@lucern/contracts 0.3.0-alpha.17 → 0.3.0-alpha.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (316) hide show
  1. package/CHANGELOG.md +0 -10
  2. package/dist/api-enums.contract.d.ts +3 -5
  3. package/dist/api-enums.contract.js +12 -14
  4. package/dist/api-enums.contract.js.map +1 -1
  5. package/dist/auth-context.contract.js +2 -14
  6. package/dist/auth-context.contract.js.map +1 -1
  7. package/dist/auth-session.contract.js +2 -14
  8. package/dist/auth-session.contract.js.map +1 -1
  9. package/dist/auth.contract.d.ts +1 -1
  10. package/dist/auth.contract.js +2 -14
  11. package/dist/auth.contract.js.map +1 -1
  12. package/dist/context-pack.contract.d.ts +3 -5
  13. package/dist/context-pack.contract.js.map +1 -1
  14. package/dist/{defineTable-t1wr5wgn.d.ts → defineTable-CBQ03FXl.d.ts} +1 -1
  15. package/dist/{dsl-DVPthQGY.d.ts → dsl-BgpoVOVQ.d.ts} +2 -2
  16. package/dist/dsl.d.ts +2 -2
  17. package/dist/dsl.js +4 -1
  18. package/dist/dsl.js.map +1 -1
  19. package/dist/function-registry/beliefs.d.ts +51 -64
  20. package/dist/function-registry/beliefs.js +57 -817
  21. package/dist/function-registry/beliefs.js.map +1 -1
  22. package/dist/function-registry/coding.d.ts +6 -15
  23. package/dist/function-registry/coding.js +43 -866
  24. package/dist/function-registry/coding.js.map +1 -1
  25. package/dist/function-registry/context.d.ts +16 -22
  26. package/dist/function-registry/context.js +46 -805
  27. package/dist/function-registry/context.js.map +1 -1
  28. package/dist/function-registry/contracts.d.ts +3 -9
  29. package/dist/function-registry/contracts.js +39 -770
  30. package/dist/function-registry/contracts.js.map +1 -1
  31. package/dist/function-registry/coordination.d.ts +9 -21
  32. package/dist/function-registry/coordination.js +39 -770
  33. package/dist/function-registry/coordination.js.map +1 -1
  34. package/dist/function-registry/edges.d.ts +2 -167
  35. package/dist/function-registry/edges.js +71 -978
  36. package/dist/function-registry/edges.js.map +1 -1
  37. package/dist/function-registry/evidence.d.ts +41 -52
  38. package/dist/function-registry/evidence.js +62 -826
  39. package/dist/function-registry/evidence.js.map +1 -1
  40. package/dist/function-registry/graph.d.ts +66 -162
  41. package/dist/function-registry/graph.js +46 -886
  42. package/dist/function-registry/graph.js.map +1 -1
  43. package/dist/function-registry/helpers.d.ts +4 -7
  44. package/dist/function-registry/helpers.js +40 -771
  45. package/dist/function-registry/helpers.js.map +1 -1
  46. package/dist/function-registry/identity.d.ts +16 -62
  47. package/dist/function-registry/identity.js +45 -793
  48. package/dist/function-registry/identity.js.map +1 -1
  49. package/dist/function-registry/index.d.ts +3 -5
  50. package/dist/function-registry/index.js +43 -777
  51. package/dist/function-registry/index.js.map +1 -1
  52. package/dist/function-registry/judgments.d.ts +11 -16
  53. package/dist/function-registry/judgments.js +42 -782
  54. package/dist/function-registry/judgments.js.map +1 -1
  55. package/dist/function-registry/legacy.d.ts +1 -5
  56. package/dist/function-registry/legacy.js +39 -770
  57. package/dist/function-registry/legacy.js.map +1 -1
  58. package/dist/function-registry/lenses.d.ts +21 -28
  59. package/dist/function-registry/lenses.js +42 -793
  60. package/dist/function-registry/lenses.js.map +1 -1
  61. package/dist/function-registry/manifest.d.ts +6 -6
  62. package/dist/function-registry/manifest.js +2 -19
  63. package/dist/function-registry/manifest.js.map +1 -1
  64. package/dist/function-registry/ontologies.d.ts +56 -70
  65. package/dist/function-registry/ontologies.js +45 -788
  66. package/dist/function-registry/ontologies.js.map +1 -1
  67. package/dist/function-registry/pipeline.d.ts +16 -22
  68. package/dist/function-registry/pipeline.js +42 -779
  69. package/dist/function-registry/pipeline.js.map +1 -1
  70. package/dist/function-registry/questions.d.ts +61 -76
  71. package/dist/function-registry/questions.js +52 -869
  72. package/dist/function-registry/questions.js.map +1 -1
  73. package/dist/function-registry/tasks.d.ts +21 -28
  74. package/dist/function-registry/tasks.js +48 -845
  75. package/dist/function-registry/tasks.js.map +1 -1
  76. package/dist/function-registry/topics.d.ts +26 -114
  77. package/dist/function-registry/topics.js +43 -852
  78. package/dist/function-registry/topics.js.map +1 -1
  79. package/dist/function-registry/types.d.ts +3 -7
  80. package/dist/function-registry/worktrees.d.ts +51 -104
  81. package/dist/function-registry/worktrees.js +51 -925
  82. package/dist/function-registry/worktrees.js.map +1 -1
  83. package/dist/gateway.contract.d.ts +0 -6
  84. package/dist/gateway.contract.js.map +1 -1
  85. package/dist/generated/convexSchemas.d.ts +3 -3
  86. package/dist/generated/convexSchemas.js +18 -39
  87. package/dist/generated/convexSchemas.js.map +1 -1
  88. package/dist/generated/schema-manifest.json +98 -1244
  89. package/dist/generated/tableOwnership.d.ts +28 -49
  90. package/dist/generated/tableOwnership.js +26 -68
  91. package/dist/generated/tableOwnership.js.map +1 -1
  92. package/dist/generated/tier-expectations.json +9 -66
  93. package/dist/graph-types/index.d.ts +1 -5
  94. package/dist/graph-types/index.js +4 -15
  95. package/dist/graph-types/index.js.map +1 -1
  96. package/dist/index-CV-0_VWJ.d.ts +25 -0
  97. package/dist/index.d.ts +414 -30
  98. package/dist/index.js +342 -35266
  99. package/dist/index.js.map +1 -1
  100. package/dist/lens-filter.contract.js +3 -4
  101. package/dist/lens-filter.contract.js.map +1 -1
  102. package/dist/lens-workflow.contract.js +3 -4
  103. package/dist/lens-workflow.contract.js.map +1 -1
  104. package/dist/schema-helpers/enumValidation.js +5 -2
  105. package/dist/schema-helpers/enumValidation.js.map +1 -1
  106. package/dist/schema-helpers/spine/nodes/decision.js +1 -2
  107. package/dist/schema-helpers/spine/nodes/decision.js.map +1 -1
  108. package/dist/schema-helpers/spine/tables/epistemicNodes.js +27 -27
  109. package/dist/schema-helpers/spine/tables/epistemicNodes.js.map +1 -1
  110. package/dist/schemas/component-table-manifest.d.ts +6 -6
  111. package/dist/schemas/component-table-manifest.js +2 -2
  112. package/dist/schemas/component-table-manifest.js.map +1 -1
  113. package/dist/schemas/enums.d.ts +2 -5
  114. package/dist/schemas/enums.js +2 -5
  115. package/dist/schemas/enums.js.map +1 -1
  116. package/dist/schemas/index.d.ts +3 -3
  117. package/dist/schemas/index.js +139 -1165
  118. package/dist/schemas/index.js.map +1 -1
  119. package/dist/schemas/manifest.d.ts +932 -3042
  120. package/dist/schemas/manifest.js +137 -1163
  121. package/dist/schemas/manifest.js.map +1 -1
  122. package/dist/schemas/sl-opinion.d.ts +4 -4
  123. package/dist/schemas/tables/{controlPlane → identity}/agent.d.ts +1 -1
  124. package/dist/schemas/tables/{controlPlane → identity}/agent.js +3 -3
  125. package/dist/schemas/tables/identity/agent.js.map +1 -0
  126. package/dist/schemas/tables/{controlPlane → identity}/epistemic.d.ts +1 -1
  127. package/dist/schemas/tables/{controlPlane → identity}/epistemic.js +3 -3
  128. package/dist/schemas/tables/identity/epistemic.js.map +1 -0
  129. package/dist/schemas/tables/{controlPlane → identity}/model.d.ts +1 -1
  130. package/dist/schemas/tables/{controlPlane → identity}/model.js +6 -6
  131. package/dist/schemas/tables/identity/model.js.map +1 -0
  132. package/dist/schemas/tables/{controlPlane → identity}/platform.d.ts +11 -11
  133. package/dist/schemas/tables/{controlPlane → identity}/platform.js +18 -18
  134. package/dist/schemas/tables/identity/platform.js.map +1 -0
  135. package/dist/schemas/tables/{controlPlane → identity}/project.d.ts +1 -1
  136. package/dist/schemas/tables/{controlPlane → identity}/project.js +3 -3
  137. package/dist/schemas/tables/identity/project.js.map +1 -0
  138. package/dist/schemas/tables/{controlPlane → identity}/user.d.ts +1 -1
  139. package/dist/schemas/tables/{controlPlane → identity}/user.js +3 -3
  140. package/dist/schemas/tables/identity/user.js.map +1 -0
  141. package/dist/schemas/tables/kernel/config.d.ts +1 -1
  142. package/dist/schemas/tables/kernel/config.js.map +1 -1
  143. package/dist/schemas/tables/kernel/coordination.d.ts +1 -1
  144. package/dist/schemas/tables/kernel/coordination.js.map +1 -1
  145. package/dist/schemas/tables/kernel/decision.d.ts +1 -1
  146. package/dist/schemas/tables/kernel/decision.js.map +1 -1
  147. package/dist/schemas/tables/kernel/embedding.d.ts +1 -1
  148. package/dist/schemas/tables/kernel/embedding.js.map +1 -1
  149. package/dist/schemas/tables/kernel/epistemic.d.ts +7 -7
  150. package/dist/schemas/tables/kernel/epistemic.js.map +1 -1
  151. package/dist/schemas/tables/kernel/idempotency.d.ts +1 -1
  152. package/dist/schemas/tables/kernel/idempotency.js.map +1 -1
  153. package/dist/schemas/tables/kernel/infra.d.ts +5 -5
  154. package/dist/schemas/tables/kernel/infra.js.map +1 -1
  155. package/dist/schemas/tables/kernel/intelligence.d.ts +11 -11
  156. package/dist/schemas/tables/kernel/intelligence.js.map +1 -1
  157. package/dist/schemas/tables/kernel/lens.d.ts +5 -5
  158. package/dist/schemas/tables/kernel/lens.js.map +1 -1
  159. package/dist/schemas/tables/kernel/ontology.d.ts +1 -1
  160. package/dist/schemas/tables/kernel/ontology.js.map +1 -1
  161. package/dist/schemas/tables/kernel/platform.d.ts +13 -13
  162. package/dist/schemas/tables/kernel/platform.js.map +1 -1
  163. package/dist/schemas/tables/kernel/spine.d.ts +4 -5
  164. package/dist/schemas/tables/kernel/spine.js +2 -6
  165. package/dist/schemas/tables/kernel/spine.js.map +1 -1
  166. package/dist/schemas/tables/kernel/task.d.ts +43 -43
  167. package/dist/schemas/tables/kernel/task.js.map +1 -1
  168. package/dist/schemas/tables/kernel/topic.d.ts +1 -1
  169. package/dist/schemas/tables/kernel/topic.js +1 -5
  170. package/dist/schemas/tables/kernel/topic.js.map +1 -1
  171. package/dist/schemas/tables/kernel/workflow.d.ts +1 -1
  172. package/dist/schemas/tables/kernel/workflow.js.map +1 -1
  173. package/dist/schemas/tables/kernel/worktree.d.ts +55 -55
  174. package/dist/schemas/tables/kernel/worktree.js.map +1 -1
  175. package/dist/schemas/tables/mc/identity.d.ts +4 -44
  176. package/dist/schemas/tables/mc/identity.js +1 -66
  177. package/dist/schemas/tables/mc/identity.js.map +1 -1
  178. package/dist/schemas/tables/mc/methodology.d.ts +1 -1
  179. package/dist/schemas/tables/mc/methodology.js.map +1 -1
  180. package/dist/schemas/tables/mc/pack.d.ts +21 -21
  181. package/dist/schemas/tables/mc/pack.js.map +1 -1
  182. package/dist/schemas/tables/mc/policy.d.ts +2 -2
  183. package/dist/schemas/tables/mc/policy.js +1 -1
  184. package/dist/schemas/tables/mc/policy.js.map +1 -1
  185. package/dist/schemas/tables/mc/registry.d.ts +5 -5
  186. package/dist/schemas/tables/mc/registry.js.map +1 -1
  187. package/dist/schemas/tables/mc/runtime.d.ts +3 -109
  188. package/dist/schemas/tables/mc/runtime.js +104 -330
  189. package/dist/schemas/tables/mc/runtime.js.map +1 -1
  190. package/dist/schemas/tables/mc/tenant.d.ts +2 -4
  191. package/dist/schemas/tables/mc/tenant.js +1 -3
  192. package/dist/schemas/tables/mc/tenant.js.map +1 -1
  193. package/dist/schemas/tables/mc/workspace.d.ts +5 -28
  194. package/dist/schemas/tables/mc/workspace.js +2 -36
  195. package/dist/schemas/tables/mc/workspace.js.map +1 -1
  196. package/dist/sdk-methods.contract.d.ts +2 -2
  197. package/dist/{sdk-tools.contract-CKmSsrZ2.d.ts → sdk-tools.contract-S4ia0TTo.d.ts} +2 -2
  198. package/dist/sdk-tools.contract.d.ts +2 -2
  199. package/dist/sdk-tools.contract.js +27 -719
  200. package/dist/sdk-tools.contract.js.map +1 -1
  201. package/dist/{tool-contracts-C_xvM9q2.d.ts → tool-contracts-C92-9ueT.d.ts} +2 -38
  202. package/dist/tool-contracts.d.ts +1 -1
  203. package/dist/tool-contracts.js +28 -720
  204. package/dist/tool-contracts.js.map +1 -1
  205. package/package.json +1 -30
  206. package/dist/component-boundary.contract.d.ts +0 -14
  207. package/dist/component-boundary.contract.js +0 -175
  208. package/dist/component-boundary.contract.js.map +0 -1
  209. package/dist/component-host-boundary.contract.d.ts +0 -46
  210. package/dist/component-host-boundary.contract.js +0 -60
  211. package/dist/component-host-boundary.contract.js.map +0 -1
  212. package/dist/edge-policy-manifest-Dw5IhT1L.d.ts +0 -133
  213. package/dist/function-registry/nodes.d.ts +0 -412
  214. package/dist/function-registry/nodes.js +0 -5354
  215. package/dist/function-registry/nodes.js.map +0 -1
  216. package/dist/function-registry-input-audit.d.ts +0 -13
  217. package/dist/function-registry-input-audit.js +0 -166
  218. package/dist/function-registry-input-audit.js.map +0 -1
  219. package/dist/generated/infisicalRuntimeEnv.d.ts +0 -70
  220. package/dist/generated/infisicalRuntimeEnv.js +0 -27345
  221. package/dist/generated/infisicalRuntimeEnv.js.map +0 -1
  222. package/dist/generated/lucernGatewayEnv.d.ts +0 -17
  223. package/dist/generated/lucernGatewayEnv.js +0 -38
  224. package/dist/generated/lucernGatewayEnv.js.map +0 -1
  225. package/dist/generated/lucernWebPublicEnv.d.ts +0 -26
  226. package/dist/generated/lucernWebPublicEnv.js +0 -32
  227. package/dist/generated/lucernWebPublicEnv.js.map +0 -1
  228. package/dist/generated/lucernWebServerEnv.d.ts +0 -33
  229. package/dist/generated/lucernWebServerEnv.js +0 -51
  230. package/dist/generated/lucernWebServerEnv.js.map +0 -1
  231. package/dist/graph-intelligence.contract.d.ts +0 -506
  232. package/dist/graph-intelligence.contract.js +0 -595
  233. package/dist/graph-intelligence.contract.js.map +0 -1
  234. package/dist/index-CM1Pl_vI.d.ts +0 -28
  235. package/dist/infisical-runtime.contract.d.ts +0 -1889
  236. package/dist/infisical-runtime.contract.js +0 -3235
  237. package/dist/infisical-runtime.contract.js.map +0 -1
  238. package/dist/manifests/edge-policy-manifest.d.ts +0 -2
  239. package/dist/manifests/edge-policy-manifest.data.d.ts +0 -13
  240. package/dist/manifests/edge-policy-manifest.data.js +0 -26
  241. package/dist/manifests/edge-policy-manifest.data.js.map +0 -1
  242. package/dist/manifests/edge-policy-manifest.js +0 -92
  243. package/dist/manifests/edge-policy-manifest.js.map +0 -1
  244. package/dist/manifests/infisical-runtime-manifest.d.ts +0 -1792
  245. package/dist/manifests/infisical-runtime-manifest.js +0 -3090
  246. package/dist/manifests/infisical-runtime-manifest.js.map +0 -1
  247. package/dist/manifests/invariant-manifest.d.ts +0 -65
  248. package/dist/manifests/invariant-manifest.js +0 -18
  249. package/dist/manifests/invariant-manifest.js.map +0 -1
  250. package/dist/manifests/invariants/ast-utils.d.ts +0 -14
  251. package/dist/manifests/invariants/ast-utils.js +0 -54
  252. package/dist/manifests/invariants/ast-utils.js.map +0 -1
  253. package/dist/manifests/invariants/index.d.ts +0 -15
  254. package/dist/manifests/invariants/index.js +0 -183
  255. package/dist/manifests/invariants/index.js.map +0 -1
  256. package/dist/manifests/invariants/inv-1-beliefs-append-only.d.ts +0 -12
  257. package/dist/manifests/invariants/inv-1-beliefs-append-only.js +0 -94
  258. package/dist/manifests/invariants/inv-1-beliefs-append-only.js.map +0 -1
  259. package/dist/manifests/invariants/inv-14-no-silent-transitions.d.ts +0 -12
  260. package/dist/manifests/invariants/inv-14-no-silent-transitions.js +0 -99
  261. package/dist/manifests/invariants/inv-14-no-silent-transitions.js.map +0 -1
  262. package/dist/manifests/invariants/manifest-1-projections-declare-audit.d.ts +0 -12
  263. package/dist/manifests/invariants/manifest-1-projections-declare-audit.js +0 -42
  264. package/dist/manifests/invariants/manifest-1-projections-declare-audit.js.map +0 -1
  265. package/dist/manifests/tenant-client-manifest.d.ts +0 -327
  266. package/dist/manifests/tenant-client-manifest.js +0 -449
  267. package/dist/manifests/tenant-client-manifest.js.map +0 -1
  268. package/dist/mcp-gateway-boundary.contract.d.ts +0 -201
  269. package/dist/mcp-gateway-boundary.contract.js +0 -45
  270. package/dist/mcp-gateway-boundary.contract.js.map +0 -1
  271. package/dist/permit-principal-projection.contract.d.ts +0 -74
  272. package/dist/permit-principal-projection.contract.js +0 -167
  273. package/dist/permit-principal-projection.contract.js.map +0 -1
  274. package/dist/projections/check-convex-args-shape.d.ts +0 -3
  275. package/dist/projections/check-convex-args-shape.js +0 -403
  276. package/dist/projections/check-convex-args-shape.js.map +0 -1
  277. package/dist/projections/create-evidence.projection.d.ts +0 -176
  278. package/dist/projections/create-evidence.projection.js +0 -130
  279. package/dist/projections/create-evidence.projection.js.map +0 -1
  280. package/dist/projections/index.d.ts +0 -102
  281. package/dist/projections/index.js +0 -352
  282. package/dist/projections/index.js.map +0 -1
  283. package/dist/projections/list-beliefs.projection.d.ts +0 -36
  284. package/dist/projections/list-beliefs.projection.js +0 -54
  285. package/dist/projections/list-beliefs.projection.js.map +0 -1
  286. package/dist/projections/list-tasks.projection.d.ts +0 -44
  287. package/dist/projections/list-tasks.projection.js +0 -57
  288. package/dist/projections/list-tasks.projection.js.map +0 -1
  289. package/dist/projections/modulate-confidence.projection.d.ts +0 -219
  290. package/dist/projections/modulate-confidence.projection.js +0 -148
  291. package/dist/projections/modulate-confidence.projection.js.map +0 -1
  292. package/dist/projections/projection-dsl.d.ts +0 -11
  293. package/dist/projections/projection-dsl.js +0 -8
  294. package/dist/projections/projection-dsl.js.map +0 -1
  295. package/dist/proof-attestation.json +0 -45
  296. package/dist/schemas/tables/controlPlane/accessControl.d.ts +0 -260
  297. package/dist/schemas/tables/controlPlane/accessControl.js +0 -658
  298. package/dist/schemas/tables/controlPlane/accessControl.js.map +0 -1
  299. package/dist/schemas/tables/controlPlane/agent.js.map +0 -1
  300. package/dist/schemas/tables/controlPlane/epistemic.js.map +0 -1
  301. package/dist/schemas/tables/controlPlane/model.js.map +0 -1
  302. package/dist/schemas/tables/controlPlane/platform.js.map +0 -1
  303. package/dist/schemas/tables/controlPlane/project.js.map +0 -1
  304. package/dist/schemas/tables/controlPlane/user.js.map +0 -1
  305. package/dist/schemas/tables/kernel/events.d.ts +0 -21
  306. package/dist/schemas/tables/kernel/events.js +0 -43
  307. package/dist/schemas/tables/kernel/events.js.map +0 -1
  308. package/dist/tenant-bootstrap-seed.contract.d.ts +0 -1289
  309. package/dist/tenant-bootstrap-seed.contract.js +0 -764
  310. package/dist/tenant-bootstrap-seed.contract.js.map +0 -1
  311. package/dist/tenant-bootstrap-seed.defaults.d.ts +0 -16
  312. package/dist/tenant-bootstrap-seed.defaults.js +0 -321
  313. package/dist/tenant-bootstrap-seed.defaults.js.map +0 -1
  314. package/dist/tenant-client.contract.d.ts +0 -354
  315. package/dist/tenant-client.contract.js +0 -505
  316. package/dist/tenant-client.contract.js.map +0 -1
@@ -1,201 +0,0 @@
1
- import { SessionPrincipalType, SessionAuthMode, SessionDelegationHop } from './auth.contract.js';
2
- import './convex-admin.contract.js';
3
-
4
- /**
5
- * MCP gateway boundary contract
6
- *
7
- * Defines the target thin-client boundary for the Lucern MCP server. MCP is a
8
- * client of the Lucern gateway, not a privileged Convex or Master Control
9
- * process. The gateway owns tenant resolution, deploy-key access, policy, and
10
- * session persistence.
11
- */
12
-
13
- declare const MCP_GATEWAY_BOUNDARY_CONTRACT_VERSION: "2026-04-27";
14
- declare const MCP_GATEWAY_BOOTSTRAP_ENDPOINT: "/api/platform/v1/mcp/session";
15
- declare const MCP_GATEWAY_WRITE_POLICY_CHECK_ENDPOINT: "/api/platform/v1/mcp/write-policy/check";
16
- declare const MCP_GATEWAY_BEGIN_BUILD_SESSION_ENDPOINT: "/api/platform/v1/mcp/build-session/begin";
17
- declare const MCP_GATEWAY_EVALUATE_ENGINEERING_CONTRACT_ENDPOINT: "/api/platform/v1/mcp/contracts/evaluate-engineering";
18
- declare const MCP_GATEWAY_EVALUATE_RESEARCH_CONTRACT_ENDPOINT: "/api/platform/v1/mcp/contracts/evaluate-research";
19
- declare const MCP_GATEWAY_ALLOWED_CLIENT_ENV: readonly ["LUCERN_API_KEY", "LUCERN_API_BASE_URL", "LUCERN_ENVIRONMENT", "LUCERN_USER_TOKEN"];
20
- type McpGatewayAllowedClientEnv = (typeof MCP_GATEWAY_ALLOWED_CLIENT_ENV)[number];
21
- declare const MCP_GATEWAY_FORBIDDEN_CLIENT_ENV: readonly ["CONVEX_MC_URL", "CONVEX_MC_DEPLOY_KEY", "MC_CONVEX_URL", "MC_DEPLOY_KEY", "LUCERN_CONVEX_URL", "LUCERN_DEPLOY_KEY", "TENANT_CONVEX_URL", "TENANT_DEPLOY_KEY"];
22
- type McpGatewayForbiddenClientEnv = (typeof MCP_GATEWAY_FORBIDDEN_CLIENT_ENV)[number];
23
- declare const MCP_GATEWAY_BOOTSTRAP_REQUIRED_FIELDS: readonly ["tenant", "session", "permissions"];
24
- type McpGatewayBootstrapRequiredField = (typeof MCP_GATEWAY_BOOTSTRAP_REQUIRED_FIELDS)[number];
25
- type McpGatewayTenantContext = {
26
- tenantId: string;
27
- slug: string;
28
- name: string;
29
- tier: string;
30
- methodologyPackIds: string[];
31
- apiKeyId?: string;
32
- };
33
- type McpGatewaySessionContext = {
34
- sessionType: "agent" | "user";
35
- userId: string;
36
- principalId: string;
37
- principalType: SessionPrincipalType;
38
- workspaceId?: string;
39
- authMode: SessionAuthMode;
40
- roles: string[];
41
- scopes: string[];
42
- sessionId?: string;
43
- userEmail?: string;
44
- expiresAt?: number;
45
- delegatedBy?: string;
46
- delegationChain?: SessionDelegationHop[];
47
- worktreeId?: string;
48
- };
49
- type McpGatewayPermissionContext = {
50
- allowedTools: string[] | null;
51
- allowedTopics: string[] | null;
52
- groupIds: string[];
53
- permittedPackKeys: string[];
54
- permittedToolNames: string[];
55
- permittedTools: Array<{
56
- toolName: string;
57
- requiredRole?: string;
58
- approvalGateId?: string;
59
- isCore?: boolean;
60
- category?: string;
61
- }>;
62
- };
63
- type McpGatewayBootstrapRequest = {
64
- transportKind?: "stdio" | "hosted";
65
- sessionId?: string;
66
- agentIdentity?: string;
67
- workspaceId?: string;
68
- worktreeId?: string;
69
- };
70
- type McpGatewayWritePolicyCheckRequest = {
71
- topicId?: string;
72
- role: string;
73
- toolName: string;
74
- };
75
- type McpGatewayBeginBuildSessionRequest = {
76
- worktreeId: string;
77
- branch?: string;
78
- branchBase?: string;
79
- prBase?: string;
80
- sessionMode?: string;
81
- activateIfPlanning?: boolean;
82
- };
83
- type McpGatewayJsonObject = {
84
- [key: string]: McpGatewayJsonValue | undefined;
85
- };
86
- type McpGatewayJsonArray = McpGatewayJsonValue[];
87
- type McpGatewayJsonValue = null | boolean | number | string | McpGatewayJsonArray | McpGatewayJsonObject;
88
- type McpGatewayEvaluateEngineeringContractRequest = {
89
- beliefNodeId?: McpGatewayJsonValue;
90
- trigger?: McpGatewayJsonValue;
91
- testOutput?: McpGatewayJsonValue;
92
- tscOutput?: McpGatewayJsonValue;
93
- lintOutput?: McpGatewayJsonValue;
94
- sentryData?: McpGatewayJsonValue;
95
- };
96
- type McpGatewayEvaluateResearchContractRequest = {
97
- beliefNodeId?: McpGatewayJsonValue;
98
- trigger?: McpGatewayJsonValue;
99
- metricData?: McpGatewayJsonValue;
100
- referenceCheckData?: McpGatewayJsonValue;
101
- marketIndexData?: McpGatewayJsonValue;
102
- temporalData?: McpGatewayJsonValue;
103
- };
104
- type McpGatewayContractEvaluationResponse = McpGatewayJsonObject;
105
- type McpGatewayWritePolicyCheckResponse = {
106
- allowed: boolean;
107
- permission: string;
108
- rationale?: string;
109
- maxWritesPerSession?: number;
110
- toolCategory?: string | null;
111
- policy?: McpGatewayJsonObject | null;
112
- explanation?: McpGatewayJsonObject;
113
- reason: string;
114
- };
115
- type McpGatewayBootstrapResponse = {
116
- tenant: McpGatewayTenantContext;
117
- session: McpGatewaySessionContext;
118
- permissions: McpGatewayPermissionContext;
119
- };
120
- type McpGatewayBuildSessionBelief = {
121
- nodeId: string;
122
- text: string;
123
- confidence: number | null;
124
- };
125
- type McpGatewayBuildSessionQuestion = {
126
- nodeId: string;
127
- text: string;
128
- priority: string;
129
- };
130
- type McpGatewayBuildSessionDecision = {
131
- question: string;
132
- decision: string;
133
- };
134
- type McpGatewayBuildSessionTask = {
135
- taskId: string;
136
- title: string;
137
- status: "todo" | "in_progress" | "blocked" | "done";
138
- priority: "low" | "medium" | "high" | "urgent";
139
- description?: string;
140
- taskType?: string;
141
- linkedBeliefId?: string;
142
- linkedQuestionId?: string;
143
- linkedWorktreeId?: string;
144
- outputSummary?: string;
145
- tags?: string[];
146
- };
147
- type McpGatewayBuildSessionWorktreeSummary = {
148
- worktreeId: string;
149
- title: string;
150
- status?: string;
151
- };
152
- type McpGatewayBeginBuildSessionResponse = {
153
- topicId: string;
154
- topicName: string;
155
- worktreeId: string;
156
- worktreeName: string;
157
- branch: string;
158
- branchBase: string;
159
- prBase: string;
160
- campaign: number | null;
161
- lane: string;
162
- laneOrderInCampaign: number | null;
163
- orderInLane: number | null;
164
- gate: string;
165
- hypothesis: string;
166
- focus: string;
167
- status: string;
168
- sessionMode: string;
169
- targetBeliefIds: string[];
170
- targetQuestionIds: string[];
171
- taskIds: string[];
172
- incompleteTaskIds: string[];
173
- tasks: McpGatewayBuildSessionTask[];
174
- topBeliefs: McpGatewayBuildSessionBelief[];
175
- openQuestions: McpGatewayBuildSessionQuestion[];
176
- resolvedDecisions: McpGatewayBuildSessionDecision[];
177
- exitCriteria: string[];
178
- requiredDocs: string[];
179
- keyFiles: string[];
180
- pillarBeliefs: Array<{
181
- pillar: string;
182
- text: string;
183
- nodeId: string;
184
- }>;
185
- visionDocs: Array<{
186
- path: string;
187
- description: string;
188
- }>;
189
- dependencies: McpGatewayBuildSessionWorktreeSummary[];
190
- unblocks: Array<{
191
- worktreeId: string;
192
- title: string;
193
- }>;
194
- mergeOrderNotes: string;
195
- };
196
- declare const MCP_GATEWAY_OWNED_BOOTSTRAP_OPERATIONS: readonly ["validate_mcp_session", "record_key_usage", "resolve_default_workspace", "resolve_user_context", "create_user_session", "upsert_agent_principal"];
197
- type McpGatewayOwnedBootstrapOperation = (typeof MCP_GATEWAY_OWNED_BOOTSTRAP_OPERATIONS)[number];
198
- declare const MCP_GATEWAY_CLIENT_ONLY_PACKAGES: readonly ["@lucern/sdk", "@lucern/mcp", "@lucern/contracts"];
199
- type McpGatewayClientOnlyPackage = (typeof MCP_GATEWAY_CLIENT_ONLY_PACKAGES)[number];
200
-
201
- export { MCP_GATEWAY_ALLOWED_CLIENT_ENV, MCP_GATEWAY_BEGIN_BUILD_SESSION_ENDPOINT, MCP_GATEWAY_BOOTSTRAP_ENDPOINT, MCP_GATEWAY_BOOTSTRAP_REQUIRED_FIELDS, MCP_GATEWAY_BOUNDARY_CONTRACT_VERSION, MCP_GATEWAY_CLIENT_ONLY_PACKAGES, MCP_GATEWAY_EVALUATE_ENGINEERING_CONTRACT_ENDPOINT, MCP_GATEWAY_EVALUATE_RESEARCH_CONTRACT_ENDPOINT, MCP_GATEWAY_FORBIDDEN_CLIENT_ENV, MCP_GATEWAY_OWNED_BOOTSTRAP_OPERATIONS, MCP_GATEWAY_WRITE_POLICY_CHECK_ENDPOINT, type McpGatewayAllowedClientEnv, type McpGatewayBeginBuildSessionRequest, type McpGatewayBeginBuildSessionResponse, type McpGatewayBootstrapRequest, type McpGatewayBootstrapRequiredField, type McpGatewayBootstrapResponse, type McpGatewayBuildSessionBelief, type McpGatewayBuildSessionDecision, type McpGatewayBuildSessionQuestion, type McpGatewayBuildSessionTask, type McpGatewayBuildSessionWorktreeSummary, type McpGatewayClientOnlyPackage, type McpGatewayContractEvaluationResponse, type McpGatewayEvaluateEngineeringContractRequest, type McpGatewayEvaluateResearchContractRequest, type McpGatewayForbiddenClientEnv, type McpGatewayJsonArray, type McpGatewayJsonObject, type McpGatewayJsonValue, type McpGatewayOwnedBootstrapOperation, type McpGatewayPermissionContext, type McpGatewaySessionContext, type McpGatewayTenantContext, type McpGatewayWritePolicyCheckRequest, type McpGatewayWritePolicyCheckResponse };
@@ -1,45 +0,0 @@
1
- // src/mcp-gateway-boundary.contract.ts
2
- var MCP_GATEWAY_BOUNDARY_CONTRACT_VERSION = "2026-04-27";
3
- var MCP_GATEWAY_BOOTSTRAP_ENDPOINT = "/api/platform/v1/mcp/session";
4
- var MCP_GATEWAY_WRITE_POLICY_CHECK_ENDPOINT = "/api/platform/v1/mcp/write-policy/check";
5
- var MCP_GATEWAY_BEGIN_BUILD_SESSION_ENDPOINT = "/api/platform/v1/mcp/build-session/begin";
6
- var MCP_GATEWAY_EVALUATE_ENGINEERING_CONTRACT_ENDPOINT = "/api/platform/v1/mcp/contracts/evaluate-engineering";
7
- var MCP_GATEWAY_EVALUATE_RESEARCH_CONTRACT_ENDPOINT = "/api/platform/v1/mcp/contracts/evaluate-research";
8
- var MCP_GATEWAY_ALLOWED_CLIENT_ENV = [
9
- "LUCERN_API_KEY",
10
- "LUCERN_API_BASE_URL",
11
- "LUCERN_ENVIRONMENT",
12
- "LUCERN_USER_TOKEN"
13
- ];
14
- var MCP_GATEWAY_FORBIDDEN_CLIENT_ENV = [
15
- "CONVEX_MC_URL",
16
- "CONVEX_MC_DEPLOY_KEY",
17
- "MC_CONVEX_URL",
18
- "MC_DEPLOY_KEY",
19
- "LUCERN_CONVEX_URL",
20
- "LUCERN_DEPLOY_KEY",
21
- "TENANT_CONVEX_URL",
22
- "TENANT_DEPLOY_KEY"
23
- ];
24
- var MCP_GATEWAY_BOOTSTRAP_REQUIRED_FIELDS = [
25
- "tenant",
26
- "session",
27
- "permissions"
28
- ];
29
- var MCP_GATEWAY_OWNED_BOOTSTRAP_OPERATIONS = [
30
- "validate_mcp_session",
31
- "record_key_usage",
32
- "resolve_default_workspace",
33
- "resolve_user_context",
34
- "create_user_session",
35
- "upsert_agent_principal"
36
- ];
37
- var MCP_GATEWAY_CLIENT_ONLY_PACKAGES = [
38
- "@lucern/sdk",
39
- "@lucern/mcp",
40
- "@lucern/contracts"
41
- ];
42
-
43
- export { MCP_GATEWAY_ALLOWED_CLIENT_ENV, MCP_GATEWAY_BEGIN_BUILD_SESSION_ENDPOINT, MCP_GATEWAY_BOOTSTRAP_ENDPOINT, MCP_GATEWAY_BOOTSTRAP_REQUIRED_FIELDS, MCP_GATEWAY_BOUNDARY_CONTRACT_VERSION, MCP_GATEWAY_CLIENT_ONLY_PACKAGES, MCP_GATEWAY_EVALUATE_ENGINEERING_CONTRACT_ENDPOINT, MCP_GATEWAY_EVALUATE_RESEARCH_CONTRACT_ENDPOINT, MCP_GATEWAY_FORBIDDEN_CLIENT_ENV, MCP_GATEWAY_OWNED_BOOTSTRAP_OPERATIONS, MCP_GATEWAY_WRITE_POLICY_CHECK_ENDPOINT };
44
- //# sourceMappingURL=mcp-gateway-boundary.contract.js.map
45
- //# sourceMappingURL=mcp-gateway-boundary.contract.js.map
@@ -1 +0,0 @@
1
- {"version":3,"sources":["../src/mcp-gateway-boundary.contract.ts"],"names":[],"mappings":";AAeO,IAAM,qCAAA,GAAwC;AAE9C,IAAM,8BAAA,GACX;AAEK,IAAM,uCAAA,GACX;AAEK,IAAM,wCAAA,GACX;AAEK,IAAM,kDAAA,GACX;AAEK,IAAM,+CAAA,GACX;AAEK,IAAM,8BAAA,GAAiC;AAAA,EAC5C,gBAAA;AAAA,EACA,qBAAA;AAAA,EACA,oBAAA;AAAA,EACA;AACF;AAIO,IAAM,gCAAA,GAAmC;AAAA,EAC9C,eAAA;AAAA,EACA,sBAAA;AAAA,EACA,eAAA;AAAA,EACA,eAAA;AAAA,EACA,mBAAA;AAAA,EACA,mBAAA;AAAA,EACA,mBAAA;AAAA,EACA;AACF;AAIO,IAAM,qCAAA,GAAwC;AAAA,EACnD,QAAA;AAAA,EACA,SAAA;AAAA,EACA;AACF;AAyMO,IAAM,sCAAA,GAAyC;AAAA,EACpD,sBAAA;AAAA,EACA,kBAAA;AAAA,EACA,2BAAA;AAAA,EACA,sBAAA;AAAA,EACA,qBAAA;AAAA,EACA;AACF;AAIO,IAAM,gCAAA,GAAmC;AAAA,EAC9C,aAAA;AAAA,EACA,aAAA;AAAA,EACA;AACF","file":"mcp-gateway-boundary.contract.js","sourcesContent":["/**\n * MCP gateway boundary contract\n *\n * Defines the target thin-client boundary for the Lucern MCP server. MCP is a\n * client of the Lucern gateway, not a privileged Convex or Master Control\n * process. The gateway owns tenant resolution, deploy-key access, policy, and\n * session persistence.\n */\n\nimport type {\n SessionAuthMode,\n SessionDelegationHop,\n SessionPrincipalType,\n} from \"./auth.contract\";\n\nexport const MCP_GATEWAY_BOUNDARY_CONTRACT_VERSION = \"2026-04-27\" as const;\n\nexport const MCP_GATEWAY_BOOTSTRAP_ENDPOINT =\n \"/api/platform/v1/mcp/session\" as const;\n\nexport const MCP_GATEWAY_WRITE_POLICY_CHECK_ENDPOINT =\n \"/api/platform/v1/mcp/write-policy/check\" as const;\n\nexport const MCP_GATEWAY_BEGIN_BUILD_SESSION_ENDPOINT =\n \"/api/platform/v1/mcp/build-session/begin\" as const;\n\nexport const MCP_GATEWAY_EVALUATE_ENGINEERING_CONTRACT_ENDPOINT =\n \"/api/platform/v1/mcp/contracts/evaluate-engineering\" as const;\n\nexport const MCP_GATEWAY_EVALUATE_RESEARCH_CONTRACT_ENDPOINT =\n \"/api/platform/v1/mcp/contracts/evaluate-research\" as const;\n\nexport const MCP_GATEWAY_ALLOWED_CLIENT_ENV = [\n \"LUCERN_API_KEY\",\n \"LUCERN_API_BASE_URL\",\n \"LUCERN_ENVIRONMENT\",\n \"LUCERN_USER_TOKEN\",\n] as const;\nexport type McpGatewayAllowedClientEnv =\n (typeof MCP_GATEWAY_ALLOWED_CLIENT_ENV)[number];\n\nexport const MCP_GATEWAY_FORBIDDEN_CLIENT_ENV = [\n \"CONVEX_MC_URL\",\n \"CONVEX_MC_DEPLOY_KEY\",\n \"MC_CONVEX_URL\",\n \"MC_DEPLOY_KEY\",\n \"LUCERN_CONVEX_URL\",\n \"LUCERN_DEPLOY_KEY\",\n \"TENANT_CONVEX_URL\",\n \"TENANT_DEPLOY_KEY\",\n] as const;\nexport type McpGatewayForbiddenClientEnv =\n (typeof MCP_GATEWAY_FORBIDDEN_CLIENT_ENV)[number];\n\nexport const MCP_GATEWAY_BOOTSTRAP_REQUIRED_FIELDS = [\n \"tenant\",\n \"session\",\n \"permissions\",\n] as const;\nexport type McpGatewayBootstrapRequiredField =\n (typeof MCP_GATEWAY_BOOTSTRAP_REQUIRED_FIELDS)[number];\n\nexport type McpGatewayTenantContext = {\n tenantId: string;\n slug: string;\n name: string;\n tier: string;\n methodologyPackIds: string[];\n apiKeyId?: string;\n};\n\nexport type McpGatewaySessionContext = {\n sessionType: \"agent\" | \"user\";\n userId: string;\n principalId: string;\n principalType: SessionPrincipalType;\n workspaceId?: string;\n authMode: SessionAuthMode;\n roles: string[];\n scopes: string[];\n sessionId?: string;\n userEmail?: string;\n expiresAt?: number;\n delegatedBy?: string;\n delegationChain?: SessionDelegationHop[];\n worktreeId?: string;\n};\n\nexport type McpGatewayPermissionContext = {\n allowedTools: string[] | null;\n allowedTopics: string[] | null;\n groupIds: string[];\n permittedPackKeys: string[];\n permittedToolNames: string[];\n permittedTools: Array<{\n toolName: string;\n requiredRole?: string;\n approvalGateId?: string;\n isCore?: boolean;\n category?: string;\n }>;\n};\n\nexport type McpGatewayBootstrapRequest = {\n transportKind?: \"stdio\" | \"hosted\";\n sessionId?: string;\n agentIdentity?: string;\n workspaceId?: string;\n worktreeId?: string;\n};\n\nexport type McpGatewayWritePolicyCheckRequest = {\n topicId?: string;\n role: string;\n toolName: string;\n};\n\nexport type McpGatewayBeginBuildSessionRequest = {\n worktreeId: string;\n branch?: string;\n branchBase?: string;\n prBase?: string;\n sessionMode?: string;\n activateIfPlanning?: boolean;\n};\n\nexport type McpGatewayJsonObject = {\n [key: string]: McpGatewayJsonValue | undefined;\n};\n\nexport type McpGatewayJsonArray = McpGatewayJsonValue[];\n\nexport type McpGatewayJsonValue =\n | null\n | boolean\n | number\n | string\n | McpGatewayJsonArray\n | McpGatewayJsonObject;\n\nexport type McpGatewayEvaluateEngineeringContractRequest = {\n beliefNodeId?: McpGatewayJsonValue;\n trigger?: McpGatewayJsonValue;\n testOutput?: McpGatewayJsonValue;\n tscOutput?: McpGatewayJsonValue;\n lintOutput?: McpGatewayJsonValue;\n sentryData?: McpGatewayJsonValue;\n};\n\nexport type McpGatewayEvaluateResearchContractRequest = {\n beliefNodeId?: McpGatewayJsonValue;\n trigger?: McpGatewayJsonValue;\n metricData?: McpGatewayJsonValue;\n referenceCheckData?: McpGatewayJsonValue;\n marketIndexData?: McpGatewayJsonValue;\n temporalData?: McpGatewayJsonValue;\n};\n\nexport type McpGatewayContractEvaluationResponse = McpGatewayJsonObject;\n\nexport type McpGatewayWritePolicyCheckResponse = {\n allowed: boolean;\n permission: string;\n rationale?: string;\n maxWritesPerSession?: number;\n toolCategory?: string | null;\n policy?: McpGatewayJsonObject | null;\n explanation?: McpGatewayJsonObject;\n reason: string;\n};\n\nexport type McpGatewayBootstrapResponse = {\n tenant: McpGatewayTenantContext;\n session: McpGatewaySessionContext;\n permissions: McpGatewayPermissionContext;\n};\n\nexport type McpGatewayBuildSessionBelief = {\n nodeId: string;\n text: string;\n confidence: number | null;\n};\n\nexport type McpGatewayBuildSessionQuestion = {\n nodeId: string;\n text: string;\n priority: string;\n};\n\nexport type McpGatewayBuildSessionDecision = {\n question: string;\n decision: string;\n};\n\nexport type McpGatewayBuildSessionTask = {\n taskId: string;\n title: string;\n status: \"todo\" | \"in_progress\" | \"blocked\" | \"done\";\n priority: \"low\" | \"medium\" | \"high\" | \"urgent\";\n description?: string;\n taskType?: string;\n linkedBeliefId?: string;\n linkedQuestionId?: string;\n linkedWorktreeId?: string;\n outputSummary?: string;\n tags?: string[];\n};\n\nexport type McpGatewayBuildSessionWorktreeSummary = {\n worktreeId: string;\n title: string;\n status?: string;\n};\n\nexport type McpGatewayBeginBuildSessionResponse = {\n topicId: string;\n topicName: string;\n worktreeId: string;\n worktreeName: string;\n branch: string;\n branchBase: string;\n prBase: string;\n campaign: number | null;\n lane: string;\n laneOrderInCampaign: number | null;\n orderInLane: number | null;\n gate: string;\n hypothesis: string;\n focus: string;\n status: string;\n sessionMode: string;\n targetBeliefIds: string[];\n targetQuestionIds: string[];\n taskIds: string[];\n incompleteTaskIds: string[];\n tasks: McpGatewayBuildSessionTask[];\n topBeliefs: McpGatewayBuildSessionBelief[];\n openQuestions: McpGatewayBuildSessionQuestion[];\n resolvedDecisions: McpGatewayBuildSessionDecision[];\n exitCriteria: string[];\n requiredDocs: string[];\n keyFiles: string[];\n pillarBeliefs: Array<{\n pillar: string;\n text: string;\n nodeId: string;\n }>;\n visionDocs: Array<{\n path: string;\n description: string;\n }>;\n dependencies: McpGatewayBuildSessionWorktreeSummary[];\n unblocks: Array<{\n worktreeId: string;\n title: string;\n }>;\n mergeOrderNotes: string;\n};\n\nexport const MCP_GATEWAY_OWNED_BOOTSTRAP_OPERATIONS = [\n \"validate_mcp_session\",\n \"record_key_usage\",\n \"resolve_default_workspace\",\n \"resolve_user_context\",\n \"create_user_session\",\n \"upsert_agent_principal\",\n] as const;\nexport type McpGatewayOwnedBootstrapOperation =\n (typeof MCP_GATEWAY_OWNED_BOOTSTRAP_OPERATIONS)[number];\n\nexport const MCP_GATEWAY_CLIENT_ONLY_PACKAGES = [\n \"@lucern/sdk\",\n \"@lucern/mcp\",\n \"@lucern/contracts\",\n] as const;\nexport type McpGatewayClientOnlyPackage =\n (typeof MCP_GATEWAY_CLIENT_ONLY_PACKAGES)[number];\n"]}
@@ -1,74 +0,0 @@
1
- type PermitProjectionPlatformRole = "platform_admin" | "tenant_admin" | "workspace_admin" | "editor" | "viewer" | "auditor" | "service_agent";
2
- type PermitPrincipalProjection = Record<string, unknown> & {
3
- principalId?: string;
4
- tenantId?: string;
5
- workspaceId?: string;
6
- principalType?: string;
7
- status?: string;
8
- displayName?: string;
9
- metadata?: Record<string, unknown>;
10
- createdAt?: number;
11
- updatedAt?: number;
12
- lastSeenAt?: number;
13
- };
14
- type PermitAliasProjection = Record<string, unknown> & {
15
- principalId?: string;
16
- tenantId?: string;
17
- workspaceId?: string;
18
- provider?: string;
19
- providerSubjectId?: string;
20
- alias?: string;
21
- aliasKind?: string;
22
- status?: string;
23
- metadata?: Record<string, unknown>;
24
- };
25
- type PermitRoleAssignmentProjection = Record<string, unknown> & {
26
- tenantId?: string;
27
- workspaceId?: string;
28
- role?: string;
29
- targetType?: string;
30
- targetId?: string;
31
- resourceType?: string;
32
- resourceKey?: string;
33
- status?: string;
34
- };
35
- type PermitGroupMembershipProjection = Record<string, unknown> & {
36
- tenantId?: string;
37
- workspaceId?: string;
38
- groupId?: string;
39
- memberType?: string;
40
- memberId?: string;
41
- principalId?: string;
42
- status?: string;
43
- };
44
- type PermitProjectedUserRecord = {
45
- clerkId: string;
46
- email: string;
47
- name?: string;
48
- lastSeenAt: number;
49
- chatCount: number;
50
- messageCount: number;
51
- mcRole: PermitProjectionPlatformRole;
52
- mcRoleSyncedAt: number;
53
- defaultTenantId: string;
54
- defaultWorkspaceId: string;
55
- defaultPrincipalId: string;
56
- principalGroupIds: string[];
57
- governanceGrantsSyncedAt: number;
58
- createdAt: number;
59
- updatedAt: number;
60
- };
61
- type PermitProjectionRows = {
62
- principals: PermitPrincipalProjection[];
63
- aliases: PermitAliasProjection[];
64
- roleAssignments: PermitRoleAssignmentProjection[];
65
- groupMemberships: PermitGroupMembershipProjection[];
66
- };
67
- declare function readPermitProjectionString(value: unknown): string | undefined;
68
- declare function isActivePermitProjectionStatus(value: unknown): boolean;
69
- declare function mapPermitRoleToPlatformRole(role: unknown): PermitProjectionPlatformRole | undefined;
70
- declare function buildProjectedUserFromPermitPrincipal(rows: PermitProjectionRows, principal: PermitPrincipalProjection, matchingAlias?: PermitAliasProjection, now?: number): PermitProjectedUserRecord | null;
71
- declare function findProjectedUserByPermitPrincipalId(rows: PermitProjectionRows, principalId: string, now?: number): PermitProjectedUserRecord | null;
72
- declare function findProjectedUserByPermitClerkId(rows: PermitProjectionRows, clerkId: string, now?: number): PermitProjectedUserRecord | null;
73
-
74
- export { type PermitAliasProjection, type PermitGroupMembershipProjection, type PermitPrincipalProjection, type PermitProjectedUserRecord, type PermitProjectionPlatformRole, type PermitProjectionRows, type PermitRoleAssignmentProjection, buildProjectedUserFromPermitPrincipal, findProjectedUserByPermitClerkId, findProjectedUserByPermitPrincipalId, isActivePermitProjectionStatus, mapPermitRoleToPlatformRole, readPermitProjectionString };
@@ -1,167 +0,0 @@
1
- // src/permit-principal-projection.contract.ts
2
- var PLATFORM_ROLE_PRIORITY = {
3
- platform_admin: 70,
4
- tenant_admin: 60,
5
- workspace_admin: 50,
6
- editor: 40,
7
- auditor: 30,
8
- viewer: 20,
9
- service_agent: 10
10
- };
11
- function readPermitProjectionString(value) {
12
- return typeof value === "string" && value.trim() ? value.trim() : void 0;
13
- }
14
- function isActivePermitProjectionStatus(value) {
15
- const status = readPermitProjectionString(value)?.toLowerCase();
16
- return !status || status === "active" || status === "synced";
17
- }
18
- function mapPermitRoleToPlatformRole(role) {
19
- switch (readPermitProjectionString(role)?.toLowerCase()) {
20
- case "platform_admin":
21
- return "platform_admin";
22
- case "tenant_admin":
23
- return "tenant_admin";
24
- case "workspace_admin":
25
- case "deployment_admin":
26
- case "graph_admin":
27
- return "workspace_admin";
28
- case "editor":
29
- case "workspace_member":
30
- case "graph_editor":
31
- case "evidence_contributor":
32
- case "question_resolver":
33
- case "theme_promoter":
34
- case "topic_promoter":
35
- return "editor";
36
- case "auditor":
37
- return "auditor";
38
- case "viewer":
39
- case "graph_viewer":
40
- case "stakeholder_viewer":
41
- case "stakeholder_summarizer":
42
- case "source_drilldown_viewer":
43
- case "restricted_data_viewer":
44
- case "proprietary_data_viewer":
45
- return "viewer";
46
- case "service_agent":
47
- case "agent_runner":
48
- return "service_agent";
49
- default:
50
- return void 0;
51
- }
52
- }
53
- function highestPlatformRole(roles) {
54
- return roles.reduce(
55
- (best, role) => PLATFORM_ROLE_PRIORITY[role] > PLATFORM_ROLE_PRIORITY[best] ? role : best,
56
- "viewer"
57
- );
58
- }
59
- function isClerkAliasFor(alias, clerkId) {
60
- return isActivePermitProjectionStatus(alias.status) && readPermitProjectionString(alias.provider)?.toLowerCase() === "clerk" && (readPermitProjectionString(alias.providerSubjectId) === clerkId || readPermitProjectionString(alias.alias) === clerkId);
61
- }
62
- function isHumanPermitPrincipal(principal) {
63
- const principalType = readPermitProjectionString(principal.principalType)?.toLowerCase();
64
- return !principalType || principalType === "human" || principalType === "user";
65
- }
66
- function emailFromAlias(aliases, principal) {
67
- return aliases.find(
68
- (alias) => readPermitProjectionString(alias.aliasKind)?.toLowerCase() === "email"
69
- )?.alias ?? readPermitProjectionString(principal.metadata?.email);
70
- }
71
- function groupIdsForPrincipal(memberships, principal) {
72
- const principalId = readPermitProjectionString(principal.principalId);
73
- if (!principalId) return [];
74
- return [
75
- ...new Set(
76
- memberships.filter(
77
- (membership) => isActivePermitProjectionStatus(membership.status) && readPermitProjectionString(membership.tenantId) === readPermitProjectionString(principal.tenantId) && readPermitProjectionString(membership.memberType) === "principal" && (readPermitProjectionString(membership.memberId) === principalId || readPermitProjectionString(membership.principalId) === principalId)
78
- ).map((membership) => readPermitProjectionString(membership.groupId)).filter((groupId) => Boolean(groupId))
79
- )
80
- ];
81
- }
82
- function rolesForPrincipal(assignments, principal, groupIds) {
83
- const principalId = readPermitProjectionString(principal.principalId);
84
- const tenantId = readPermitProjectionString(principal.tenantId);
85
- const roles = assignments.filter(
86
- (assignment) => isActivePermitProjectionStatus(assignment.status) && readPermitProjectionString(assignment.tenantId) === tenantId && (readPermitProjectionString(assignment.targetType) === "principal" && readPermitProjectionString(assignment.targetId) === principalId || readPermitProjectionString(assignment.targetType) === "group" && groupIds.includes(
87
- readPermitProjectionString(assignment.targetId) ?? ""
88
- ))
89
- ).map((assignment) => mapPermitRoleToPlatformRole(assignment.role)).filter((role) => Boolean(role));
90
- if (readPermitProjectionString(principal.principalType) === "agent" || readPermitProjectionString(principal.principalType) === "service_principal") {
91
- roles.push("service_agent");
92
- }
93
- return [...new Set(roles)];
94
- }
95
- function workspaceFromPermitProjection(principal, alias, assignments) {
96
- return readPermitProjectionString(principal.workspaceId) ?? readPermitProjectionString(alias?.workspaceId) ?? readPermitProjectionString(
97
- assignments.find(
98
- (assignment) => readPermitProjectionString(assignment.targetId) === readPermitProjectionString(principal.principalId) && readPermitProjectionString(assignment.resourceType) === "workspace"
99
- )?.resourceKey
100
- ) ?? readPermitProjectionString(
101
- assignments.find((assignment) => assignment.workspaceId)?.workspaceId
102
- );
103
- }
104
- function buildProjectedUserFromPermitPrincipal(rows, principal, matchingAlias, now = Date.now()) {
105
- const principalId = readPermitProjectionString(principal.principalId);
106
- const tenantId = readPermitProjectionString(principal.tenantId);
107
- if (!principalId || !tenantId || !isActivePermitProjectionStatus(principal.status)) {
108
- return null;
109
- }
110
- const aliases = rows.aliases.filter(
111
- (alias2) => readPermitProjectionString(alias2.tenantId) === tenantId && readPermitProjectionString(alias2.principalId) === principalId && isActivePermitProjectionStatus(alias2.status)
112
- );
113
- const groupIds = groupIdsForPrincipal(rows.groupMemberships, principal);
114
- const roles = rolesForPrincipal(rows.roleAssignments, principal, groupIds);
115
- if (roles.length === 0) {
116
- return null;
117
- }
118
- const alias = matchingAlias ?? aliases[0];
119
- const clerkId = readPermitProjectionString(
120
- aliases.find(
121
- (entry) => readPermitProjectionString(entry.provider)?.toLowerCase() === "clerk"
122
- )?.providerSubjectId
123
- ) ?? principalId;
124
- if (isHumanPermitPrincipal(principal) && principalId !== clerkId) {
125
- return null;
126
- }
127
- return {
128
- clerkId,
129
- email: emailFromAlias(aliases, principal) ?? `${principalId}@permit.local`,
130
- name: readPermitProjectionString(principal.displayName),
131
- lastSeenAt: principal.lastSeenAt ?? principal.updatedAt ?? now,
132
- chatCount: 0,
133
- messageCount: 0,
134
- mcRole: highestPlatformRole(roles),
135
- mcRoleSyncedAt: principal.updatedAt ?? now,
136
- defaultTenantId: tenantId,
137
- defaultWorkspaceId: workspaceFromPermitProjection(principal, alias, rows.roleAssignments) ?? tenantId,
138
- defaultPrincipalId: principalId,
139
- principalGroupIds: groupIds,
140
- governanceGrantsSyncedAt: principal.updatedAt ?? now,
141
- createdAt: principal.createdAt ?? now,
142
- updatedAt: principal.updatedAt ?? now
143
- };
144
- }
145
- function findProjectedUserByPermitPrincipalId(rows, principalId, now = Date.now()) {
146
- const normalizedPrincipalId = principalId.trim();
147
- const principal = rows.principals.find(
148
- (row) => isActivePermitProjectionStatus(row.status) && readPermitProjectionString(row.principalId) === normalizedPrincipalId
149
- );
150
- return principal ? buildProjectedUserFromPermitPrincipal(rows, principal, void 0, now) : null;
151
- }
152
- function findProjectedUserByPermitClerkId(rows, clerkId, now = Date.now()) {
153
- const normalizedClerkId = clerkId.trim();
154
- const matchingAlias = rows.aliases.find(
155
- (alias) => isClerkAliasFor(alias, normalizedClerkId)
156
- );
157
- const principal = matchingAlias ? rows.principals.find(
158
- (row) => readPermitProjectionString(row.tenantId) === readPermitProjectionString(matchingAlias.tenantId) && readPermitProjectionString(row.principalId) === readPermitProjectionString(matchingAlias.principalId)
159
- ) : rows.principals.find(
160
- (row) => readPermitProjectionString(row.principalId) === normalizedClerkId
161
- );
162
- return principal ? buildProjectedUserFromPermitPrincipal(rows, principal, matchingAlias, now) : null;
163
- }
164
-
165
- export { buildProjectedUserFromPermitPrincipal, findProjectedUserByPermitClerkId, findProjectedUserByPermitPrincipalId, isActivePermitProjectionStatus, mapPermitRoleToPlatformRole, readPermitProjectionString };
166
- //# sourceMappingURL=permit-principal-projection.contract.js.map
167
- //# sourceMappingURL=permit-principal-projection.contract.js.map
@@ -1 +0,0 @@
1
- {"version":3,"sources":["../src/permit-principal-projection.contract.ts"],"names":["alias"],"mappings":";AAgFA,IAAM,sBAAA,GAAuE;AAAA,EAC3E,cAAA,EAAgB,EAAA;AAAA,EAChB,YAAA,EAAc,EAAA;AAAA,EACd,eAAA,EAAiB,EAAA;AAAA,EACjB,MAAA,EAAQ,EAAA;AAAA,EACR,OAAA,EAAS,EAAA;AAAA,EACT,MAAA,EAAQ,EAAA;AAAA,EACR,aAAA,EAAe;AACjB,CAAA;AAEO,SAAS,2BAA2B,KAAA,EAAoC;AAC7E,EAAA,OAAO,OAAO,UAAU,QAAA,IAAY,KAAA,CAAM,MAAK,GAAI,KAAA,CAAM,MAAK,GAAI,MAAA;AACpE;AAEO,SAAS,+BAA+B,KAAA,EAAyB;AACtE,EAAA,MAAM,MAAA,GAAS,0BAAA,CAA2B,KAAK,CAAA,EAAG,WAAA,EAAY;AAC9D,EAAA,OAAO,CAAC,MAAA,IAAU,MAAA,KAAW,QAAA,IAAY,MAAA,KAAW,QAAA;AACtD;AAEO,SAAS,4BACd,IAAA,EAC0C;AAC1C,EAAA,QAAQ,0BAAA,CAA2B,IAAI,CAAA,EAAG,WAAA,EAAY;AAAG,IACvD,KAAK,gBAAA;AACH,MAAA,OAAO,gBAAA;AAAA,IACT,KAAK,cAAA;AACH,MAAA,OAAO,cAAA;AAAA,IACT,KAAK,iBAAA;AAAA,IACL,KAAK,kBAAA;AAAA,IACL,KAAK,aAAA;AACH,MAAA,OAAO,iBAAA;AAAA,IACT,KAAK,QAAA;AAAA,IACL,KAAK,kBAAA;AAAA,IACL,KAAK,cAAA;AAAA,IACL,KAAK,sBAAA;AAAA,IACL,KAAK,mBAAA;AAAA,IACL,KAAK,gBAAA;AAAA,IACL,KAAK,gBAAA;AACH,MAAA,OAAO,QAAA;AAAA,IACT,KAAK,SAAA;AACH,MAAA,OAAO,SAAA;AAAA,IACT,KAAK,QAAA;AAAA,IACL,KAAK,cAAA;AAAA,IACL,KAAK,oBAAA;AAAA,IACL,KAAK,wBAAA;AAAA,IACL,KAAK,yBAAA;AAAA,IACL,KAAK,wBAAA;AAAA,IACL,KAAK,yBAAA;AACH,MAAA,OAAO,QAAA;AAAA,IACT,KAAK,eAAA;AAAA,IACL,KAAK,cAAA;AACH,MAAA,OAAO,eAAA;AAAA,IACT;AACE,MAAA,OAAO,MAAA;AAAA;AAEb;AAEA,SAAS,oBACP,KAAA,EAC8B;AAC9B,EAAA,OAAO,KAAA,CAAM,MAAA;AAAA,IACX,CAAC,MAAM,IAAA,KACL,sBAAA,CAAuB,IAAI,CAAA,GAAI,sBAAA,CAAuB,IAAI,CAAA,GAAI,IAAA,GAAO,IAAA;AAAA,IACvE;AAAA,GACF;AACF;AAEA,SAAS,eAAA,CACP,OACA,OAAA,EACS;AACT,EAAA,OACE,+BAA+B,KAAA,CAAM,MAAM,KAC3C,0BAAA,CAA2B,KAAA,CAAM,QAAQ,CAAA,EAAG,WAAA,OAAkB,OAAA,KAC7D,0BAAA,CAA2B,MAAM,iBAAiB,CAAA,KAAM,WACvD,0BAAA,CAA2B,KAAA,CAAM,KAAK,CAAA,KAAM,OAAA,CAAA;AAElD;AAEA,SAAS,uBAAuB,SAAA,EAA+C;AAC7E,EAAA,MAAM,aAAA,GACJ,0BAAA,CAA2B,SAAA,CAAU,aAAa,GAAG,WAAA,EAAY;AACnE,EAAA,OAAO,CAAC,aAAA,IAAiB,aAAA,KAAkB,OAAA,IAAW,aAAA,KAAkB,MAAA;AAC1E;AAEA,SAAS,cAAA,CACP,SACA,SAAA,EACoB;AACpB,EAAA,OACE,OAAA,CAAQ,IAAA;AAAA,IACN,CAAC,KAAA,KACC,0BAAA,CAA2B,MAAM,SAAS,CAAA,EAAG,aAAY,KAAM;AAAA,GACnE,EAAG,KAAA,IAAS,0BAAA,CAA2B,SAAA,CAAU,UAAU,KAAK,CAAA;AAEpE;AAEA,SAAS,oBAAA,CACP,aACA,SAAA,EACU;AACV,EAAA,MAAM,WAAA,GAAc,0BAAA,CAA2B,SAAA,CAAU,WAAW,CAAA;AACpE,EAAA,IAAI,CAAC,WAAA,EAAa,OAAO,EAAC;AAC1B,EAAA,OAAO;AAAA,IACL,GAAG,IAAI,GAAA;AAAA,MACL,WAAA,CACG,MAAA;AAAA,QACC,CAAC,UAAA,KACC,8BAAA,CAA+B,UAAA,CAAW,MAAM,CAAA,IAChD,0BAAA,CAA2B,UAAA,CAAW,QAAQ,CAAA,KAC5C,0BAAA,CAA2B,SAAA,CAAU,QAAQ,CAAA,IAC/C,0BAAA,CAA2B,UAAA,CAAW,UAAU,CAAA,KAAM,WAAA,KACrD,0BAAA,CAA2B,UAAA,CAAW,QAAQ,CAAA,KAAM,WAAA,IACnD,0BAAA,CAA2B,UAAA,CAAW,WAAW,CAAA,KAC/C,WAAA;AAAA,OACR,CACC,GAAA,CAAI,CAAC,UAAA,KAAe,2BAA2B,UAAA,CAAW,OAAO,CAAC,CAAA,CAClE,MAAA,CAAO,CAAC,OAAA,KAA+B,OAAA,CAAQ,OAAO,CAAC;AAAA;AAC5D,GACF;AACF;AAEA,SAAS,iBAAA,CACP,WAAA,EACA,SAAA,EACA,QAAA,EACgC;AAChC,EAAA,MAAM,WAAA,GAAc,0BAAA,CAA2B,SAAA,CAAU,WAAW,CAAA;AACpE,EAAA,MAAM,QAAA,GAAW,0BAAA,CAA2B,SAAA,CAAU,QAAQ,CAAA;AAC9D,EAAA,MAAM,QAAQ,WAAA,CACX,MAAA;AAAA,IACC,CAAC,UAAA,KACC,8BAAA,CAA+B,UAAA,CAAW,MAAM,CAAA,IAChD,0BAAA,CAA2B,UAAA,CAAW,QAAQ,CAAA,KAAM,QAAA,KAClD,0BAAA,CAA2B,UAAA,CAAW,UAAU,CAAA,KAAM,WAAA,IACtD,0BAAA,CAA2B,UAAA,CAAW,QAAQ,CAAA,KAAM,WAAA,IACnD,0BAAA,CAA2B,UAAA,CAAW,UAAU,CAAA,KAAM,OAAA,IACrD,QAAA,CAAS,QAAA;AAAA,MACP,0BAAA,CAA2B,UAAA,CAAW,QAAQ,CAAA,IAAK;AAAA,KACrD;AAAA,GACR,CACC,GAAA,CAAI,CAAC,UAAA,KAAe,4BAA4B,UAAA,CAAW,IAAI,CAAC,CAAA,CAChE,MAAA,CAAO,CAAC,IAAA,KAA+C,OAAA,CAAQ,IAAI,CAAC,CAAA;AAEvE,EAAA,IACE,0BAAA,CAA2B,UAAU,aAAa,CAAA,KAAM,WACxD,0BAAA,CAA2B,SAAA,CAAU,aAAa,CAAA,KAAM,mBAAA,EACxD;AACA,IAAA,KAAA,CAAM,KAAK,eAAe,CAAA;AAAA,EAC5B;AAEA,EAAA,OAAO,CAAC,GAAG,IAAI,GAAA,CAAI,KAAK,CAAC,CAAA;AAC3B;AAEA,SAAS,6BAAA,CACP,SAAA,EACA,KAAA,EACA,WAAA,EACoB;AACpB,EAAA,OACE,2BAA2B,SAAA,CAAU,WAAW,KAChD,0BAAA,CAA2B,KAAA,EAAO,WAAW,CAAA,IAC7C,0BAAA;AAAA,IACE,WAAA,CAAY,IAAA;AAAA,MACV,CAAC,UAAA,KACC,0BAAA,CAA2B,UAAA,CAAW,QAAQ,CAAA,KAC5C,0BAAA,CAA2B,SAAA,CAAU,WAAW,CAAA,IAClD,0BAAA,CAA2B,UAAA,CAAW,YAAY,CAAA,KAAM;AAAA,KAC5D,EAAG;AAAA,GACL,IACA,0BAAA;AAAA,IACE,YAAY,IAAA,CAAK,CAAC,UAAA,KAAe,UAAA,CAAW,WAAW,CAAA,EAAG;AAAA,GAC5D;AAEJ;AAEO,SAAS,sCACd,IAAA,EACA,SAAA,EACA,eACA,GAAA,GAAM,IAAA,CAAK,KAAI,EACmB;AAClC,EAAA,MAAM,WAAA,GAAc,0BAAA,CAA2B,SAAA,CAAU,WAAW,CAAA;AACpE,EAAA,MAAM,QAAA,GAAW,0BAAA,CAA2B,SAAA,CAAU,QAAQ,CAAA;AAC9D,EAAA,IACE,CAAC,eACD,CAAC,QAAA,IACD,CAAC,8BAAA,CAA+B,SAAA,CAAU,MAAM,CAAA,EAChD;AACA,IAAA,OAAO,IAAA;AAAA,EACT;AAEA,EAAA,MAAM,OAAA,GAAU,KAAK,OAAA,CAAQ,MAAA;AAAA,IAC3B,CAACA,MAAAA,KACC,0BAAA,CAA2BA,MAAAA,CAAM,QAAQ,CAAA,KAAM,QAAA,IAC/C,0BAAA,CAA2BA,MAAAA,CAAM,WAAW,CAAA,KAAM,WAAA,IAClD,8BAAA,CAA+BA,OAAM,MAAM;AAAA,GAC/C;AACA,EAAA,MAAM,QAAA,GAAW,oBAAA,CAAqB,IAAA,CAAK,gBAAA,EAAkB,SAAS,CAAA;AACtE,EAAA,MAAM,KAAA,GAAQ,iBAAA,CAAkB,IAAA,CAAK,eAAA,EAAiB,WAAW,QAAQ,CAAA;AACzE,EAAA,IAAI,KAAA,CAAM,WAAW,CAAA,EAAG;AACtB,IAAA,OAAO,IAAA;AAAA,EACT;AAEA,EAAA,MAAM,KAAA,GAAQ,aAAA,IAAiB,OAAA,CAAQ,CAAC,CAAA;AACxC,EAAA,MAAM,OAAA,GACJ,0BAAA;AAAA,IACE,OAAA,CAAQ,IAAA;AAAA,MACN,CAAC,KAAA,KACC,0BAAA,CAA2B,MAAM,QAAQ,CAAA,EAAG,aAAY,KAAM;AAAA,KAClE,EAAG;AAAA,GACL,IAAK,WAAA;AACP,EAAA,IAAI,sBAAA,CAAuB,SAAS,CAAA,IAAK,WAAA,KAAgB,OAAA,EAAS;AAChE,IAAA,OAAO,IAAA;AAAA,EACT;AAEA,EAAA,OAAO;AAAA,IACL,OAAA;AAAA,IACA,OAAO,cAAA,CAAe,OAAA,EAAS,SAAS,CAAA,IAAK,GAAG,WAAW,CAAA,aAAA,CAAA;AAAA,IAC3D,IAAA,EAAM,0BAAA,CAA2B,SAAA,CAAU,WAAW,CAAA;AAAA,IACtD,UAAA,EAAY,SAAA,CAAU,UAAA,IAAc,SAAA,CAAU,SAAA,IAAa,GAAA;AAAA,IAC3D,SAAA,EAAW,CAAA;AAAA,IACX,YAAA,EAAc,CAAA;AAAA,IACd,MAAA,EAAQ,oBAAoB,KAAK,CAAA;AAAA,IACjC,cAAA,EAAgB,UAAU,SAAA,IAAa,GAAA;AAAA,IACvC,eAAA,EAAiB,QAAA;AAAA,IACjB,oBACE,6BAAA,CAA8B,SAAA,EAAW,KAAA,EAAO,IAAA,CAAK,eAAe,CAAA,IACpE,QAAA;AAAA,IACF,kBAAA,EAAoB,WAAA;AAAA,IACpB,iBAAA,EAAmB,QAAA;AAAA,IACnB,wBAAA,EAA0B,UAAU,SAAA,IAAa,GAAA;AAAA,IACjD,SAAA,EAAW,UAAU,SAAA,IAAa,GAAA;AAAA,IAClC,SAAA,EAAW,UAAU,SAAA,IAAa;AAAA,GACpC;AACF;AAEO,SAAS,qCACd,IAAA,EACA,WAAA,EACA,GAAA,GAAM,IAAA,CAAK,KAAI,EACmB;AAClC,EAAA,MAAM,qBAAA,GAAwB,YAAY,IAAA,EAAK;AAC/C,EAAA,MAAM,SAAA,GAAY,KAAK,UAAA,CAAW,IAAA;AAAA,IAChC,CAAC,QACC,8BAAA,CAA+B,GAAA,CAAI,MAAM,CAAA,IACzC,0BAAA,CAA2B,GAAA,CAAI,WAAW,CAAA,KAAM;AAAA,GACpD;AACA,EAAA,OAAO,YACH,qCAAA,CAAsC,IAAA,EAAM,SAAA,EAAW,MAAA,EAAW,GAAG,CAAA,GACrE,IAAA;AACN;AAEO,SAAS,iCACd,IAAA,EACA,OAAA,EACA,GAAA,GAAM,IAAA,CAAK,KAAI,EACmB;AAClC,EAAA,MAAM,iBAAA,GAAoB,QAAQ,IAAA,EAAK;AACvC,EAAA,MAAM,aAAA,GAAgB,KAAK,OAAA,CAAQ,IAAA;AAAA,IAAK,CAAC,KAAA,KACvC,eAAA,CAAgB,KAAA,EAAO,iBAAiB;AAAA,GAC1C;AACA,EAAA,MAAM,SAAA,GAAY,aAAA,GACd,IAAA,CAAK,UAAA,CAAW,IAAA;AAAA,IACd,CAAC,GAAA,KACC,0BAAA,CAA2B,GAAA,CAAI,QAAQ,MACrC,0BAAA,CAA2B,aAAA,CAAc,QAAQ,CAAA,IACnD,2BAA2B,GAAA,CAAI,WAAW,CAAA,KACxC,0BAAA,CAA2B,cAAc,WAAW;AAAA,GAC1D,GACA,KAAK,UAAA,CAAW,IAAA;AAAA,IACd,CAAC,GAAA,KACC,0BAAA,CAA2B,GAAA,CAAI,WAAW,CAAA,KAAM;AAAA,GACpD;AACJ,EAAA,OAAO,YACH,qCAAA,CAAsC,IAAA,EAAM,SAAA,EAAW,aAAA,EAAe,GAAG,CAAA,GACzE,IAAA;AACN","file":"permit-principal-projection.contract.js","sourcesContent":["export type PermitProjectionPlatformRole =\n | \"platform_admin\"\n | \"tenant_admin\"\n | \"workspace_admin\"\n | \"editor\"\n | \"viewer\"\n | \"auditor\"\n | \"service_agent\";\n\nexport type PermitPrincipalProjection = Record<string, unknown> & {\n principalId?: string;\n tenantId?: string;\n workspaceId?: string;\n principalType?: string;\n status?: string;\n displayName?: string;\n metadata?: Record<string, unknown>;\n createdAt?: number;\n updatedAt?: number;\n lastSeenAt?: number;\n};\n\nexport type PermitAliasProjection = Record<string, unknown> & {\n principalId?: string;\n tenantId?: string;\n workspaceId?: string;\n provider?: string;\n providerSubjectId?: string;\n alias?: string;\n aliasKind?: string;\n status?: string;\n metadata?: Record<string, unknown>;\n};\n\nexport type PermitRoleAssignmentProjection = Record<string, unknown> & {\n tenantId?: string;\n workspaceId?: string;\n role?: string;\n targetType?: string;\n targetId?: string;\n resourceType?: string;\n resourceKey?: string;\n status?: string;\n};\n\nexport type PermitGroupMembershipProjection = Record<string, unknown> & {\n tenantId?: string;\n workspaceId?: string;\n groupId?: string;\n memberType?: string;\n memberId?: string;\n principalId?: string;\n status?: string;\n};\n\nexport type PermitProjectedUserRecord = {\n clerkId: string;\n email: string;\n name?: string;\n lastSeenAt: number;\n chatCount: number;\n messageCount: number;\n mcRole: PermitProjectionPlatformRole;\n mcRoleSyncedAt: number;\n defaultTenantId: string;\n defaultWorkspaceId: string;\n defaultPrincipalId: string;\n principalGroupIds: string[];\n governanceGrantsSyncedAt: number;\n createdAt: number;\n updatedAt: number;\n};\n\nexport type PermitProjectionRows = {\n principals: PermitPrincipalProjection[];\n aliases: PermitAliasProjection[];\n roleAssignments: PermitRoleAssignmentProjection[];\n groupMemberships: PermitGroupMembershipProjection[];\n};\n\nconst PLATFORM_ROLE_PRIORITY: Record<PermitProjectionPlatformRole, number> = {\n platform_admin: 70,\n tenant_admin: 60,\n workspace_admin: 50,\n editor: 40,\n auditor: 30,\n viewer: 20,\n service_agent: 10,\n};\n\nexport function readPermitProjectionString(value: unknown): string | undefined {\n return typeof value === \"string\" && value.trim() ? value.trim() : undefined;\n}\n\nexport function isActivePermitProjectionStatus(value: unknown): boolean {\n const status = readPermitProjectionString(value)?.toLowerCase();\n return !status || status === \"active\" || status === \"synced\";\n}\n\nexport function mapPermitRoleToPlatformRole(\n role: unknown,\n): PermitProjectionPlatformRole | undefined {\n switch (readPermitProjectionString(role)?.toLowerCase()) {\n case \"platform_admin\":\n return \"platform_admin\";\n case \"tenant_admin\":\n return \"tenant_admin\";\n case \"workspace_admin\":\n case \"deployment_admin\":\n case \"graph_admin\":\n return \"workspace_admin\";\n case \"editor\":\n case \"workspace_member\":\n case \"graph_editor\":\n case \"evidence_contributor\":\n case \"question_resolver\":\n case \"theme_promoter\":\n case \"topic_promoter\":\n return \"editor\";\n case \"auditor\":\n return \"auditor\";\n case \"viewer\":\n case \"graph_viewer\":\n case \"stakeholder_viewer\":\n case \"stakeholder_summarizer\":\n case \"source_drilldown_viewer\":\n case \"restricted_data_viewer\":\n case \"proprietary_data_viewer\":\n return \"viewer\";\n case \"service_agent\":\n case \"agent_runner\":\n return \"service_agent\";\n default:\n return undefined;\n }\n}\n\nfunction highestPlatformRole(\n roles: PermitProjectionPlatformRole[],\n): PermitProjectionPlatformRole {\n return roles.reduce<PermitProjectionPlatformRole>(\n (best, role) =>\n PLATFORM_ROLE_PRIORITY[role] > PLATFORM_ROLE_PRIORITY[best] ? role : best,\n \"viewer\",\n );\n}\n\nfunction isClerkAliasFor(\n alias: PermitAliasProjection,\n clerkId: string,\n): boolean {\n return (\n isActivePermitProjectionStatus(alias.status) &&\n readPermitProjectionString(alias.provider)?.toLowerCase() === \"clerk\" &&\n (readPermitProjectionString(alias.providerSubjectId) === clerkId ||\n readPermitProjectionString(alias.alias) === clerkId)\n );\n}\n\nfunction isHumanPermitPrincipal(principal: PermitPrincipalProjection): boolean {\n const principalType =\n readPermitProjectionString(principal.principalType)?.toLowerCase();\n return !principalType || principalType === \"human\" || principalType === \"user\";\n}\n\nfunction emailFromAlias(\n aliases: PermitAliasProjection[],\n principal: PermitPrincipalProjection,\n): string | undefined {\n return (\n aliases.find(\n (alias) =>\n readPermitProjectionString(alias.aliasKind)?.toLowerCase() === \"email\",\n )?.alias ?? readPermitProjectionString(principal.metadata?.email)\n );\n}\n\nfunction groupIdsForPrincipal(\n memberships: PermitGroupMembershipProjection[],\n principal: PermitPrincipalProjection,\n): string[] {\n const principalId = readPermitProjectionString(principal.principalId);\n if (!principalId) return [];\n return [\n ...new Set(\n memberships\n .filter(\n (membership) =>\n isActivePermitProjectionStatus(membership.status) &&\n readPermitProjectionString(membership.tenantId) ===\n readPermitProjectionString(principal.tenantId) &&\n readPermitProjectionString(membership.memberType) === \"principal\" &&\n (readPermitProjectionString(membership.memberId) === principalId ||\n readPermitProjectionString(membership.principalId) ===\n principalId),\n )\n .map((membership) => readPermitProjectionString(membership.groupId))\n .filter((groupId): groupId is string => Boolean(groupId)),\n ),\n ];\n}\n\nfunction rolesForPrincipal(\n assignments: PermitRoleAssignmentProjection[],\n principal: PermitPrincipalProjection,\n groupIds: string[],\n): PermitProjectionPlatformRole[] {\n const principalId = readPermitProjectionString(principal.principalId);\n const tenantId = readPermitProjectionString(principal.tenantId);\n const roles = assignments\n .filter(\n (assignment) =>\n isActivePermitProjectionStatus(assignment.status) &&\n readPermitProjectionString(assignment.tenantId) === tenantId &&\n ((readPermitProjectionString(assignment.targetType) === \"principal\" &&\n readPermitProjectionString(assignment.targetId) === principalId) ||\n (readPermitProjectionString(assignment.targetType) === \"group\" &&\n groupIds.includes(\n readPermitProjectionString(assignment.targetId) ?? \"\",\n ))),\n )\n .map((assignment) => mapPermitRoleToPlatformRole(assignment.role))\n .filter((role): role is PermitProjectionPlatformRole => Boolean(role));\n\n if (\n readPermitProjectionString(principal.principalType) === \"agent\" ||\n readPermitProjectionString(principal.principalType) === \"service_principal\"\n ) {\n roles.push(\"service_agent\");\n }\n\n return [...new Set(roles)];\n}\n\nfunction workspaceFromPermitProjection(\n principal: PermitPrincipalProjection,\n alias: PermitAliasProjection | undefined,\n assignments: PermitRoleAssignmentProjection[],\n): string | undefined {\n return (\n readPermitProjectionString(principal.workspaceId) ??\n readPermitProjectionString(alias?.workspaceId) ??\n readPermitProjectionString(\n assignments.find(\n (assignment) =>\n readPermitProjectionString(assignment.targetId) ===\n readPermitProjectionString(principal.principalId) &&\n readPermitProjectionString(assignment.resourceType) === \"workspace\",\n )?.resourceKey,\n ) ??\n readPermitProjectionString(\n assignments.find((assignment) => assignment.workspaceId)?.workspaceId,\n )\n );\n}\n\nexport function buildProjectedUserFromPermitPrincipal(\n rows: PermitProjectionRows,\n principal: PermitPrincipalProjection,\n matchingAlias?: PermitAliasProjection,\n now = Date.now(),\n): PermitProjectedUserRecord | null {\n const principalId = readPermitProjectionString(principal.principalId);\n const tenantId = readPermitProjectionString(principal.tenantId);\n if (\n !principalId ||\n !tenantId ||\n !isActivePermitProjectionStatus(principal.status)\n ) {\n return null;\n }\n\n const aliases = rows.aliases.filter(\n (alias) =>\n readPermitProjectionString(alias.tenantId) === tenantId &&\n readPermitProjectionString(alias.principalId) === principalId &&\n isActivePermitProjectionStatus(alias.status),\n );\n const groupIds = groupIdsForPrincipal(rows.groupMemberships, principal);\n const roles = rolesForPrincipal(rows.roleAssignments, principal, groupIds);\n if (roles.length === 0) {\n return null;\n }\n\n const alias = matchingAlias ?? aliases[0];\n const clerkId =\n readPermitProjectionString(\n aliases.find(\n (entry) =>\n readPermitProjectionString(entry.provider)?.toLowerCase() === \"clerk\",\n )?.providerSubjectId,\n ) ?? principalId;\n if (isHumanPermitPrincipal(principal) && principalId !== clerkId) {\n return null;\n }\n\n return {\n clerkId,\n email: emailFromAlias(aliases, principal) ?? `${principalId}@permit.local`,\n name: readPermitProjectionString(principal.displayName),\n lastSeenAt: principal.lastSeenAt ?? principal.updatedAt ?? now,\n chatCount: 0,\n messageCount: 0,\n mcRole: highestPlatformRole(roles),\n mcRoleSyncedAt: principal.updatedAt ?? now,\n defaultTenantId: tenantId,\n defaultWorkspaceId:\n workspaceFromPermitProjection(principal, alias, rows.roleAssignments) ??\n tenantId,\n defaultPrincipalId: principalId,\n principalGroupIds: groupIds,\n governanceGrantsSyncedAt: principal.updatedAt ?? now,\n createdAt: principal.createdAt ?? now,\n updatedAt: principal.updatedAt ?? now,\n };\n}\n\nexport function findProjectedUserByPermitPrincipalId(\n rows: PermitProjectionRows,\n principalId: string,\n now = Date.now(),\n): PermitProjectedUserRecord | null {\n const normalizedPrincipalId = principalId.trim();\n const principal = rows.principals.find(\n (row) =>\n isActivePermitProjectionStatus(row.status) &&\n readPermitProjectionString(row.principalId) === normalizedPrincipalId,\n );\n return principal\n ? buildProjectedUserFromPermitPrincipal(rows, principal, undefined, now)\n : null;\n}\n\nexport function findProjectedUserByPermitClerkId(\n rows: PermitProjectionRows,\n clerkId: string,\n now = Date.now(),\n): PermitProjectedUserRecord | null {\n const normalizedClerkId = clerkId.trim();\n const matchingAlias = rows.aliases.find((alias) =>\n isClerkAliasFor(alias, normalizedClerkId),\n );\n const principal = matchingAlias\n ? rows.principals.find(\n (row) =>\n readPermitProjectionString(row.tenantId) ===\n readPermitProjectionString(matchingAlias.tenantId) &&\n readPermitProjectionString(row.principalId) ===\n readPermitProjectionString(matchingAlias.principalId),\n )\n : rows.principals.find(\n (row) =>\n readPermitProjectionString(row.principalId) === normalizedClerkId,\n );\n return principal\n ? buildProjectedUserFromPermitPrincipal(rows, principal, matchingAlias, now)\n : null;\n}\n"]}
@@ -1,3 +0,0 @@
1
- declare function checkConvexArgsShape(): void;
2
-
3
- export { checkConvexArgsShape };