@lucern/events 0.3.0-alpha.12 → 0.3.0-alpha.13
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/index.js +114 -4
- package/dist/index.js.map +1 -1
- package/dist/outbox.js +114 -4
- package/dist/outbox.js.map +1 -1
- package/dist/types.js +114 -4
- package/dist/types.js.map +1 -1
- package/dist/webhooks.js +114 -4
- package/dist/webhooks.js.map +1 -1
- package/package.json +2 -2
package/dist/outbox.js
CHANGED
|
@@ -1080,6 +1080,35 @@ defineTable({
|
|
|
1080
1080
|
{ kind: "index", name: "by_source", columns: ["source"] }
|
|
1081
1081
|
]
|
|
1082
1082
|
});
|
|
1083
|
+
defineTable({
|
|
1084
|
+
name: "domainEvents",
|
|
1085
|
+
component: "kernel",
|
|
1086
|
+
category: "events",
|
|
1087
|
+
shape: z.object({
|
|
1088
|
+
"eventId": z.string(),
|
|
1089
|
+
"type": z.string(),
|
|
1090
|
+
"version": z.string(),
|
|
1091
|
+
"timestamp": z.number(),
|
|
1092
|
+
"tenantId": z.string().optional(),
|
|
1093
|
+
"workspaceId": z.string().optional(),
|
|
1094
|
+
"topicId": z.string(),
|
|
1095
|
+
"resourceId": z.string(),
|
|
1096
|
+
"resourceType": z.string(),
|
|
1097
|
+
"actorId": z.string(),
|
|
1098
|
+
"actorType": z.enum(["human", "agent", "service"]),
|
|
1099
|
+
"data": z.record(z.any()),
|
|
1100
|
+
"correlationId": z.string().optional(),
|
|
1101
|
+
"expiresAt": z.number()
|
|
1102
|
+
}),
|
|
1103
|
+
indices: [
|
|
1104
|
+
{ kind: "index", name: "by_eventId", columns: ["eventId"] },
|
|
1105
|
+
{ kind: "index", name: "by_topic_timestamp", columns: ["topicId", "timestamp"] },
|
|
1106
|
+
{ kind: "index", name: "by_tenant_workspace_timestamp", columns: ["tenantId", "workspaceId", "timestamp"] },
|
|
1107
|
+
{ kind: "index", name: "by_type_timestamp", columns: ["type", "timestamp"] },
|
|
1108
|
+
{ kind: "index", name: "by_resource", columns: ["resourceType", "resourceId", "timestamp"] },
|
|
1109
|
+
{ kind: "index", name: "by_expiresAt", columns: ["expiresAt"] }
|
|
1110
|
+
]
|
|
1111
|
+
});
|
|
1083
1112
|
defineTable({
|
|
1084
1113
|
name: "beliefConfidence",
|
|
1085
1114
|
component: "kernel",
|
|
@@ -4486,7 +4515,10 @@ defineTable({
|
|
|
4486
4515
|
}),
|
|
4487
4516
|
indices: [
|
|
4488
4517
|
{ kind: "index", name: "by_principalId", columns: ["principalId"] },
|
|
4518
|
+
{ kind: "index", name: "by_provider_subject", columns: ["provider", "providerSubjectId"] },
|
|
4519
|
+
{ kind: "index", name: "by_provider_project_subject", columns: ["provider", "providerProjectId", "providerSubjectId"] },
|
|
4489
4520
|
{ kind: "index", name: "by_tenant_provider_subject", columns: ["tenantId", "provider", "providerSubjectId"] },
|
|
4521
|
+
{ kind: "index", name: "by_tenant_provider_project_subject", columns: ["tenantId", "provider", "providerProjectId", "providerSubjectId"] },
|
|
4490
4522
|
{
|
|
4491
4523
|
kind: "index",
|
|
4492
4524
|
name: "by_tenant_provider_alias",
|
|
@@ -9459,7 +9491,7 @@ var IDENTITY_WHOAMI = {
|
|
|
9459
9491
|
description: "Canonical identity summary for the current session",
|
|
9460
9492
|
fields: {
|
|
9461
9493
|
principalId: "string \u2014 canonical federated principal identifier",
|
|
9462
|
-
principalType: "string \u2014 human, service, or
|
|
9494
|
+
principalType: "string \u2014 human, service, agent, group, or external_viewer",
|
|
9463
9495
|
tenantId: "string | undefined \u2014 resolved tenant scope",
|
|
9464
9496
|
workspaceId: "string | undefined \u2014 resolved workspace scope",
|
|
9465
9497
|
scopes: "string[] | undefined \u2014 granted scopes for this session",
|
|
@@ -9470,6 +9502,49 @@ var IDENTITY_WHOAMI = {
|
|
|
9470
9502
|
ontologyPrimitive: "identity",
|
|
9471
9503
|
tier: "workhorse"
|
|
9472
9504
|
};
|
|
9505
|
+
var RESOLVE_INTERACTIVE_PRINCIPAL = {
|
|
9506
|
+
name: "resolve_interactive_principal",
|
|
9507
|
+
description: "Read the Permit-backed Lucern principal context for an authenticated Clerk user. Like `git config --get user.email` plus the repository ACL \u2014 resolves the identity alias into the canonical authorization subject.",
|
|
9508
|
+
parameters: {
|
|
9509
|
+
clerkId: {
|
|
9510
|
+
type: "string",
|
|
9511
|
+
description: "Authenticated Clerk subject (`sub`). Clerk proves identity only; it is not the authorization record."
|
|
9512
|
+
},
|
|
9513
|
+
tenantId: {
|
|
9514
|
+
type: "string",
|
|
9515
|
+
description: "Optional tenant scope. Omit only when the Clerk alias is globally unambiguous."
|
|
9516
|
+
},
|
|
9517
|
+
workspaceId: {
|
|
9518
|
+
type: "string",
|
|
9519
|
+
description: "Optional workspace scope. Required when the principal has access to multiple workspaces and no default can be inferred."
|
|
9520
|
+
},
|
|
9521
|
+
providerProjectId: {
|
|
9522
|
+
type: "string",
|
|
9523
|
+
description: "Optional Clerk project or provider instance id for tenants with multiple identity providers."
|
|
9524
|
+
}
|
|
9525
|
+
},
|
|
9526
|
+
required: ["clerkId"],
|
|
9527
|
+
response: {
|
|
9528
|
+
description: "Permit-backed Lucern principal context for tenant SDK bootstrap",
|
|
9529
|
+
fields: {
|
|
9530
|
+
principalId: "string \u2014 canonical Lucern principal identifier",
|
|
9531
|
+
principalType: "string \u2014 human, service, agent, group, or external_viewer",
|
|
9532
|
+
clerkId: "string \u2014 authenticated Clerk subject alias",
|
|
9533
|
+
tenantId: "string \u2014 resolved tenant scope",
|
|
9534
|
+
workspaceId: "string | null \u2014 resolved workspace scope",
|
|
9535
|
+
roles: "string[] \u2014 effective Permit roles",
|
|
9536
|
+
scopes: "string[] \u2014 effective scopes derived from Permit/control-plane projection",
|
|
9537
|
+
groupIds: "string[] \u2014 active Permit group memberships",
|
|
9538
|
+
principalStatus: "string \u2014 active, invited, suspended, disabled, revoked, or missing",
|
|
9539
|
+
tenantStatus: "string \u2014 projected tenant resource status",
|
|
9540
|
+
workspaceStatus: "string \u2014 projected workspace resource status",
|
|
9541
|
+
permit: "object \u2014 Permit subject, tenant, and optional workspace tuple"
|
|
9542
|
+
}
|
|
9543
|
+
},
|
|
9544
|
+
ownerModule: "control-plane",
|
|
9545
|
+
ontologyPrimitive: "identity",
|
|
9546
|
+
tier: "workhorse"
|
|
9547
|
+
};
|
|
9473
9548
|
var COMPILE_CONTEXT = {
|
|
9474
9549
|
name: "compile_context",
|
|
9475
9550
|
description: "Compile a focused reasoning context. If topicId is omitted, Lucern resolves the best topic from the query. Like `git log --graph --decorate` for the reasoning substrate \u2014 returns the canonical Pillar 3 context pack through the public API shape.",
|
|
@@ -11372,6 +11447,7 @@ var MCP_TOOL_CONTRACTS = {
|
|
|
11372
11447
|
update_worktree_targets: UPDATE_WORKTREE_TARGETS,
|
|
11373
11448
|
update_worktree_metadata: UPDATE_WORKTREE_METADATA,
|
|
11374
11449
|
identity_whoami: IDENTITY_WHOAMI,
|
|
11450
|
+
resolve_interactive_principal: RESOLVE_INTERACTIVE_PRINCIPAL,
|
|
11375
11451
|
compile_context: COMPILE_CONTEXT,
|
|
11376
11452
|
record_scope_learning: RECORD_SCOPE_LEARNING,
|
|
11377
11453
|
pipeline_snapshot: PIPELINE_SNAPSHOT,
|
|
@@ -11489,6 +11565,7 @@ function entries(names, surfaceClass, surfaceIntent, surfaces, rationale) {
|
|
|
11489
11565
|
var MCP_CORE_OPERATION_NAMES = [
|
|
11490
11566
|
"compile_context",
|
|
11491
11567
|
"identity_whoami",
|
|
11568
|
+
"resolve_interactive_principal",
|
|
11492
11569
|
"check_permission",
|
|
11493
11570
|
"filter_by_permission",
|
|
11494
11571
|
"create_belief",
|
|
@@ -12042,7 +12119,13 @@ function surfaceContract(args) {
|
|
|
12042
12119
|
scopes: args.scopes ?? [
|
|
12043
12120
|
args.kind === "query" ? `${args.domain}.read` : `${args.domain}.write`
|
|
12044
12121
|
],
|
|
12045
|
-
allowedPrincipalTypes: [
|
|
12122
|
+
allowedPrincipalTypes: [
|
|
12123
|
+
"user",
|
|
12124
|
+
"service",
|
|
12125
|
+
"agent",
|
|
12126
|
+
"group",
|
|
12127
|
+
"external_viewer"
|
|
12128
|
+
]
|
|
12046
12129
|
},
|
|
12047
12130
|
convex: args.convex,
|
|
12048
12131
|
gateway: args.gateway,
|
|
@@ -12184,8 +12267,6 @@ var contextContracts = [
|
|
|
12184
12267
|
args: observationContextArgs
|
|
12185
12268
|
})
|
|
12186
12269
|
];
|
|
12187
|
-
|
|
12188
|
-
// ../contracts/src/function-registry/identity.ts
|
|
12189
12270
|
var withPrincipal = (input, context) => ({
|
|
12190
12271
|
...input,
|
|
12191
12272
|
tenantId: input.tenantId ?? context.tenantId,
|
|
@@ -12211,6 +12292,28 @@ var identityContracts = [
|
|
|
12211
12292
|
inputProjection: withPrincipal
|
|
12212
12293
|
}
|
|
12213
12294
|
}),
|
|
12295
|
+
surfaceContract({
|
|
12296
|
+
name: "resolve_interactive_principal",
|
|
12297
|
+
kind: "query",
|
|
12298
|
+
domain: "controlPlane",
|
|
12299
|
+
surfaceClass: "platform_public",
|
|
12300
|
+
method: "POST",
|
|
12301
|
+
path: "/control-plane/identity/resolve-interactive-principal",
|
|
12302
|
+
sdkNamespace: "controlPlane.identity",
|
|
12303
|
+
sdkMethod: "resolveInteractivePrincipal",
|
|
12304
|
+
summary: "Resolve an authenticated Clerk user into a Permit-backed Lucern principal context.",
|
|
12305
|
+
args: z.object({
|
|
12306
|
+
clerkId: z.string().min(1),
|
|
12307
|
+
tenantId: z.string().min(1).optional(),
|
|
12308
|
+
workspaceId: z.string().min(1).optional(),
|
|
12309
|
+
providerProjectId: z.string().min(1).optional()
|
|
12310
|
+
}),
|
|
12311
|
+
convex: {
|
|
12312
|
+
module: "identity",
|
|
12313
|
+
functionName: "resolveInteractivePrincipal",
|
|
12314
|
+
kind: "query"
|
|
12315
|
+
}
|
|
12316
|
+
}),
|
|
12214
12317
|
surfaceContract({
|
|
12215
12318
|
name: "check_permission",
|
|
12216
12319
|
kind: "query",
|
|
@@ -16014,6 +16117,13 @@ var TENANT_BOOTSTRAP_TABLE_REQUIREMENTS = [
|
|
|
16014
16117
|
copyMode: "none",
|
|
16015
16118
|
description: "Deliberation sessions are created by tenant workflows."
|
|
16016
16119
|
},
|
|
16120
|
+
{
|
|
16121
|
+
component: "kernel",
|
|
16122
|
+
table: "domainEvents",
|
|
16123
|
+
prepopulation: "runtime_log",
|
|
16124
|
+
copyMode: "none",
|
|
16125
|
+
description: "Domain event rows are append-only runtime audit/exhaust data."
|
|
16126
|
+
},
|
|
16017
16127
|
{
|
|
16018
16128
|
component: "kernel",
|
|
16019
16129
|
table: "epistemicAudit",
|