@lucern/mcp 0.3.0-alpha.11 → 0.3.0-alpha.13
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/cli.js +432 -54
- package/dist/cli.js.map +1 -1
- package/dist/gateway.d.ts +30 -1
- package/dist/gateway.js +1799 -379
- package/dist/gateway.js.map +1 -1
- package/dist/hosted-route.js +432 -54
- package/dist/hosted-route.js.map +1 -1
- package/dist/index.js +432 -54
- package/dist/index.js.map +1 -1
- package/dist/runtime.js +125 -5
- package/dist/runtime.js.map +1 -1
- package/package.json +6 -6
package/dist/runtime.js
CHANGED
|
@@ -1238,6 +1238,35 @@ defineTable({
|
|
|
1238
1238
|
{ kind: "index", name: "by_source", columns: ["source"] }
|
|
1239
1239
|
]
|
|
1240
1240
|
});
|
|
1241
|
+
defineTable({
|
|
1242
|
+
name: "domainEvents",
|
|
1243
|
+
component: "kernel",
|
|
1244
|
+
category: "events",
|
|
1245
|
+
shape: z.object({
|
|
1246
|
+
"eventId": z.string(),
|
|
1247
|
+
"type": z.string(),
|
|
1248
|
+
"version": z.string(),
|
|
1249
|
+
"timestamp": z.number(),
|
|
1250
|
+
"tenantId": z.string().optional(),
|
|
1251
|
+
"workspaceId": z.string().optional(),
|
|
1252
|
+
"topicId": z.string(),
|
|
1253
|
+
"resourceId": z.string(),
|
|
1254
|
+
"resourceType": z.string(),
|
|
1255
|
+
"actorId": z.string(),
|
|
1256
|
+
"actorType": z.enum(["human", "agent", "service"]),
|
|
1257
|
+
"data": z.record(z.any()),
|
|
1258
|
+
"correlationId": z.string().optional(),
|
|
1259
|
+
"expiresAt": z.number()
|
|
1260
|
+
}),
|
|
1261
|
+
indices: [
|
|
1262
|
+
{ kind: "index", name: "by_eventId", columns: ["eventId"] },
|
|
1263
|
+
{ kind: "index", name: "by_topic_timestamp", columns: ["topicId", "timestamp"] },
|
|
1264
|
+
{ kind: "index", name: "by_tenant_workspace_timestamp", columns: ["tenantId", "workspaceId", "timestamp"] },
|
|
1265
|
+
{ kind: "index", name: "by_type_timestamp", columns: ["type", "timestamp"] },
|
|
1266
|
+
{ kind: "index", name: "by_resource", columns: ["resourceType", "resourceId", "timestamp"] },
|
|
1267
|
+
{ kind: "index", name: "by_expiresAt", columns: ["expiresAt"] }
|
|
1268
|
+
]
|
|
1269
|
+
});
|
|
1241
1270
|
defineTable({
|
|
1242
1271
|
name: "beliefConfidence",
|
|
1243
1272
|
component: "kernel",
|
|
@@ -4536,7 +4565,9 @@ var permitObjectType = z.enum([
|
|
|
4536
4565
|
"group",
|
|
4537
4566
|
"resource_instance",
|
|
4538
4567
|
"relationship_tuple",
|
|
4539
|
-
"role_assignment"
|
|
4568
|
+
"role_assignment",
|
|
4569
|
+
"attribute_binding",
|
|
4570
|
+
"policy_bundle"
|
|
4540
4571
|
]);
|
|
4541
4572
|
var permitOutboxOperation = z.enum([
|
|
4542
4573
|
"upsert",
|
|
@@ -4642,7 +4673,10 @@ defineTable({
|
|
|
4642
4673
|
}),
|
|
4643
4674
|
indices: [
|
|
4644
4675
|
{ kind: "index", name: "by_principalId", columns: ["principalId"] },
|
|
4676
|
+
{ kind: "index", name: "by_provider_subject", columns: ["provider", "providerSubjectId"] },
|
|
4677
|
+
{ kind: "index", name: "by_provider_project_subject", columns: ["provider", "providerProjectId", "providerSubjectId"] },
|
|
4645
4678
|
{ kind: "index", name: "by_tenant_provider_subject", columns: ["tenantId", "provider", "providerSubjectId"] },
|
|
4679
|
+
{ kind: "index", name: "by_tenant_provider_project_subject", columns: ["tenantId", "provider", "providerProjectId", "providerSubjectId"] },
|
|
4646
4680
|
{
|
|
4647
4681
|
kind: "index",
|
|
4648
4682
|
name: "by_tenant_provider_alias",
|
|
@@ -9684,7 +9718,7 @@ var IDENTITY_WHOAMI = {
|
|
|
9684
9718
|
description: "Canonical identity summary for the current session",
|
|
9685
9719
|
fields: {
|
|
9686
9720
|
principalId: "string \u2014 canonical federated principal identifier",
|
|
9687
|
-
principalType: "string \u2014 human, service, or
|
|
9721
|
+
principalType: "string \u2014 human, service, agent, group, or external_viewer",
|
|
9688
9722
|
tenantId: "string | undefined \u2014 resolved tenant scope",
|
|
9689
9723
|
workspaceId: "string | undefined \u2014 resolved workspace scope",
|
|
9690
9724
|
scopes: "string[] | undefined \u2014 granted scopes for this session",
|
|
@@ -9695,6 +9729,49 @@ var IDENTITY_WHOAMI = {
|
|
|
9695
9729
|
ontologyPrimitive: "identity",
|
|
9696
9730
|
tier: "workhorse"
|
|
9697
9731
|
};
|
|
9732
|
+
var RESOLVE_INTERACTIVE_PRINCIPAL = {
|
|
9733
|
+
name: "resolve_interactive_principal",
|
|
9734
|
+
description: "Read the Permit-backed Lucern principal context for an authenticated Clerk user. Like `git config --get user.email` plus the repository ACL \u2014 resolves the identity alias into the canonical authorization subject.",
|
|
9735
|
+
parameters: {
|
|
9736
|
+
clerkId: {
|
|
9737
|
+
type: "string",
|
|
9738
|
+
description: "Authenticated Clerk subject (`sub`). Clerk proves identity only; it is not the authorization record."
|
|
9739
|
+
},
|
|
9740
|
+
tenantId: {
|
|
9741
|
+
type: "string",
|
|
9742
|
+
description: "Optional tenant scope. Omit only when the Clerk alias is globally unambiguous."
|
|
9743
|
+
},
|
|
9744
|
+
workspaceId: {
|
|
9745
|
+
type: "string",
|
|
9746
|
+
description: "Optional workspace scope. Required when the principal has access to multiple workspaces and no default can be inferred."
|
|
9747
|
+
},
|
|
9748
|
+
providerProjectId: {
|
|
9749
|
+
type: "string",
|
|
9750
|
+
description: "Optional Clerk project or provider instance id for tenants with multiple identity providers."
|
|
9751
|
+
}
|
|
9752
|
+
},
|
|
9753
|
+
required: ["clerkId"],
|
|
9754
|
+
response: {
|
|
9755
|
+
description: "Permit-backed Lucern principal context for tenant SDK bootstrap",
|
|
9756
|
+
fields: {
|
|
9757
|
+
principalId: "string \u2014 canonical Lucern principal identifier",
|
|
9758
|
+
principalType: "string \u2014 human, service, agent, group, or external_viewer",
|
|
9759
|
+
clerkId: "string \u2014 authenticated Clerk subject alias",
|
|
9760
|
+
tenantId: "string \u2014 resolved tenant scope",
|
|
9761
|
+
workspaceId: "string | null \u2014 resolved workspace scope",
|
|
9762
|
+
roles: "string[] \u2014 effective Permit roles",
|
|
9763
|
+
scopes: "string[] \u2014 effective scopes derived from Permit/control-plane projection",
|
|
9764
|
+
groupIds: "string[] \u2014 active Permit group memberships",
|
|
9765
|
+
principalStatus: "string \u2014 active, invited, suspended, disabled, revoked, or missing",
|
|
9766
|
+
tenantStatus: "string \u2014 projected tenant resource status",
|
|
9767
|
+
workspaceStatus: "string \u2014 projected workspace resource status",
|
|
9768
|
+
permit: "object \u2014 Permit subject, tenant, and optional workspace tuple"
|
|
9769
|
+
}
|
|
9770
|
+
},
|
|
9771
|
+
ownerModule: "control-plane",
|
|
9772
|
+
ontologyPrimitive: "identity",
|
|
9773
|
+
tier: "workhorse"
|
|
9774
|
+
};
|
|
9698
9775
|
var COMPILE_CONTEXT = {
|
|
9699
9776
|
name: "compile_context",
|
|
9700
9777
|
description: "Compile a focused reasoning context. If topicId is omitted, Lucern resolves the best topic from the query. Like `git log --graph --decorate` for the reasoning substrate \u2014 returns the canonical Pillar 3 context pack through the public API shape.",
|
|
@@ -11597,6 +11674,7 @@ var MCP_TOOL_CONTRACTS = {
|
|
|
11597
11674
|
update_worktree_targets: UPDATE_WORKTREE_TARGETS,
|
|
11598
11675
|
update_worktree_metadata: UPDATE_WORKTREE_METADATA,
|
|
11599
11676
|
identity_whoami: IDENTITY_WHOAMI,
|
|
11677
|
+
resolve_interactive_principal: RESOLVE_INTERACTIVE_PRINCIPAL,
|
|
11600
11678
|
compile_context: COMPILE_CONTEXT,
|
|
11601
11679
|
record_scope_learning: RECORD_SCOPE_LEARNING,
|
|
11602
11680
|
pipeline_snapshot: PIPELINE_SNAPSHOT,
|
|
@@ -11714,6 +11792,7 @@ function entries(names, surfaceClass, surfaceIntent, surfaces, rationale) {
|
|
|
11714
11792
|
var MCP_CORE_OPERATION_NAMES = [
|
|
11715
11793
|
"compile_context",
|
|
11716
11794
|
"identity_whoami",
|
|
11795
|
+
"resolve_interactive_principal",
|
|
11717
11796
|
"check_permission",
|
|
11718
11797
|
"filter_by_permission",
|
|
11719
11798
|
"create_belief",
|
|
@@ -12267,7 +12346,13 @@ function surfaceContract(args) {
|
|
|
12267
12346
|
scopes: args.scopes ?? [
|
|
12268
12347
|
args.kind === "query" ? `${args.domain}.read` : `${args.domain}.write`
|
|
12269
12348
|
],
|
|
12270
|
-
allowedPrincipalTypes: [
|
|
12349
|
+
allowedPrincipalTypes: [
|
|
12350
|
+
"user",
|
|
12351
|
+
"service",
|
|
12352
|
+
"agent",
|
|
12353
|
+
"group",
|
|
12354
|
+
"external_viewer"
|
|
12355
|
+
]
|
|
12271
12356
|
},
|
|
12272
12357
|
convex: args.convex,
|
|
12273
12358
|
gateway: args.gateway,
|
|
@@ -12409,8 +12494,6 @@ var contextContracts = [
|
|
|
12409
12494
|
args: observationContextArgs
|
|
12410
12495
|
})
|
|
12411
12496
|
];
|
|
12412
|
-
|
|
12413
|
-
// ../contracts/src/function-registry/identity.ts
|
|
12414
12497
|
var withPrincipal = (input, context) => ({
|
|
12415
12498
|
...input,
|
|
12416
12499
|
tenantId: input.tenantId ?? context.tenantId,
|
|
@@ -12436,6 +12519,28 @@ var identityContracts = [
|
|
|
12436
12519
|
inputProjection: withPrincipal
|
|
12437
12520
|
}
|
|
12438
12521
|
}),
|
|
12522
|
+
surfaceContract({
|
|
12523
|
+
name: "resolve_interactive_principal",
|
|
12524
|
+
kind: "query",
|
|
12525
|
+
domain: "controlPlane",
|
|
12526
|
+
surfaceClass: "platform_public",
|
|
12527
|
+
method: "POST",
|
|
12528
|
+
path: "/control-plane/identity/resolve-interactive-principal",
|
|
12529
|
+
sdkNamespace: "controlPlane.identity",
|
|
12530
|
+
sdkMethod: "resolveInteractivePrincipal",
|
|
12531
|
+
summary: "Resolve an authenticated Clerk user into a Permit-backed Lucern principal context.",
|
|
12532
|
+
args: z.object({
|
|
12533
|
+
clerkId: z.string().min(1),
|
|
12534
|
+
tenantId: z.string().min(1).optional(),
|
|
12535
|
+
workspaceId: z.string().min(1).optional(),
|
|
12536
|
+
providerProjectId: z.string().min(1).optional()
|
|
12537
|
+
}),
|
|
12538
|
+
convex: {
|
|
12539
|
+
module: "identity",
|
|
12540
|
+
functionName: "resolveInteractivePrincipal",
|
|
12541
|
+
kind: "query"
|
|
12542
|
+
}
|
|
12543
|
+
}),
|
|
12439
12544
|
surfaceContract({
|
|
12440
12545
|
name: "check_permission",
|
|
12441
12546
|
kind: "query",
|
|
@@ -16239,6 +16344,13 @@ var TENANT_BOOTSTRAP_TABLE_REQUIREMENTS = [
|
|
|
16239
16344
|
copyMode: "none",
|
|
16240
16345
|
description: "Deliberation sessions are created by tenant workflows."
|
|
16241
16346
|
},
|
|
16347
|
+
{
|
|
16348
|
+
component: "kernel",
|
|
16349
|
+
table: "domainEvents",
|
|
16350
|
+
prepopulation: "runtime_log",
|
|
16351
|
+
copyMode: "none",
|
|
16352
|
+
description: "Domain event rows are append-only runtime audit/exhaust data."
|
|
16353
|
+
},
|
|
16242
16354
|
{
|
|
16243
16355
|
component: "kernel",
|
|
16244
16356
|
table: "epistemicAudit",
|
|
@@ -18487,6 +18599,14 @@ var generatedFunctionSurfaceHandlers = {
|
|
|
18487
18599
|
)
|
|
18488
18600
|
);
|
|
18489
18601
|
},
|
|
18602
|
+
async resolve_interactive_principal(args, ctx) {
|
|
18603
|
+
return formatSdkResult(
|
|
18604
|
+
await getSdkClient(ctx).raw.functionSurface.resolveInteractivePrincipal(
|
|
18605
|
+
stripInternalArgs(args),
|
|
18606
|
+
idempotencyKeyFrom(args)
|
|
18607
|
+
)
|
|
18608
|
+
);
|
|
18609
|
+
},
|
|
18490
18610
|
async run_graph_intelligence_query(args, ctx) {
|
|
18491
18611
|
return formatSdkResult(
|
|
18492
18612
|
await getSdkClient(ctx).raw.functionSurface.runGraphIntelligenceQuery(
|