\n prBase: string;\n campaign: number | null;\n lane: string;\n laneOrderInCampaign: number | null;\n orderInLane: number | null;\n gate: string;\n hypothesis: string;\n focus: string;\n status: string;\n sessionMode: string;\n targetBeliefIds: string[];\n targetQuestionIds: string[];\n taskIds: string[];\n incompleteTaskIds: string[];\n tasks: McpGatewayBuildSessionTask[];\n topBeliefs: McpGatewayBuildSessionBelief[];\n openQuestions: McpGatewayBuildSessionQuestion[];\n resolvedDecisions: McpGatewayBuildSessionDecision[];\n exitCriteria: string[];\n requiredDocs: string[];\n keyFiles: string[];\n pillarBeliefs: Array<{\n pillar: string;\n text: string;\n nodeId: string;\n }>;\n visionDocs: Array<{\n path: string;\n description: string;\n }>;\n dependencies: McpGatewayBuildSessionWorktreeSummary[];\n unblocks: Array<{\n worktreeId: string;\n title: string;\n }>;\n mergeOrderNotes: string;\n};\n\nexport const MCP_GATEWAY_OWNED_BOOTSTRAP_OPERATIONS = [\n \"validate_mcp_session\",\n \"record_key_usage\",\n \"resolve_default_workspace\",\n \"resolve_user_context\",\n \"create_user_session\",\n \"upsert_agent_principal\",\n] as const;\nexport type McpGatewayOwnedBootstrapOperation =\n (typeof MCP_GATEWAY_OWNED_BOOTSTRAP_OPERATIONS)[number];\n\nexport const MCP_GATEWAY_CLIENT_ONLY_PACKAGES = [\n \"@lucern/sdk\",\n \"@lucern/mcp\",\n \"@lucern/contracts\",\n] as const;\nexport type McpGatewayClientOnlyPackage =\n (typeof MCP_GATEWAY_CLIENT_ONLY_PACKAGES)[number];\n"]}
@@ -1,74 +0,0 @@
1
- type PermitProjectionPlatformRole = "platform_admin" | "tenant_admin" | "workspace_admin" | "editor" | "viewer" | "auditor" | "service_agent";
2
- type PermitPrincipalProjection = Record<string, unknown> & {
3
- principalId?: string;
4
- tenantId?: string;
5
- workspaceId?: string;
6
- principalType?: string;
7
- status?: string;
8
- displayName?: string;
9
- metadata?: Record<string, unknown>;
10
- createdAt?: number;
11
- updatedAt?: number;
12
- lastSeenAt?: number;
13
- };
14
- type PermitAliasProjection = Record<string, unknown> & {
15
- principalId?: string;
16
- tenantId?: string;
17
- workspaceId?: string;
18
- provider?: string;
19
- providerSubjectId?: string;
20
- alias?: string;
21
- aliasKind?: string;
22
- status?: string;
23
- metadata?: Record<string, unknown>;
24
- };
25
- type PermitRoleAssignmentProjection = Record<string, unknown> & {
26
- tenantId?: string;
27
- workspaceId?: string;
28
- role?: string;
29
- targetType?: string;
30
- targetId?: string;
31
- resourceType?: string;
32
- resourceKey?: string;
33
- status?: string;
34
- };
35
- type PermitGroupMembershipProjection = Record<string, unknown> & {
36
- tenantId?: string;
37
- workspaceId?: string;
38
- groupId?: string;
39
- memberType?: string;
40
- memberId?: string;
41
- principalId?: string;
42
- status?: string;
43
- };
44
- type PermitProjectedUserRecord = {
45
- clerkId: string;
46
- email: string;
47
- name?: string;
48
- lastSeenAt: number;
49
- chatCount: number;
50
- messageCount: number;
51
- mcRole: PermitProjectionPlatformRole;
52
- mcRoleSyncedAt: number;
53
- defaultTenantId: string;
54
- defaultWorkspaceId: string;
55
- defaultPrincipalId: string;
56
- principalGroupIds: string[];
57
- governanceGrantsSyncedAt: number;
58
- createdAt: number;
59
- updatedAt: number;
60
- };
61
- type PermitProjectionRows = {
62
- principals: PermitPrincipalProjection[];
63
- aliases: PermitAliasProjection[];
64
- roleAssignments: PermitRoleAssignmentProjection[];
65
- groupMemberships: PermitGroupMembershipProjection[];
66
- };
67
- declare function readPermitProjectionString(value: unknown): string | undefined;
68
- declare function isActivePermitProjectionStatus(value: unknown): boolean;
69
- declare function mapPermitRoleToPlatformRole(role: unknown): PermitProjectionPlatformRole | undefined;
70
- declare function buildProjectedUserFromPermitPrincipal(rows: PermitProjectionRows, principal: PermitPrincipalProjection, matchingAlias?: PermitAliasProjection, now?: number): PermitProjectedUserRecord | null;
71
- declare function findProjectedUserByPermitPrincipalId(rows: PermitProjectionRows, principalId: string, now?: number): PermitProjectedUserRecord | null;
72
- declare function findProjectedUserByPermitClerkId(rows: PermitProjectionRows, clerkId: string, now?: number): PermitProjectedUserRecord | null;
73
-
74
- export { type PermitAliasProjection, type PermitGroupMembershipProjection, type PermitPrincipalProjection, type PermitProjectedUserRecord, type PermitProjectionPlatformRole, type PermitProjectionRows, type PermitRoleAssignmentProjection, buildProjectedUserFromPermitPrincipal, findProjectedUserByPermitClerkId, findProjectedUserByPermitPrincipalId, isActivePermitProjectionStatus, mapPermitRoleToPlatformRole, readPermitProjectionString };
@@ -1,160 +0,0 @@
1
- // src/permit-principal-projection.contract.ts
2
- var PLATFORM_ROLE_PRIORITY = {
3
- platform_admin: 70,
4
- tenant_admin: 60,
5
- workspace_admin: 50,
6
- editor: 40,
7
- auditor: 30,
8
- viewer: 20,
9
- service_agent: 10
10
- };
11
- function readPermitProjectionString(value) {
12
- return typeof value === "string" && value.trim() ? value.trim() : void 0;
13
- }
14
- function isActivePermitProjectionStatus(value) {
15
- const status = readPermitProjectionString(value)?.toLowerCase();
16
- return !status || status === "active" || status === "synced";
17
- }
18
- function mapPermitRoleToPlatformRole(role) {
19
- switch (readPermitProjectionString(role)?.toLowerCase()) {
20
- case "platform_admin":
21
- return "platform_admin";
22
- case "tenant_admin":
23
- return "tenant_admin";
24
- case "workspace_admin":
25
- case "deployment_admin":
26
- case "graph_admin":
27
- return "workspace_admin";
28
- case "editor":
29
- case "workspace_member":
30
- case "graph_editor":
31
- case "evidence_contributor":
32
- case "question_resolver":
33
- case "theme_promoter":
34
- case "topic_promoter":
35
- return "editor";
36
- case "auditor":
37
- return "auditor";
38
- case "viewer":
39
- case "graph_viewer":
40
- case "stakeholder_viewer":
41
- case "stakeholder_summarizer":
42
- case "source_drilldown_viewer":
43
- case "restricted_data_viewer":
44
- case "proprietary_data_viewer":
45
- return "viewer";
46
- case "service_agent":
47
- case "agent_runner":
48
- return "service_agent";
49
- default:
50
- return void 0;
51
- }
52
- }
53
- function highestPlatformRole(roles) {
54
- return roles.reduce(
55
- (best, role) => PLATFORM_ROLE_PRIORITY[role] > PLATFORM_ROLE_PRIORITY[best] ? role : best,
56
- "viewer"
57
- );
58
- }
59
- function isClerkAliasFor(alias, clerkId) {
60
- return isActivePermitProjectionStatus(alias.status) && readPermitProjectionString(alias.provider)?.toLowerCase() === "clerk" && (readPermitProjectionString(alias.providerSubjectId) === clerkId || readPermitProjectionString(alias.alias) === clerkId);
61
- }
62
- function emailFromAlias(aliases, principal) {
63
- return aliases.find(
64
- (alias) => readPermitProjectionString(alias.aliasKind)?.toLowerCase() === "email"
65
- )?.alias ?? readPermitProjectionString(principal.metadata?.email);
66
- }
67
- function groupIdsForPrincipal(memberships, principal) {
68
- const principalId = readPermitProjectionString(principal.principalId);
69
- if (!principalId) return [];
70
- return [
71
- ...new Set(
72
- memberships.filter(
73
- (membership) => isActivePermitProjectionStatus(membership.status) && readPermitProjectionString(membership.tenantId) === readPermitProjectionString(principal.tenantId) && readPermitProjectionString(membership.memberType) === "principal" && (readPermitProjectionString(membership.memberId) === principalId || readPermitProjectionString(membership.principalId) === principalId)
74
- ).map((membership) => readPermitProjectionString(membership.groupId)).filter((groupId) => Boolean(groupId))
75
- )
76
- ];
77
- }
78
- function rolesForPrincipal(assignments, principal, groupIds) {
79
- const principalId = readPermitProjectionString(principal.principalId);
80
- const tenantId = readPermitProjectionString(principal.tenantId);
81
- const roles = assignments.filter(
82
- (assignment) => isActivePermitProjectionStatus(assignment.status) && readPermitProjectionString(assignment.tenantId) === tenantId && (readPermitProjectionString(assignment.targetType) === "principal" && readPermitProjectionString(assignment.targetId) === principalId || readPermitProjectionString(assignment.targetType) === "group" && groupIds.includes(
83
- readPermitProjectionString(assignment.targetId) ?? ""
84
- ))
85
- ).map((assignment) => mapPermitRoleToPlatformRole(assignment.role)).filter((role) => Boolean(role));
86
- if (readPermitProjectionString(principal.principalType) === "agent" || readPermitProjectionString(principal.principalType) === "service_principal") {
87
- roles.push("service_agent");
88
- }
89
- return [...new Set(roles)];
90
- }
91
- function workspaceFromPermitProjection(principal, alias, assignments) {
92
- return readPermitProjectionString(principal.workspaceId) ?? readPermitProjectionString(alias?.workspaceId) ?? readPermitProjectionString(
93
- assignments.find(
94
- (assignment) => readPermitProjectionString(assignment.targetId) === readPermitProjectionString(principal.principalId) && readPermitProjectionString(assignment.resourceType) === "workspace"
95
- )?.resourceKey
96
- ) ?? readPermitProjectionString(
97
- assignments.find((assignment) => assignment.workspaceId)?.workspaceId
98
- );
99
- }
100
- function buildProjectedUserFromPermitPrincipal(rows, principal, matchingAlias, now = Date.now()) {
101
- const principalId = readPermitProjectionString(principal.principalId);
102
- const tenantId = readPermitProjectionString(principal.tenantId);
103
- if (!principalId || !tenantId || !isActivePermitProjectionStatus(principal.status)) {
104
- return null;
105
- }
106
- const aliases = rows.aliases.filter(
107
- (alias2) => readPermitProjectionString(alias2.tenantId) === tenantId && readPermitProjectionString(alias2.principalId) === principalId && isActivePermitProjectionStatus(alias2.status)
108
- );
109
- const groupIds = groupIdsForPrincipal(rows.groupMemberships, principal);
110
- const roles = rolesForPrincipal(rows.roleAssignments, principal, groupIds);
111
- if (roles.length === 0) {
112
- return null;
113
- }
114
- const alias = matchingAlias ?? aliases[0];
115
- const clerkId = readPermitProjectionString(
116
- aliases.find(
117
- (entry) => readPermitProjectionString(entry.provider)?.toLowerCase() === "clerk"
118
- )?.providerSubjectId
119
- ) ?? principalId;
120
- return {
121
- clerkId,
122
- email: emailFromAlias(aliases, principal) ?? `${principalId}@permit.local`,
123
- name: readPermitProjectionString(principal.displayName),
124
- lastSeenAt: principal.lastSeenAt ?? principal.updatedAt ?? now,
125
- chatCount: 0,
126
- messageCount: 0,
127
- mcRole: highestPlatformRole(roles),
128
- mcRoleSyncedAt: principal.updatedAt ?? now,
129
- defaultTenantId: tenantId,
130
- defaultWorkspaceId: workspaceFromPermitProjection(principal, alias, rows.roleAssignments) ?? tenantId,
131
- defaultPrincipalId: principalId,
132
- principalGroupIds: groupIds,
133
- governanceGrantsSyncedAt: principal.updatedAt ?? now,
134
- createdAt: principal.createdAt ?? now,
135
- updatedAt: principal.updatedAt ?? now
136
- };
137
- }
138
- function findProjectedUserByPermitPrincipalId(rows, principalId, now = Date.now()) {
139
- const normalizedPrincipalId = principalId.trim();
140
- const principal = rows.principals.find(
141
- (row) => isActivePermitProjectionStatus(row.status) && readPermitProjectionString(row.principalId) === normalizedPrincipalId
142
- );
143
- return principal ? buildProjectedUserFromPermitPrincipal(rows, principal, void 0, now) : null;
144
- }
145
- function findProjectedUserByPermitClerkId(rows, clerkId, now = Date.now()) {
146
- const normalizedClerkId = clerkId.trim();
147
- const matchingAlias = rows.aliases.find(
148
- (alias) => isClerkAliasFor(alias, normalizedClerkId)
149
- );
150
- const principal = matchingAlias ? rows.principals.find(
151
- (row) => readPermitProjectionString(row.tenantId) === readPermitProjectionString(matchingAlias.tenantId) && readPermitProjectionString(row.principalId) === readPermitProjectionString(matchingAlias.principalId)
152
- ) : rows.principals.find(
153
- (row) => readPermitProjectionString(row.principalId) === normalizedClerkId || readPermitProjectionString(row.principalId) === `user:${normalizedClerkId}`
154
- );
155
- return principal ? buildProjectedUserFromPermitPrincipal(rows, principal, matchingAlias, now) : null;
156
- }
157
-
158
- export { buildProjectedUserFromPermitPrincipal, findProjectedUserByPermitClerkId, findProjectedUserByPermitPrincipalId, isActivePermitProjectionStatus, mapPermitRoleToPlatformRole, readPermitProjectionString };
159
- //# sourceMappingURL=permit-principal-projection.contract.js.map
160
- //# sourceMappingURL=permit-principal-projection.contract.js.map
@@ -1 +0,0 @@
1
- {"version":3,"sources":["../src/permit-principal-projection.contract.ts"],"names":["alias"],"mappings":";AAgFA,IAAM,sBAAA,GAAuE;AAAA,EAC3E,cAAA,EAAgB,EAAA;AAAA,EAChB,YAAA,EAAc,EAAA;AAAA,EACd,eAAA,EAAiB,EAAA;AAAA,EACjB,MAAA,EAAQ,EAAA;AAAA,EACR,OAAA,EAAS,EAAA;AAAA,EACT,MAAA,EAAQ,EAAA;AAAA,EACR,aAAA,EAAe;AACjB,CAAA;AAEO,SAAS,2BAA2B,KAAA,EAAoC;AAC7E,EAAA,OAAO,OAAO,UAAU,QAAA,IAAY,KAAA,CAAM,MAAK,GAAI,KAAA,CAAM,MAAK,GAAI,MAAA;AACpE;AAEO,SAAS,+BAA+B,KAAA,EAAyB;AACtE,EAAA,MAAM,MAAA,GAAS,0BAAA,CAA2B,KAAK,CAAA,EAAG,WAAA,EAAY;AAC9D,EAAA,OAAO,CAAC,MAAA,IAAU,MAAA,KAAW,QAAA,IAAY,MAAA,KAAW,QAAA;AACtD;AAEO,SAAS,4BACd,IAAA,EAC0C;AAC1C,EAAA,QAAQ,0BAAA,CAA2B,IAAI,CAAA,EAAG,WAAA,EAAY;AAAG,IACvD,KAAK,gBAAA;AACH,MAAA,OAAO,gBAAA;AAAA,IACT,KAAK,cAAA;AACH,MAAA,OAAO,cAAA;AAAA,IACT,KAAK,iBAAA;AAAA,IACL,KAAK,kBAAA;AAAA,IACL,KAAK,aAAA;AACH,MAAA,OAAO,iBAAA;AAAA,IACT,KAAK,QAAA;AAAA,IACL,KAAK,kBAAA;AAAA,IACL,KAAK,cAAA;AAAA,IACL,KAAK,sBAAA;AAAA,IACL,KAAK,mBAAA;AAAA,IACL,KAAK,gBAAA;AAAA,IACL,KAAK,gBAAA;AACH,MAAA,OAAO,QAAA;AAAA,IACT,KAAK,SAAA;AACH,MAAA,OAAO,SAAA;AAAA,IACT,KAAK,QAAA;AAAA,IACL,KAAK,cAAA;AAAA,IACL,KAAK,oBAAA;AAAA,IACL,KAAK,wBAAA;AAAA,IACL,KAAK,yBAAA;AAAA,IACL,KAAK,wBAAA;AAAA,IACL,KAAK,yBAAA;AACH,MAAA,OAAO,QAAA;AAAA,IACT,KAAK,eAAA;AAAA,IACL,KAAK,cAAA;AACH,MAAA,OAAO,eAAA;AAAA,IACT;AACE,MAAA,OAAO,MAAA;AAAA;AAEb;AAEA,SAAS,oBACP,KAAA,EAC8B;AAC9B,EAAA,OAAO,KAAA,CAAM,MAAA;AAAA,IACX,CAAC,MAAM,IAAA,KACL,sBAAA,CAAuB,IAAI,CAAA,GAAI,sBAAA,CAAuB,IAAI,CAAA,GAAI,IAAA,GAAO,IAAA;AAAA,IACvE;AAAA,GACF;AACF;AAEA,SAAS,eAAA,CACP,OACA,OAAA,EACS;AACT,EAAA,OACE,+BAA+B,KAAA,CAAM,MAAM,KAC3C,0BAAA,CAA2B,KAAA,CAAM,QAAQ,CAAA,EAAG,WAAA,OAAkB,OAAA,KAC7D,0BAAA,CAA2B,MAAM,iBAAiB,CAAA,KAAM,WACvD,0BAAA,CAA2B,KAAA,CAAM,KAAK,CAAA,KAAM,OAAA,CAAA;AAElD;AAEA,SAAS,cAAA,CACP,SACA,SAAA,EACoB;AACpB,EAAA,OACE,OAAA,CAAQ,IAAA;AAAA,IACN,CAAC,KAAA,KACC,0BAAA,CAA2B,MAAM,SAAS,CAAA,EAAG,aAAY,KAAM;AAAA,GACnE,EAAG,KAAA,IAAS,0BAAA,CAA2B,SAAA,CAAU,UAAU,KAAK,CAAA;AAEpE;AAEA,SAAS,oBAAA,CACP,aACA,SAAA,EACU;AACV,EAAA,MAAM,WAAA,GAAc,0BAAA,CAA2B,SAAA,CAAU,WAAW,CAAA;AACpE,EAAA,IAAI,CAAC,WAAA,EAAa,OAAO,EAAC;AAC1B,EAAA,OAAO;AAAA,IACL,GAAG,IAAI,GAAA;AAAA,MACL,WAAA,CACG,MAAA;AAAA,QACC,CAAC,UAAA,KACC,8BAAA,CAA+B,UAAA,CAAW,MAAM,CAAA,IAChD,0BAAA,CAA2B,UAAA,CAAW,QAAQ,CAAA,KAC5C,0BAAA,CAA2B,SAAA,CAAU,QAAQ,CAAA,IAC/C,0BAAA,CAA2B,UAAA,CAAW,UAAU,CAAA,KAAM,WAAA,KACrD,0BAAA,CAA2B,UAAA,CAAW,QAAQ,CAAA,KAAM,WAAA,IACnD,0BAAA,CAA2B,UAAA,CAAW,WAAW,CAAA,KAC/C,WAAA;AAAA,OACR,CACC,GAAA,CAAI,CAAC,UAAA,KAAe,2BAA2B,UAAA,CAAW,OAAO,CAAC,CAAA,CAClE,MAAA,CAAO,CAAC,OAAA,KAA+B,OAAA,CAAQ,OAAO,CAAC;AAAA;AAC5D,GACF;AACF;AAEA,SAAS,iBAAA,CACP,WAAA,EACA,SAAA,EACA,QAAA,EACgC;AAChC,EAAA,MAAM,WAAA,GAAc,0BAAA,CAA2B,SAAA,CAAU,WAAW,CAAA;AACpE,EAAA,MAAM,QAAA,GAAW,0BAAA,CAA2B,SAAA,CAAU,QAAQ,CAAA;AAC9D,EAAA,MAAM,QAAQ,WAAA,CACX,MAAA;AAAA,IACC,CAAC,UAAA,KACC,8BAAA,CAA+B,UAAA,CAAW,MAAM,CAAA,IAChD,0BAAA,CAA2B,UAAA,CAAW,QAAQ,CAAA,KAAM,QAAA,KAClD,0BAAA,CAA2B,UAAA,CAAW,UAAU,CAAA,KAAM,WAAA,IACtD,0BAAA,CAA2B,UAAA,CAAW,QAAQ,CAAA,KAAM,WAAA,IACnD,0BAAA,CAA2B,UAAA,CAAW,UAAU,CAAA,KAAM,OAAA,IACrD,QAAA,CAAS,QAAA;AAAA,MACP,0BAAA,CAA2B,UAAA,CAAW,QAAQ,CAAA,IAAK;AAAA,KACrD;AAAA,GACR,CACC,GAAA,CAAI,CAAC,UAAA,KAAe,4BAA4B,UAAA,CAAW,IAAI,CAAC,CAAA,CAChE,MAAA,CAAO,CAAC,IAAA,KAA+C,OAAA,CAAQ,IAAI,CAAC,CAAA;AAEvE,EAAA,IACE,0BAAA,CAA2B,UAAU,aAAa,CAAA,KAAM,WACxD,0BAAA,CAA2B,SAAA,CAAU,aAAa,CAAA,KAAM,mBAAA,EACxD;AACA,IAAA,KAAA,CAAM,KAAK,eAAe,CAAA;AAAA,EAC5B;AAEA,EAAA,OAAO,CAAC,GAAG,IAAI,GAAA,CAAI,KAAK,CAAC,CAAA;AAC3B;AAEA,SAAS,6BAAA,CACP,SAAA,EACA,KAAA,EACA,WAAA,EACoB;AACpB,EAAA,OACE,2BAA2B,SAAA,CAAU,WAAW,KAChD,0BAAA,CAA2B,KAAA,EAAO,WAAW,CAAA,IAC7C,0BAAA;AAAA,IACE,WAAA,CAAY,IAAA;AAAA,MACV,CAAC,UAAA,KACC,0BAAA,CAA2B,UAAA,CAAW,QAAQ,CAAA,KAC5C,0BAAA,CAA2B,SAAA,CAAU,WAAW,CAAA,IAClD,0BAAA,CAA2B,UAAA,CAAW,YAAY,CAAA,KAAM;AAAA,KAC5D,EAAG;AAAA,GACL,IACA,0BAAA;AAAA,IACE,YAAY,IAAA,CAAK,CAAC,UAAA,KAAe,UAAA,CAAW,WAAW,CAAA,EAAG;AAAA,GAC5D;AAEJ;AAEO,SAAS,sCACd,IAAA,EACA,SAAA,EACA,eACA,GAAA,GAAM,IAAA,CAAK,KAAI,EACmB;AAClC,EAAA,MAAM,WAAA,GAAc,0BAAA,CAA2B,SAAA,CAAU,WAAW,CAAA;AACpE,EAAA,MAAM,QAAA,GAAW,0BAAA,CAA2B,SAAA,CAAU,QAAQ,CAAA;AAC9D,EAAA,IACE,CAAC,eACD,CAAC,QAAA,IACD,CAAC,8BAAA,CAA+B,SAAA,CAAU,MAAM,CAAA,EAChD;AACA,IAAA,OAAO,IAAA;AAAA,EACT;AAEA,EAAA,MAAM,OAAA,GAAU,KAAK,OAAA,CAAQ,MAAA;AAAA,IAC3B,CAACA,MAAAA,KACC,0BAAA,CAA2BA,MAAAA,CAAM,QAAQ,CAAA,KAAM,QAAA,IAC/C,0BAAA,CAA2BA,MAAAA,CAAM,WAAW,CAAA,KAAM,WAAA,IAClD,8BAAA,CAA+BA,OAAM,MAAM;AAAA,GAC/C;AACA,EAAA,MAAM,QAAA,GAAW,oBAAA,CAAqB,IAAA,CAAK,gBAAA,EAAkB,SAAS,CAAA;AACtE,EAAA,MAAM,KAAA,GAAQ,iBAAA,CAAkB,IAAA,CAAK,eAAA,EAAiB,WAAW,QAAQ,CAAA;AACzE,EAAA,IAAI,KAAA,CAAM,WAAW,CAAA,EAAG;AACtB,IAAA,OAAO,IAAA;AAAA,EACT;AAEA,EAAA,MAAM,KAAA,GAAQ,aAAA,IAAiB,OAAA,CAAQ,CAAC,CAAA;AACxC,EAAA,MAAM,OAAA,GACJ,0BAAA;AAAA,IACE,OAAA,CAAQ,IAAA;AAAA,MACN,CAAC,KAAA,KACC,0BAAA,CAA2B,MAAM,QAAQ,CAAA,EAAG,aAAY,KAAM;AAAA,KAClE,EAAG;AAAA,GACL,IAAK,WAAA;AAEP,EAAA,OAAO;AAAA,IACL,OAAA;AAAA,IACA,OAAO,cAAA,CAAe,OAAA,EAAS,SAAS,CAAA,IAAK,GAAG,WAAW,CAAA,aAAA,CAAA;AAAA,IAC3D,IAAA,EAAM,0BAAA,CAA2B,SAAA,CAAU,WAAW,CAAA;AAAA,IACtD,UAAA,EAAY,SAAA,CAAU,UAAA,IAAc,SAAA,CAAU,SAAA,IAAa,GAAA;AAAA,IAC3D,SAAA,EAAW,CAAA;AAAA,IACX,YAAA,EAAc,CAAA;AAAA,IACd,MAAA,EAAQ,oBAAoB,KAAK,CAAA;AAAA,IACjC,cAAA,EAAgB,UAAU,SAAA,IAAa,GAAA;AAAA,IACvC,eAAA,EAAiB,QAAA;AAAA,IACjB,oBACE,6BAAA,CAA8B,SAAA,EAAW,KAAA,EAAO,IAAA,CAAK,eAAe,CAAA,IACpE,QAAA;AAAA,IACF,kBAAA,EAAoB,WAAA;AAAA,IACpB,iBAAA,EAAmB,QAAA;AAAA,IACnB,wBAAA,EAA0B,UAAU,SAAA,IAAa,GAAA;AAAA,IACjD,SAAA,EAAW,UAAU,SAAA,IAAa,GAAA;AAAA,IAClC,SAAA,EAAW,UAAU,SAAA,IAAa;AAAA,GACpC;AACF;AAEO,SAAS,qCACd,IAAA,EACA,WAAA,EACA,GAAA,GAAM,IAAA,CAAK,KAAI,EACmB;AAClC,EAAA,MAAM,qBAAA,GAAwB,YAAY,IAAA,EAAK;AAC/C,EAAA,MAAM,SAAA,GAAY,KAAK,UAAA,CAAW,IAAA;AAAA,IAChC,CAAC,QACC,8BAAA,CAA+B,GAAA,CAAI,MAAM,CAAA,IACzC,0BAAA,CAA2B,GAAA,CAAI,WAAW,CAAA,KAAM;AAAA,GACpD;AACA,EAAA,OAAO,YACH,qCAAA,CAAsC,IAAA,EAAM,SAAA,EAAW,MAAA,EAAW,GAAG,CAAA,GACrE,IAAA;AACN;AAEO,SAAS,iCACd,IAAA,EACA,OAAA,EACA,GAAA,GAAM,IAAA,CAAK,KAAI,EACmB;AAClC,EAAA,MAAM,iBAAA,GAAoB,QAAQ,IAAA,EAAK;AACvC,EAAA,MAAM,aAAA,GAAgB,KAAK,OAAA,CAAQ,IAAA;AAAA,IAAK,CAAC,KAAA,KACvC,eAAA,CAAgB,KAAA,EAAO,iBAAiB;AAAA,GAC1C;AACA,EAAA,MAAM,SAAA,GAAY,aAAA,GACd,IAAA,CAAK,UAAA,CAAW,IAAA;AAAA,IACd,CAAC,GAAA,KACC,0BAAA,CAA2B,GAAA,CAAI,QAAQ,MACrC,0BAAA,CAA2B,aAAA,CAAc,QAAQ,CAAA,IACnD,2BAA2B,GAAA,CAAI,WAAW,CAAA,KACxC,0BAAA,CAA2B,cAAc,WAAW;AAAA,GAC1D,GACA,KAAK,UAAA,CAAW,IAAA;AAAA,IACd,CAAC,GAAA,KACC,0BAAA,CAA2B,GAAA,CAAI,WAAW,CAAA,KAAM,iBAAA,IAChD,0BAAA,CAA2B,GAAA,CAAI,WAAW,CAAA,KACxC,CAAA,KAAA,EAAQ,iBAAiB,CAAA;AAAA,GAC/B;AACJ,EAAA,OAAO,YACH,qCAAA,CAAsC,IAAA,EAAM,SAAA,EAAW,aAAA,EAAe,GAAG,CAAA,GACzE,IAAA;AACN","file":"permit-principal-projection.contract.js","sourcesContent":["export type PermitProjectionPlatformRole =\n | \"platform_admin\"\n | \"tenant_admin\"\n | \"workspace_admin\"\n | \"editor\"\n | \"viewer\"\n | \"auditor\"\n | \"service_agent\";\n\nexport type PermitPrincipalProjection = Record<string, unknown> & {\n principalId?: string;\n tenantId?: string;\n workspaceId?: string;\n principalType?: string;\n status?: string;\n displayName?: string;\n metadata?: Record<string, unknown>;\n createdAt?: number;\n updatedAt?: number;\n lastSeenAt?: number;\n};\n\nexport type PermitAliasProjection = Record<string, unknown> & {\n principalId?: string;\n tenantId?: string;\n workspaceId?: string;\n provider?: string;\n providerSubjectId?: string;\n alias?: string;\n aliasKind?: string;\n status?: string;\n metadata?: Record<string, unknown>;\n};\n\nexport type PermitRoleAssignmentProjection = Record<string, unknown> & {\n tenantId?: string;\n workspaceId?: string;\n role?: string;\n targetType?: string;\n targetId?: string;\n resourceType?: string;\n resourceKey?: string;\n status?: string;\n};\n\nexport type PermitGroupMembershipProjection = Record<string, unknown> & {\n tenantId?: string;\n workspaceId?: string;\n groupId?: string;\n memberType?: string;\n memberId?: string;\n principalId?: string;\n status?: string;\n};\n\nexport type PermitProjectedUserRecord = {\n clerkId: string;\n email: string;\n name?: string;\n lastSeenAt: number;\n chatCount: number;\n messageCount: number;\n mcRole: PermitProjectionPlatformRole;\n mcRoleSyncedAt: number;\n defaultTenantId: string;\n defaultWorkspaceId: string;\n defaultPrincipalId: string;\n principalGroupIds: string[];\n governanceGrantsSyncedAt: number;\n createdAt: number;\n updatedAt: number;\n};\n\nexport type PermitProjectionRows = {\n principals: PermitPrincipalProjection[];\n aliases: PermitAliasProjection[];\n roleAssignments: PermitRoleAssignmentProjection[];\n groupMemberships: PermitGroupMembershipProjection[];\n};\n\nconst PLATFORM_ROLE_PRIORITY: Record<PermitProjectionPlatformRole, number> = {\n platform_admin: 70,\n tenant_admin: 60,\n workspace_admin: 50,\n editor: 40,\n auditor: 30,\n viewer: 20,\n service_agent: 10,\n};\n\nexport function readPermitProjectionString(value: unknown): string | undefined {\n return typeof value === \"string\" && value.trim() ? value.trim() : undefined;\n}\n\nexport function isActivePermitProjectionStatus(value: unknown): boolean {\n const status = readPermitProjectionString(value)?.toLowerCase();\n return !status || status === \"active\" || status === \"synced\";\n}\n\nexport function mapPermitRoleToPlatformRole(\n role: unknown,\n): PermitProjectionPlatformRole | undefined {\n switch (readPermitProjectionString(role)?.toLowerCase()) {\n case \"platform_admin\":\n return \"platform_admin\";\n case \"tenant_admin\":\n return \"tenant_admin\";\n case \"workspace_admin\":\n case \"deployment_admin\":\n case \"graph_admin\":\n return \"workspace_admin\";\n case \"editor\":\n case \"workspace_member\":\n case \"graph_editor\":\n case \"evidence_contributor\":\n case \"question_resolver\":\n case \"theme_promoter\":\n case \"topic_promoter\":\n return \"editor\";\n case \"auditor\":\n return \"auditor\";\n case \"viewer\":\n case \"graph_viewer\":\n case \"stakeholder_viewer\":\n case \"stakeholder_summarizer\":\n case \"source_drilldown_viewer\":\n case \"restricted_data_viewer\":\n case \"proprietary_data_viewer\":\n return \"viewer\";\n case \"service_agent\":\n case \"agent_runner\":\n return \"service_agent\";\n default:\n return undefined;\n }\n}\n\nfunction highestPlatformRole(\n roles: PermitProjectionPlatformRole[],\n): PermitProjectionPlatformRole {\n return roles.reduce<PermitProjectionPlatformRole>(\n (best, role) =>\n PLATFORM_ROLE_PRIORITY[role] > PLATFORM_ROLE_PRIORITY[best] ? role : best,\n \"viewer\",\n );\n}\n\nfunction isClerkAliasFor(\n alias: PermitAliasProjection,\n clerkId: string,\n): boolean {\n return (\n isActivePermitProjectionStatus(alias.status) &&\n readPermitProjectionString(alias.provider)?.toLowerCase() === \"clerk\" &&\n (readPermitProjectionString(alias.providerSubjectId) === clerkId ||\n readPermitProjectionString(alias.alias) === clerkId)\n );\n}\n\nfunction emailFromAlias(\n aliases: PermitAliasProjection[],\n principal: PermitPrincipalProjection,\n): string | undefined {\n return (\n aliases.find(\n (alias) =>\n readPermitProjectionString(alias.aliasKind)?.toLowerCase() === \"email\",\n )?.alias ?? readPermitProjectionString(principal.metadata?.email)\n );\n}\n\nfunction groupIdsForPrincipal(\n memberships: PermitGroupMembershipProjection[],\n principal: PermitPrincipalProjection,\n): string[] {\n const principalId = readPermitProjectionString(principal.principalId);\n if (!principalId) return [];\n return [\n ...new Set(\n memberships\n .filter(\n (membership) =>\n isActivePermitProjectionStatus(membership.status) &&\n readPermitProjectionString(membership.tenantId) ===\n readPermitProjectionString(principal.tenantId) &&\n readPermitProjectionString(membership.memberType) === \"principal\" &&\n (readPermitProjectionString(membership.memberId) === principalId ||\n readPermitProjectionString(membership.principalId) ===\n principalId),\n )\n .map((membership) => readPermitProjectionString(membership.groupId))\n .filter((groupId): groupId is string => Boolean(groupId)),\n ),\n ];\n}\n\nfunction rolesForPrincipal(\n assignments: PermitRoleAssignmentProjection[],\n principal: PermitPrincipalProjection,\n groupIds: string[],\n): PermitProjectionPlatformRole[] {\n const principalId = readPermitProjectionString(principal.principalId);\n const tenantId = readPermitProjectionString(principal.tenantId);\n const roles = assignments\n .filter(\n (assignment) =>\n isActivePermitProjectionStatus(assignment.status) &&\n readPermitProjectionString(assignment.tenantId) === tenantId &&\n ((readPermitProjectionString(assignment.targetType) === \"principal\" &&\n readPermitProjectionString(assignment.targetId) === principalId) ||\n (readPermitProjectionString(assignment.targetType) === \"group\" &&\n groupIds.includes(\n readPermitProjectionString(assignment.targetId) ?? \"\",\n ))),\n )\n .map((assignment) => mapPermitRoleToPlatformRole(assignment.role))\n .filter((role): role is PermitProjectionPlatformRole => Boolean(role));\n\n if (\n readPermitProjectionString(principal.principalType) === \"agent\" ||\n readPermitProjectionString(principal.principalType) === \"service_principal\"\n ) {\n roles.push(\"service_agent\");\n }\n\n return [...new Set(roles)];\n}\n\nfunction workspaceFromPermitProjection(\n principal: PermitPrincipalProjection,\n alias: PermitAliasProjection | undefined,\n assignments: PermitRoleAssignmentProjection[],\n): string | undefined {\n return (\n readPermitProjectionString(principal.workspaceId) ??\n readPermitProjectionString(alias?.workspaceId) ??\n readPermitProjectionString(\n assignments.find(\n (assignment) =>\n readPermitProjectionString(assignment.targetId) ===\n readPermitProjectionString(principal.principalId) &&\n readPermitProjectionString(assignment.resourceType) === \"workspace\",\n )?.resourceKey,\n ) ??\n readPermitProjectionString(\n assignments.find((assignment) => assignment.workspaceId)?.workspaceId,\n )\n );\n}\n\nexport function buildProjectedUserFromPermitPrincipal(\n rows: PermitProjectionRows,\n principal: PermitPrincipalProjection,\n matchingAlias?: PermitAliasProjection,\n now = Date.now(),\n): PermitProjectedUserRecord | null {\n const principalId = readPermitProjectionString(principal.principalId);\n const tenantId = readPermitProjectionString(principal.tenantId);\n if (\n !principalId ||\n !tenantId ||\n !isActivePermitProjectionStatus(principal.status)\n ) {\n return null;\n }\n\n const aliases = rows.aliases.filter(\n (alias) =>\n readPermitProjectionString(alias.tenantId) === tenantId &&\n readPermitProjectionString(alias.principalId) === principalId &&\n isActivePermitProjectionStatus(alias.status),\n );\n const groupIds = groupIdsForPrincipal(rows.groupMemberships, principal);\n const roles = rolesForPrincipal(rows.roleAssignments, principal, groupIds);\n if (roles.length === 0) {\n return null;\n }\n\n const alias = matchingAlias ?? aliases[0];\n const clerkId =\n readPermitProjectionString(\n aliases.find(\n (entry) =>\n readPermitProjectionString(entry.provider)?.toLowerCase() === \"clerk\",\n )?.providerSubjectId,\n ) ?? principalId;\n\n return {\n clerkId,\n email: emailFromAlias(aliases, principal) ?? `${principalId}@permit.local`,\n name: readPermitProjectionString(principal.displayName),\n lastSeenAt: principal.lastSeenAt ?? principal.updatedAt ?? now,\n chatCount: 0,\n messageCount: 0,\n mcRole: highestPlatformRole(roles),\n mcRoleSyncedAt: principal.updatedAt ?? now,\n defaultTenantId: tenantId,\n defaultWorkspaceId:\n workspaceFromPermitProjection(principal, alias, rows.roleAssignments) ??\n tenantId,\n defaultPrincipalId: principalId,\n principalGroupIds: groupIds,\n governanceGrantsSyncedAt: principal.updatedAt ?? now,\n createdAt: principal.createdAt ?? now,\n updatedAt: principal.updatedAt ?? now,\n };\n}\n\nexport function findProjectedUserByPermitPrincipalId(\n rows: PermitProjectionRows,\n principalId: string,\n now = Date.now(),\n): PermitProjectedUserRecord | null {\n const normalizedPrincipalId = principalId.trim();\n const principal = rows.principals.find(\n (row) =>\n isActivePermitProjectionStatus(row.status) &&\n readPermitProjectionString(row.principalId) === normalizedPrincipalId,\n );\n return principal\n ? buildProjectedUserFromPermitPrincipal(rows, principal, undefined, now)\n : null;\n}\n\nexport function findProjectedUserByPermitClerkId(\n rows: PermitProjectionRows,\n clerkId: string,\n now = Date.now(),\n): PermitProjectedUserRecord | null {\n const normalizedClerkId = clerkId.trim();\n const matchingAlias = rows.aliases.find((alias) =>\n isClerkAliasFor(alias, normalizedClerkId),\n );\n const principal = matchingAlias\n ? rows.principals.find(\n (row) =>\n readPermitProjectionString(row.tenantId) ===\n readPermitProjectionString(matchingAlias.tenantId) &&\n readPermitProjectionString(row.principalId) ===\n readPermitProjectionString(matchingAlias.principalId),\n )\n : rows.principals.find(\n (row) =>\n readPermitProjectionString(row.principalId) === normalizedClerkId ||\n readPermitProjectionString(row.principalId) ===\n `user:${normalizedClerkId}`,\n );\n return principal\n ? buildProjectedUserFromPermitPrincipal(rows, principal, matchingAlias, now)\n : null;\n}\n"]}
@@ -1,3 +0,0 @@
1
- declare function checkConvexArgsShape(): void;
2
-
3
- export { checkConvexArgsShape };