@lucern/events 0.3.0-alpha.11 → 0.3.0-alpha.13
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/index.js +117 -5
- package/dist/index.js.map +1 -1
- package/dist/outbox.js +117 -5
- package/dist/outbox.js.map +1 -1
- package/dist/types.js +117 -5
- package/dist/types.js.map +1 -1
- package/dist/webhooks.js +117 -5
- package/dist/webhooks.js.map +1 -1
- package/package.json +2 -2
package/dist/index.js
CHANGED
|
@@ -1144,6 +1144,35 @@ defineTable({
|
|
|
1144
1144
|
{ kind: "index", name: "by_source", columns: ["source"] }
|
|
1145
1145
|
]
|
|
1146
1146
|
});
|
|
1147
|
+
defineTable({
|
|
1148
|
+
name: "domainEvents",
|
|
1149
|
+
component: "kernel",
|
|
1150
|
+
category: "events",
|
|
1151
|
+
shape: z.object({
|
|
1152
|
+
"eventId": z.string(),
|
|
1153
|
+
"type": z.string(),
|
|
1154
|
+
"version": z.string(),
|
|
1155
|
+
"timestamp": z.number(),
|
|
1156
|
+
"tenantId": z.string().optional(),
|
|
1157
|
+
"workspaceId": z.string().optional(),
|
|
1158
|
+
"topicId": z.string(),
|
|
1159
|
+
"resourceId": z.string(),
|
|
1160
|
+
"resourceType": z.string(),
|
|
1161
|
+
"actorId": z.string(),
|
|
1162
|
+
"actorType": z.enum(["human", "agent", "service"]),
|
|
1163
|
+
"data": z.record(z.any()),
|
|
1164
|
+
"correlationId": z.string().optional(),
|
|
1165
|
+
"expiresAt": z.number()
|
|
1166
|
+
}),
|
|
1167
|
+
indices: [
|
|
1168
|
+
{ kind: "index", name: "by_eventId", columns: ["eventId"] },
|
|
1169
|
+
{ kind: "index", name: "by_topic_timestamp", columns: ["topicId", "timestamp"] },
|
|
1170
|
+
{ kind: "index", name: "by_tenant_workspace_timestamp", columns: ["tenantId", "workspaceId", "timestamp"] },
|
|
1171
|
+
{ kind: "index", name: "by_type_timestamp", columns: ["type", "timestamp"] },
|
|
1172
|
+
{ kind: "index", name: "by_resource", columns: ["resourceType", "resourceId", "timestamp"] },
|
|
1173
|
+
{ kind: "index", name: "by_expiresAt", columns: ["expiresAt"] }
|
|
1174
|
+
]
|
|
1175
|
+
});
|
|
1147
1176
|
defineTable({
|
|
1148
1177
|
name: "beliefConfidence",
|
|
1149
1178
|
component: "kernel",
|
|
@@ -4442,7 +4471,9 @@ var permitObjectType = z.enum([
|
|
|
4442
4471
|
"group",
|
|
4443
4472
|
"resource_instance",
|
|
4444
4473
|
"relationship_tuple",
|
|
4445
|
-
"role_assignment"
|
|
4474
|
+
"role_assignment",
|
|
4475
|
+
"attribute_binding",
|
|
4476
|
+
"policy_bundle"
|
|
4446
4477
|
]);
|
|
4447
4478
|
var permitOutboxOperation = z.enum([
|
|
4448
4479
|
"upsert",
|
|
@@ -4548,7 +4579,10 @@ defineTable({
|
|
|
4548
4579
|
}),
|
|
4549
4580
|
indices: [
|
|
4550
4581
|
{ kind: "index", name: "by_principalId", columns: ["principalId"] },
|
|
4582
|
+
{ kind: "index", name: "by_provider_subject", columns: ["provider", "providerSubjectId"] },
|
|
4583
|
+
{ kind: "index", name: "by_provider_project_subject", columns: ["provider", "providerProjectId", "providerSubjectId"] },
|
|
4551
4584
|
{ kind: "index", name: "by_tenant_provider_subject", columns: ["tenantId", "provider", "providerSubjectId"] },
|
|
4585
|
+
{ kind: "index", name: "by_tenant_provider_project_subject", columns: ["tenantId", "provider", "providerProjectId", "providerSubjectId"] },
|
|
4552
4586
|
{
|
|
4553
4587
|
kind: "index",
|
|
4554
4588
|
name: "by_tenant_provider_alias",
|
|
@@ -9521,7 +9555,7 @@ var IDENTITY_WHOAMI = {
|
|
|
9521
9555
|
description: "Canonical identity summary for the current session",
|
|
9522
9556
|
fields: {
|
|
9523
9557
|
principalId: "string \u2014 canonical federated principal identifier",
|
|
9524
|
-
principalType: "string \u2014 human, service, or
|
|
9558
|
+
principalType: "string \u2014 human, service, agent, group, or external_viewer",
|
|
9525
9559
|
tenantId: "string | undefined \u2014 resolved tenant scope",
|
|
9526
9560
|
workspaceId: "string | undefined \u2014 resolved workspace scope",
|
|
9527
9561
|
scopes: "string[] | undefined \u2014 granted scopes for this session",
|
|
@@ -9532,6 +9566,49 @@ var IDENTITY_WHOAMI = {
|
|
|
9532
9566
|
ontologyPrimitive: "identity",
|
|
9533
9567
|
tier: "workhorse"
|
|
9534
9568
|
};
|
|
9569
|
+
var RESOLVE_INTERACTIVE_PRINCIPAL = {
|
|
9570
|
+
name: "resolve_interactive_principal",
|
|
9571
|
+
description: "Read the Permit-backed Lucern principal context for an authenticated Clerk user. Like `git config --get user.email` plus the repository ACL \u2014 resolves the identity alias into the canonical authorization subject.",
|
|
9572
|
+
parameters: {
|
|
9573
|
+
clerkId: {
|
|
9574
|
+
type: "string",
|
|
9575
|
+
description: "Authenticated Clerk subject (`sub`). Clerk proves identity only; it is not the authorization record."
|
|
9576
|
+
},
|
|
9577
|
+
tenantId: {
|
|
9578
|
+
type: "string",
|
|
9579
|
+
description: "Optional tenant scope. Omit only when the Clerk alias is globally unambiguous."
|
|
9580
|
+
},
|
|
9581
|
+
workspaceId: {
|
|
9582
|
+
type: "string",
|
|
9583
|
+
description: "Optional workspace scope. Required when the principal has access to multiple workspaces and no default can be inferred."
|
|
9584
|
+
},
|
|
9585
|
+
providerProjectId: {
|
|
9586
|
+
type: "string",
|
|
9587
|
+
description: "Optional Clerk project or provider instance id for tenants with multiple identity providers."
|
|
9588
|
+
}
|
|
9589
|
+
},
|
|
9590
|
+
required: ["clerkId"],
|
|
9591
|
+
response: {
|
|
9592
|
+
description: "Permit-backed Lucern principal context for tenant SDK bootstrap",
|
|
9593
|
+
fields: {
|
|
9594
|
+
principalId: "string \u2014 canonical Lucern principal identifier",
|
|
9595
|
+
principalType: "string \u2014 human, service, agent, group, or external_viewer",
|
|
9596
|
+
clerkId: "string \u2014 authenticated Clerk subject alias",
|
|
9597
|
+
tenantId: "string \u2014 resolved tenant scope",
|
|
9598
|
+
workspaceId: "string | null \u2014 resolved workspace scope",
|
|
9599
|
+
roles: "string[] \u2014 effective Permit roles",
|
|
9600
|
+
scopes: "string[] \u2014 effective scopes derived from Permit/control-plane projection",
|
|
9601
|
+
groupIds: "string[] \u2014 active Permit group memberships",
|
|
9602
|
+
principalStatus: "string \u2014 active, invited, suspended, disabled, revoked, or missing",
|
|
9603
|
+
tenantStatus: "string \u2014 projected tenant resource status",
|
|
9604
|
+
workspaceStatus: "string \u2014 projected workspace resource status",
|
|
9605
|
+
permit: "object \u2014 Permit subject, tenant, and optional workspace tuple"
|
|
9606
|
+
}
|
|
9607
|
+
},
|
|
9608
|
+
ownerModule: "control-plane",
|
|
9609
|
+
ontologyPrimitive: "identity",
|
|
9610
|
+
tier: "workhorse"
|
|
9611
|
+
};
|
|
9535
9612
|
var COMPILE_CONTEXT = {
|
|
9536
9613
|
name: "compile_context",
|
|
9537
9614
|
description: "Compile a focused reasoning context. If topicId is omitted, Lucern resolves the best topic from the query. Like `git log --graph --decorate` for the reasoning substrate \u2014 returns the canonical Pillar 3 context pack through the public API shape.",
|
|
@@ -11434,6 +11511,7 @@ var MCP_TOOL_CONTRACTS = {
|
|
|
11434
11511
|
update_worktree_targets: UPDATE_WORKTREE_TARGETS,
|
|
11435
11512
|
update_worktree_metadata: UPDATE_WORKTREE_METADATA,
|
|
11436
11513
|
identity_whoami: IDENTITY_WHOAMI,
|
|
11514
|
+
resolve_interactive_principal: RESOLVE_INTERACTIVE_PRINCIPAL,
|
|
11437
11515
|
compile_context: COMPILE_CONTEXT,
|
|
11438
11516
|
record_scope_learning: RECORD_SCOPE_LEARNING,
|
|
11439
11517
|
pipeline_snapshot: PIPELINE_SNAPSHOT,
|
|
@@ -11551,6 +11629,7 @@ function entries(names, surfaceClass, surfaceIntent, surfaces, rationale) {
|
|
|
11551
11629
|
var MCP_CORE_OPERATION_NAMES = [
|
|
11552
11630
|
"compile_context",
|
|
11553
11631
|
"identity_whoami",
|
|
11632
|
+
"resolve_interactive_principal",
|
|
11554
11633
|
"check_permission",
|
|
11555
11634
|
"filter_by_permission",
|
|
11556
11635
|
"create_belief",
|
|
@@ -12104,7 +12183,13 @@ function surfaceContract(args) {
|
|
|
12104
12183
|
scopes: args.scopes ?? [
|
|
12105
12184
|
args.kind === "query" ? `${args.domain}.read` : `${args.domain}.write`
|
|
12106
12185
|
],
|
|
12107
|
-
allowedPrincipalTypes: [
|
|
12186
|
+
allowedPrincipalTypes: [
|
|
12187
|
+
"user",
|
|
12188
|
+
"service",
|
|
12189
|
+
"agent",
|
|
12190
|
+
"group",
|
|
12191
|
+
"external_viewer"
|
|
12192
|
+
]
|
|
12108
12193
|
},
|
|
12109
12194
|
convex: args.convex,
|
|
12110
12195
|
gateway: args.gateway,
|
|
@@ -12246,8 +12331,6 @@ var contextContracts = [
|
|
|
12246
12331
|
args: observationContextArgs
|
|
12247
12332
|
})
|
|
12248
12333
|
];
|
|
12249
|
-
|
|
12250
|
-
// ../contracts/src/function-registry/identity.ts
|
|
12251
12334
|
var withPrincipal = (input, context) => ({
|
|
12252
12335
|
...input,
|
|
12253
12336
|
tenantId: input.tenantId ?? context.tenantId,
|
|
@@ -12273,6 +12356,28 @@ var identityContracts = [
|
|
|
12273
12356
|
inputProjection: withPrincipal
|
|
12274
12357
|
}
|
|
12275
12358
|
}),
|
|
12359
|
+
surfaceContract({
|
|
12360
|
+
name: "resolve_interactive_principal",
|
|
12361
|
+
kind: "query",
|
|
12362
|
+
domain: "controlPlane",
|
|
12363
|
+
surfaceClass: "platform_public",
|
|
12364
|
+
method: "POST",
|
|
12365
|
+
path: "/control-plane/identity/resolve-interactive-principal",
|
|
12366
|
+
sdkNamespace: "controlPlane.identity",
|
|
12367
|
+
sdkMethod: "resolveInteractivePrincipal",
|
|
12368
|
+
summary: "Resolve an authenticated Clerk user into a Permit-backed Lucern principal context.",
|
|
12369
|
+
args: z.object({
|
|
12370
|
+
clerkId: z.string().min(1),
|
|
12371
|
+
tenantId: z.string().min(1).optional(),
|
|
12372
|
+
workspaceId: z.string().min(1).optional(),
|
|
12373
|
+
providerProjectId: z.string().min(1).optional()
|
|
12374
|
+
}),
|
|
12375
|
+
convex: {
|
|
12376
|
+
module: "identity",
|
|
12377
|
+
functionName: "resolveInteractivePrincipal",
|
|
12378
|
+
kind: "query"
|
|
12379
|
+
}
|
|
12380
|
+
}),
|
|
12276
12381
|
surfaceContract({
|
|
12277
12382
|
name: "check_permission",
|
|
12278
12383
|
kind: "query",
|
|
@@ -16076,6 +16181,13 @@ var TENANT_BOOTSTRAP_TABLE_REQUIREMENTS = [
|
|
|
16076
16181
|
copyMode: "none",
|
|
16077
16182
|
description: "Deliberation sessions are created by tenant workflows."
|
|
16078
16183
|
},
|
|
16184
|
+
{
|
|
16185
|
+
component: "kernel",
|
|
16186
|
+
table: "domainEvents",
|
|
16187
|
+
prepopulation: "runtime_log",
|
|
16188
|
+
copyMode: "none",
|
|
16189
|
+
description: "Domain event rows are append-only runtime audit/exhaust data."
|
|
16190
|
+
},
|
|
16079
16191
|
{
|
|
16080
16192
|
component: "kernel",
|
|
16081
16193
|
table: "epistemicAudit",
|