@lucern/mcp 0.3.0-alpha.15 → 0.3.0-alpha.17
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +2 -1
- package/dist/cli.js +205 -72
- package/dist/cli.js.map +1 -1
- package/dist/gateway.js +763 -136
- package/dist/gateway.js.map +1 -1
- package/dist/hosted-route.js +203 -66
- package/dist/hosted-route.js.map +1 -1
- package/dist/index.js +205 -72
- package/dist/index.js.map +1 -1
- package/dist/runtime.js +33 -43
- package/dist/runtime.js.map +1 -1
- package/package.json +9 -8
package/dist/hosted-route.js
CHANGED
|
@@ -890,13 +890,31 @@ function mergeHeaderRecord(base, addition) {
|
|
|
890
890
|
}
|
|
891
891
|
return Object.fromEntries(headers.entries());
|
|
892
892
|
}
|
|
893
|
+
function cleanHeaderValue(value) {
|
|
894
|
+
const normalized = value?.trim();
|
|
895
|
+
return normalized ? normalized : void 0;
|
|
896
|
+
}
|
|
893
897
|
function createGatewayRequestClient(config = {}) {
|
|
894
898
|
const fetchImpl = config.fetchImpl ?? fetch;
|
|
895
899
|
const baseUrl = config.baseUrl?.replace(/\/+$/, "") ?? "";
|
|
896
900
|
const maxRetries = config.maxRetries ?? 2;
|
|
897
901
|
const requestIdFactory = config.requestIdFactory ?? (() => generatePortableRequestId());
|
|
898
902
|
async function resolveAuthHeaders() {
|
|
899
|
-
const
|
|
903
|
+
const provided = config.getAuthHeaders ? await config.getAuthHeaders() : {};
|
|
904
|
+
const headers = new Headers(provided);
|
|
905
|
+
const setIfAbsent = (name, value) => {
|
|
906
|
+
const normalized = cleanHeaderValue(value);
|
|
907
|
+
if (normalized && !headers.has(name)) {
|
|
908
|
+
headers.set(name, normalized);
|
|
909
|
+
}
|
|
910
|
+
};
|
|
911
|
+
setIfAbsent("x-lucern-key", config.apiKey);
|
|
912
|
+
setIfAbsent("x-lucern-session-token", config.userToken);
|
|
913
|
+
setIfAbsent("x-lucern-environment", config.environment);
|
|
914
|
+
setIfAbsent("x-lucern-clerk-id", config.clerkId);
|
|
915
|
+
setIfAbsent("x-lucern-user-id", config.userId ?? config.clerkId);
|
|
916
|
+
setIfAbsent("x-lucern-deployment-host", config.deploymentHost);
|
|
917
|
+
const base = Object.fromEntries(headers.entries());
|
|
900
918
|
const authContextInput = await resolveConfiguredAuthContext(
|
|
901
919
|
config.authContext
|
|
902
920
|
);
|
|
@@ -2190,7 +2208,7 @@ function normalizeCanonicalPrincipalIdentity(input, options = {}) {
|
|
|
2190
2208
|
})) {
|
|
2191
2209
|
throw new LucernAccessControlError(
|
|
2192
2210
|
"clerk_alias_unrecognized",
|
|
2193
|
-
"Observed Clerk user id
|
|
2211
|
+
"Observed Clerk user id does not match the canonical human principal id."
|
|
2194
2212
|
);
|
|
2195
2213
|
}
|
|
2196
2214
|
return {
|
|
@@ -7792,7 +7810,7 @@ function createToolRegistryClient(config = {}) {
|
|
|
7792
7810
|
}
|
|
7793
7811
|
|
|
7794
7812
|
// ../sdk/src/version.ts
|
|
7795
|
-
var LUCERN_SDK_VERSION = "0.3.0-alpha.
|
|
7813
|
+
var LUCERN_SDK_VERSION = "0.3.0-alpha.17";
|
|
7796
7814
|
|
|
7797
7815
|
// ../sdk/src/workflowClient.ts
|
|
7798
7816
|
function normalizeLensQuery(value) {
|
|
@@ -8200,6 +8218,12 @@ function toGatewayConfig(config) {
|
|
|
8200
8218
|
return {
|
|
8201
8219
|
baseUrl: config.baseUrl,
|
|
8202
8220
|
fetchImpl: config.fetchImpl,
|
|
8221
|
+
apiKey: config.apiKey,
|
|
8222
|
+
userToken: config.userToken,
|
|
8223
|
+
environment: config.environment,
|
|
8224
|
+
clerkId: config.clerkId,
|
|
8225
|
+
userId: config.userId,
|
|
8226
|
+
deploymentHost: config.deploymentHost,
|
|
8203
8227
|
maxRetries: config.maxRetries,
|
|
8204
8228
|
timeoutMs: config.timeoutMs,
|
|
8205
8229
|
timeoutMsByMethod: config.timeoutMsByMethod,
|
|
@@ -8208,19 +8232,7 @@ function toGatewayConfig(config) {
|
|
|
8208
8232
|
onResponse: config.onResponse,
|
|
8209
8233
|
authContext: config.authContext,
|
|
8210
8234
|
requireCanonicalAuthContext: config.requireCanonicalAuthContext,
|
|
8211
|
-
getAuthHeaders:
|
|
8212
|
-
const base = config.getAuthHeaders ? await config.getAuthHeaders() : {};
|
|
8213
|
-
if (config.apiKey && !base["x-lucern-key"] && !base.Authorization) {
|
|
8214
|
-
base["x-lucern-key"] = config.apiKey;
|
|
8215
|
-
}
|
|
8216
|
-
if (config.userToken && !base["x-lucern-session-token"]) {
|
|
8217
|
-
base["x-lucern-session-token"] = config.userToken;
|
|
8218
|
-
}
|
|
8219
|
-
if (config.environment && !base["x-lucern-environment"]) {
|
|
8220
|
-
base["x-lucern-environment"] = config.environment;
|
|
8221
|
-
}
|
|
8222
|
-
return base;
|
|
8223
|
-
}
|
|
8235
|
+
getAuthHeaders: config.getAuthHeaders
|
|
8224
8236
|
};
|
|
8225
8237
|
}
|
|
8226
8238
|
function exposeGatewayData(response) {
|
|
@@ -11492,7 +11504,7 @@ var SESSION_LIFECYCLE_STATUSES = [
|
|
|
11492
11504
|
"revoked"
|
|
11493
11505
|
];
|
|
11494
11506
|
function inferSessionPrincipalType(principalId) {
|
|
11495
|
-
if (principalId
|
|
11507
|
+
if (/^user_[A-Za-z0-9]+$/.test(principalId)) {
|
|
11496
11508
|
return "human";
|
|
11497
11509
|
}
|
|
11498
11510
|
if (principalId.startsWith("agent:")) {
|
|
@@ -13975,7 +13987,7 @@ var IDENTITY_WHOAMI = {
|
|
|
13975
13987
|
response: {
|
|
13976
13988
|
description: "Canonical identity summary for the current session",
|
|
13977
13989
|
fields: {
|
|
13978
|
-
principalId: "string \u2014 canonical
|
|
13990
|
+
principalId: "string \u2014 canonical principal identifier; for humans this is the Clerk user_... ID",
|
|
13979
13991
|
principalType: "string \u2014 human, service, agent, group, or external_viewer",
|
|
13980
13992
|
tenantId: "string | undefined \u2014 resolved tenant scope",
|
|
13981
13993
|
workspaceId: "string | undefined \u2014 resolved workspace scope",
|
|
@@ -13989,7 +14001,7 @@ var IDENTITY_WHOAMI = {
|
|
|
13989
14001
|
};
|
|
13990
14002
|
var RESOLVE_INTERACTIVE_PRINCIPAL = {
|
|
13991
14003
|
name: "resolve_interactive_principal",
|
|
13992
|
-
description: "Read the Permit-backed Lucern principal context for an authenticated Clerk user. Like `git config --get user.email` plus the repository ACL \u2014 resolves the
|
|
14004
|
+
description: "Read the Permit-backed Lucern principal context for an authenticated Clerk user. Like `git config --get user.email` plus the repository ACL \u2014 resolves the Clerk subject into tenant/workspace authorization context.",
|
|
13993
14005
|
parameters: {
|
|
13994
14006
|
clerkId: {
|
|
13995
14007
|
type: "string",
|
|
@@ -14012,7 +14024,7 @@ var RESOLVE_INTERACTIVE_PRINCIPAL = {
|
|
|
14012
14024
|
response: {
|
|
14013
14025
|
description: "Permit-backed Lucern principal context for tenant SDK bootstrap",
|
|
14014
14026
|
fields: {
|
|
14015
|
-
principalId: "string \u2014 canonical
|
|
14027
|
+
principalId: "string \u2014 canonical Clerk user_... ID for human sessions",
|
|
14016
14028
|
principalType: "string \u2014 human, service, agent, group, or external_viewer",
|
|
14017
14029
|
clerkId: "string \u2014 authenticated Clerk subject alias",
|
|
14018
14030
|
tenantId: "string \u2014 resolved tenant scope",
|
|
@@ -14840,7 +14852,7 @@ var MANAGE_WRITE_POLICY = {
|
|
|
14840
14852
|
},
|
|
14841
14853
|
role: {
|
|
14842
14854
|
type: "string",
|
|
14843
|
-
description: "Role to set policy for (required for 'set'). E.g. 'agent:internal'
|
|
14855
|
+
description: "Role to set policy for (required for 'set'). E.g. 'agent:internal' or a Permit role key such as 'workspace_admin'."
|
|
14844
14856
|
},
|
|
14845
14857
|
permission: {
|
|
14846
14858
|
type: "string",
|
|
@@ -17893,6 +17905,7 @@ defineTable({
|
|
|
17893
17905
|
shape: z.object({
|
|
17894
17906
|
"tenantId": idOf("tenants"),
|
|
17895
17907
|
"workspaceId": idOf("workspaces").optional(),
|
|
17908
|
+
"environment": z.enum(["dev", "staging", "prod"]).optional(),
|
|
17896
17909
|
"keyPrefix": z.enum(["luc", "stk"]),
|
|
17897
17910
|
"keyHash": z.string(),
|
|
17898
17911
|
"keyHint": z.string(),
|
|
@@ -17920,7 +17933,7 @@ defineTable({
|
|
|
17920
17933
|
shape: z.object({
|
|
17921
17934
|
"tenantId": idOf("tenants").optional(),
|
|
17922
17935
|
"apiKeyId": idOf("apiKeys").optional(),
|
|
17923
|
-
"action": z.enum(["key_created", "key_revoked", "key_expired", "key_used", "tenant_secret_created", "tenant_secret_rotated", "tenant_secret_revoked", "tenant_slot_binding_upserted", "tenant_slot_binding_revoked", "proxy_token_minted", "proxy_token_lease_issued", "proxy_token_lease_renewed", "proxy_token_lease_revoked", "proxy_request_recorded", "tenant_created", "tenant_updated", "tenant_suspended", "tenant_archived", "tenant_reactivated", "principal_created", "principal_updated", "principal_suspended", "principal_identity_alias_upserted", "principal_identity_alias_revoked", "membership_created", "membership_updated", "membership_revoked", "group_created", "group_updated", "group_deleted", "group_member_added", "group_member_removed", "workspace_created", "workspace_updated", "workspace_archived", "workspace_deployment_set", "workspace_deployment_removed", "deployment_host_registered", "deployment_host_revoked", "service_key_created", "service_key_rotated", "service_key_revoked", "service_key_used", "service_key_auth_failed", "session_created", "session_validated", "session_revoked", "session_cascade_revoked", "session_expired", "sandbox_created", "sandbox_secret_injected", "sandbox_execution_started", "sandbox_execution_completed", "sandbox_limit_violated", "policy_created", "policy_updated", "policy_enforced", "policy_archived", "permit_sync_enqueued", "permit_sync_succeeded", "permit_sync_failed", "permit_sync_skipped", "agent_registered", "agent_updated", "tool_registered", "tool_updated", "pack_entitled", "pack_installed", "pack_enabled", "pack_disabled", "pack_entitlement_revoked", "pack_upgraded", "pack_upgrade_committed", "pack_upgrade_rolled_back", "pack_group_assigned", "pack_group_unassigned", "methodology_pack_created", "methodology_pack_updated", "methodology_pack_assigned", "methodology_pack_removed", "pack_assigned_to_group", "pack_revoked_from_group", "pack_ontology_materialized", "pack_ontology_topic_bound", "cutover_flag_set", "cutover_flag_cleared"]),
|
|
17936
|
+
"action": z.enum(["key_created", "key_revoked", "key_expired", "key_used", "tenant_secret_created", "tenant_secret_rotated", "tenant_secret_revoked", "tenant_slot_binding_upserted", "tenant_slot_binding_revoked", "proxy_token_minted", "proxy_token_lease_issued", "proxy_token_lease_renewed", "proxy_token_lease_revoked", "proxy_request_recorded", "tenant_created", "tenant_updated", "tenant_suspended", "tenant_archived", "tenant_reactivated", "tenant_clerk_organization_linked", "principal_created", "principal_updated", "principal_suspended", "principal_identity_alias_upserted", "principal_identity_alias_revoked", "membership_created", "membership_updated", "membership_revoked", "group_created", "group_updated", "group_deleted", "group_member_added", "group_member_removed", "workspace_created", "workspace_updated", "workspace_archived", "workspace_deployment_set", "workspace_deployment_removed", "deployment_host_registered", "deployment_host_revoked", "service_key_created", "service_key_rotated", "service_key_revoked", "service_key_used", "service_key_auth_failed", "session_created", "session_validated", "session_revoked", "session_cascade_revoked", "session_expired", "sandbox_created", "sandbox_secret_injected", "sandbox_execution_started", "sandbox_execution_completed", "sandbox_limit_violated", "policy_created", "policy_updated", "policy_enforced", "policy_archived", "permit_sync_enqueued", "permit_sync_succeeded", "permit_sync_failed", "permit_sync_skipped", "agent_registered", "agent_updated", "tool_registered", "tool_updated", "pack_entitled", "pack_installed", "pack_enabled", "pack_disabled", "pack_entitlement_revoked", "pack_upgraded", "pack_upgrade_committed", "pack_upgrade_rolled_back", "pack_group_assigned", "pack_group_unassigned", "methodology_pack_created", "methodology_pack_updated", "methodology_pack_assigned", "methodology_pack_removed", "pack_assigned_to_group", "pack_revoked_from_group", "pack_ontology_materialized", "pack_ontology_topic_bound", "cutover_flag_set", "cutover_flag_cleared"]),
|
|
17924
17937
|
"actorClerkId": z.string(),
|
|
17925
17938
|
"details": z.any().optional(),
|
|
17926
17939
|
"createdAt": z.number()
|
|
@@ -23131,6 +23144,21 @@ var INFISICAL_RUNTIME_PATHS = [
|
|
|
23131
23144
|
}
|
|
23132
23145
|
]
|
|
23133
23146
|
},
|
|
23147
|
+
{
|
|
23148
|
+
id: "platform-operator-credentials",
|
|
23149
|
+
secretPath: "/platform/runtime",
|
|
23150
|
+
description: "Lucern-owned operator credential material for local CLI, MCP, and SDK sessions.",
|
|
23151
|
+
variables: [
|
|
23152
|
+
{
|
|
23153
|
+
name: "LUCERN_API_KEY",
|
|
23154
|
+
required: false,
|
|
23155
|
+
secret: true,
|
|
23156
|
+
public: false,
|
|
23157
|
+
aliases: ["LUCERN_KEY"],
|
|
23158
|
+
description: "Lucern-owned operator API key for gateway calls from trusted local tooling."
|
|
23159
|
+
}
|
|
23160
|
+
]
|
|
23161
|
+
},
|
|
23134
23162
|
{
|
|
23135
23163
|
id: "tenant-shared-install",
|
|
23136
23164
|
secretPath: TENANT_CLIENT_INSTALL_TOKEN_INFISICAL_PATH,
|
|
@@ -23166,7 +23194,7 @@ var INFISICAL_RUNTIME_SURFACES = [
|
|
|
23166
23194
|
id: "lucern-sdk",
|
|
23167
23195
|
packageName: "@lucern/sdk",
|
|
23168
23196
|
delivery: "runtime_fetch",
|
|
23169
|
-
sourcePathIds: ["platform-runtime"],
|
|
23197
|
+
sourcePathIds: ["platform-runtime", "platform-operator-credentials"],
|
|
23170
23198
|
consumer: "server-side SDK operator contexts with a scoped Infisical identity",
|
|
23171
23199
|
description: "SDK exposes the runtime Infisical resolver used by clients that have machine identity credentials."
|
|
23172
23200
|
},
|
|
@@ -23175,7 +23203,7 @@ var INFISICAL_RUNTIME_SURFACES = [
|
|
|
23175
23203
|
packageName: "@lucern/cli",
|
|
23176
23204
|
delivery: "runtime_fetch",
|
|
23177
23205
|
fallback: "device_auth",
|
|
23178
|
-
sourcePathIds: ["platform-runtime"],
|
|
23206
|
+
sourcePathIds: ["platform-runtime", "platform-operator-credentials"],
|
|
23179
23207
|
consumer: "developer/operator CLI processes",
|
|
23180
23208
|
description: "CLI hydrates runtime defaults from Infisical when configured, then authenticates users through Lucern device login."
|
|
23181
23209
|
},
|
|
@@ -23184,7 +23212,7 @@ var INFISICAL_RUNTIME_SURFACES = [
|
|
|
23184
23212
|
packageName: "@lucern/mcp",
|
|
23185
23213
|
delivery: "runtime_fetch",
|
|
23186
23214
|
fallback: "device_auth",
|
|
23187
|
-
sourcePathIds: ["platform-runtime"],
|
|
23215
|
+
sourcePathIds: ["platform-runtime", "platform-operator-credentials"],
|
|
23188
23216
|
consumer: "MCP server/client processes",
|
|
23189
23217
|
description: "MCP hydrates runtime defaults through the SDK resolver and remains a Lucern client, not a platform secret owner."
|
|
23190
23218
|
},
|
|
@@ -25665,9 +25693,33 @@ var GENERATED_INFISICAL_RUNTIME_ENV = {
|
|
|
25665
25693
|
"consumer": "server-side SDK operator contexts with a scoped Infisical identity",
|
|
25666
25694
|
"description": "SDK exposes the runtime Infisical resolver used by clients that have machine identity credentials.",
|
|
25667
25695
|
"sourcePathIds": [
|
|
25668
|
-
"platform-runtime"
|
|
25696
|
+
"platform-runtime",
|
|
25697
|
+
"platform-operator-credentials"
|
|
25669
25698
|
],
|
|
25670
25699
|
"variables": [
|
|
25700
|
+
{
|
|
25701
|
+
"canonicalName": "LUCERN_API_KEY",
|
|
25702
|
+
"envNames": [
|
|
25703
|
+
"LUCERN_API_KEY",
|
|
25704
|
+
"LUCERN_KEY"
|
|
25705
|
+
],
|
|
25706
|
+
"aliases": [
|
|
25707
|
+
"LUCERN_KEY"
|
|
25708
|
+
],
|
|
25709
|
+
"writeNames": [
|
|
25710
|
+
"LUCERN_API_KEY"
|
|
25711
|
+
],
|
|
25712
|
+
"required": false,
|
|
25713
|
+
"secret": true,
|
|
25714
|
+
"public": false,
|
|
25715
|
+
"sourcePath": "/platform/runtime",
|
|
25716
|
+
"environmentPolicy": "environment_specific",
|
|
25717
|
+
"consumers": [
|
|
25718
|
+
"lucern-sdk"
|
|
25719
|
+
],
|
|
25720
|
+
"destinations": [],
|
|
25721
|
+
"description": "Lucern-owned operator API key for gateway calls from trusted local tooling."
|
|
25722
|
+
},
|
|
25671
25723
|
{
|
|
25672
25724
|
"canonicalName": "LUCERN_API_URL",
|
|
25673
25725
|
"envNames": [
|
|
@@ -25768,9 +25820,57 @@ var GENERATED_INFISICAL_RUNTIME_ENV = {
|
|
|
25768
25820
|
"consumer": "developer/operator CLI processes",
|
|
25769
25821
|
"description": "CLI hydrates runtime defaults from Infisical when configured, then authenticates users through Lucern device login.",
|
|
25770
25822
|
"sourcePathIds": [
|
|
25771
|
-
"platform-runtime"
|
|
25823
|
+
"platform-runtime",
|
|
25824
|
+
"platform-operator-credentials"
|
|
25772
25825
|
],
|
|
25773
25826
|
"variables": [
|
|
25827
|
+
{
|
|
25828
|
+
"canonicalName": "LUCERN_API_KEY",
|
|
25829
|
+
"envNames": [
|
|
25830
|
+
"LUCERN_API_KEY",
|
|
25831
|
+
"LUCERN_KEY"
|
|
25832
|
+
],
|
|
25833
|
+
"aliases": [
|
|
25834
|
+
"LUCERN_KEY"
|
|
25835
|
+
],
|
|
25836
|
+
"writeNames": [
|
|
25837
|
+
"LUCERN_API_KEY"
|
|
25838
|
+
],
|
|
25839
|
+
"required": false,
|
|
25840
|
+
"secret": true,
|
|
25841
|
+
"public": false,
|
|
25842
|
+
"sourcePath": "/platform/runtime",
|
|
25843
|
+
"environmentPolicy": "environment_specific",
|
|
25844
|
+
"consumers": [
|
|
25845
|
+
"lucern-cli",
|
|
25846
|
+
"lucern-mcp",
|
|
25847
|
+
"lucern-repo-ci"
|
|
25848
|
+
],
|
|
25849
|
+
"destinations": [
|
|
25850
|
+
{
|
|
25851
|
+
"kind": "runtime_fetch",
|
|
25852
|
+
"target": "lucern-cli-mcp-sdk",
|
|
25853
|
+
"writeNames": [
|
|
25854
|
+
"LUCERN_API_KEY"
|
|
25855
|
+
]
|
|
25856
|
+
},
|
|
25857
|
+
{
|
|
25858
|
+
"kind": "operator_local",
|
|
25859
|
+
"target": "lucern-repo",
|
|
25860
|
+
"writeNames": [
|
|
25861
|
+
"LUCERN_API_KEY"
|
|
25862
|
+
]
|
|
25863
|
+
},
|
|
25864
|
+
{
|
|
25865
|
+
"kind": "github_actions",
|
|
25866
|
+
"target": "LucernAI/lucern",
|
|
25867
|
+
"writeNames": [
|
|
25868
|
+
"LUCERN_API_KEY"
|
|
25869
|
+
]
|
|
25870
|
+
}
|
|
25871
|
+
],
|
|
25872
|
+
"description": "Lucern-owned operator API key for gateway calls from trusted local tooling. Lucern-owned operator API key for trusted CLI/MCP/CI calls. Source it from /platform/runtime; do not persist it into local user credential files."
|
|
25873
|
+
},
|
|
25774
25874
|
{
|
|
25775
25875
|
"canonicalName": "LUCERN_API_URL",
|
|
25776
25876
|
"envNames": [
|
|
@@ -26109,7 +26209,8 @@ var GENERATED_INFISICAL_RUNTIME_ENV = {
|
|
|
26109
26209
|
"consumer": "MCP server/client processes",
|
|
26110
26210
|
"description": "MCP hydrates runtime defaults through the SDK resolver and remains a Lucern client, not a platform secret owner.",
|
|
26111
26211
|
"sourcePathIds": [
|
|
26112
|
-
"platform-runtime"
|
|
26212
|
+
"platform-runtime",
|
|
26213
|
+
"platform-operator-credentials"
|
|
26113
26214
|
],
|
|
26114
26215
|
"variables": [
|
|
26115
26216
|
{
|
|
@@ -26197,6 +26298,53 @@ var GENERATED_INFISICAL_RUNTIME_ENV = {
|
|
|
26197
26298
|
],
|
|
26198
26299
|
"description": "Lucern-owned Clerk backend secret. Never route to tenant-owned apps unless that tenant is Lucern itself."
|
|
26199
26300
|
},
|
|
26301
|
+
{
|
|
26302
|
+
"canonicalName": "LUCERN_API_KEY",
|
|
26303
|
+
"envNames": [
|
|
26304
|
+
"LUCERN_API_KEY",
|
|
26305
|
+
"LUCERN_KEY"
|
|
26306
|
+
],
|
|
26307
|
+
"aliases": [
|
|
26308
|
+
"LUCERN_KEY"
|
|
26309
|
+
],
|
|
26310
|
+
"writeNames": [
|
|
26311
|
+
"LUCERN_API_KEY"
|
|
26312
|
+
],
|
|
26313
|
+
"required": false,
|
|
26314
|
+
"secret": true,
|
|
26315
|
+
"public": false,
|
|
26316
|
+
"sourcePath": "/platform/runtime",
|
|
26317
|
+
"environmentPolicy": "environment_specific",
|
|
26318
|
+
"consumers": [
|
|
26319
|
+
"lucern-cli",
|
|
26320
|
+
"lucern-mcp",
|
|
26321
|
+
"lucern-repo-ci"
|
|
26322
|
+
],
|
|
26323
|
+
"destinations": [
|
|
26324
|
+
{
|
|
26325
|
+
"kind": "runtime_fetch",
|
|
26326
|
+
"target": "lucern-cli-mcp-sdk",
|
|
26327
|
+
"writeNames": [
|
|
26328
|
+
"LUCERN_API_KEY"
|
|
26329
|
+
]
|
|
26330
|
+
},
|
|
26331
|
+
{
|
|
26332
|
+
"kind": "operator_local",
|
|
26333
|
+
"target": "lucern-repo",
|
|
26334
|
+
"writeNames": [
|
|
26335
|
+
"LUCERN_API_KEY"
|
|
26336
|
+
]
|
|
26337
|
+
},
|
|
26338
|
+
{
|
|
26339
|
+
"kind": "github_actions",
|
|
26340
|
+
"target": "LucernAI/lucern",
|
|
26341
|
+
"writeNames": [
|
|
26342
|
+
"LUCERN_API_KEY"
|
|
26343
|
+
]
|
|
26344
|
+
}
|
|
26345
|
+
],
|
|
26346
|
+
"description": "Lucern-owned operator API key for gateway calls from trusted local tooling. Lucern-owned operator API key for trusted CLI/MCP/CI calls. Source it from /platform/runtime; do not persist it into local user credential files."
|
|
26347
|
+
},
|
|
26200
26348
|
{
|
|
26201
26349
|
"canonicalName": "LUCERN_API_URL",
|
|
26202
26350
|
"envNames": [
|
|
@@ -26937,7 +27085,7 @@ function compactRecord2(input) {
|
|
|
26937
27085
|
Object.entries(input).filter(([, value]) => value !== void 0)
|
|
26938
27086
|
);
|
|
26939
27087
|
}
|
|
26940
|
-
|
|
27088
|
+
defineProjection({
|
|
26941
27089
|
contractName: "list_beliefs",
|
|
26942
27090
|
inputSchema: listBeliefsInputSchema,
|
|
26943
27091
|
project: (input) => compactRecord2({
|
|
@@ -27566,11 +27714,8 @@ var identityContracts = [
|
|
|
27566
27714
|
sdkNamespace: "identity",
|
|
27567
27715
|
sdkMethod: "whoami",
|
|
27568
27716
|
summary: "Describe the current gateway principal.",
|
|
27569
|
-
|
|
27570
|
-
|
|
27571
|
-
functionName: "whoami",
|
|
27572
|
-
kind: "query",
|
|
27573
|
-
inputProjection: withPrincipal
|
|
27717
|
+
gateway: {
|
|
27718
|
+
handler: "identity.whoami"
|
|
27574
27719
|
}
|
|
27575
27720
|
}),
|
|
27576
27721
|
surfaceContract({
|
|
@@ -27590,7 +27735,7 @@ var identityContracts = [
|
|
|
27590
27735
|
providerProjectId: z.string().min(1).optional()
|
|
27591
27736
|
}),
|
|
27592
27737
|
convex: {
|
|
27593
|
-
module: "
|
|
27738
|
+
module: "platform",
|
|
27594
27739
|
functionName: "resolveInteractivePrincipal",
|
|
27595
27740
|
kind: "query"
|
|
27596
27741
|
}
|
|
@@ -27674,15 +27819,6 @@ var beliefLookupInput = (input) => compactRecord4({
|
|
|
27674
27819
|
var beliefNodeInput = (input) => compactRecord4({
|
|
27675
27820
|
nodeId: input.nodeId ?? input.id ?? input.beliefId
|
|
27676
27821
|
});
|
|
27677
|
-
var beliefTopicInput = (input) => {
|
|
27678
|
-
const parsed = listBeliefsProjection.inputSchema.safeParse(input);
|
|
27679
|
-
if (!parsed.success) {
|
|
27680
|
-
throw new Error(
|
|
27681
|
-
`list_beliefs projection input rejected: ${parsed.error.message}`
|
|
27682
|
-
);
|
|
27683
|
-
}
|
|
27684
|
-
return compactRecord4(listBeliefsProjection.project(parsed.data));
|
|
27685
|
-
};
|
|
27686
27822
|
var createBeliefInput = (input, context) => {
|
|
27687
27823
|
return withUserId(
|
|
27688
27824
|
compactRecord4({
|
|
@@ -27771,11 +27907,8 @@ var beliefsContracts = [
|
|
|
27771
27907
|
sdkNamespace: "beliefs",
|
|
27772
27908
|
sdkMethod: "listBeliefs",
|
|
27773
27909
|
summary: "List beliefs for a topic.",
|
|
27774
|
-
|
|
27775
|
-
|
|
27776
|
-
functionName: "getByTopic",
|
|
27777
|
-
kind: "query",
|
|
27778
|
-
inputProjection: beliefTopicInput
|
|
27910
|
+
gateway: {
|
|
27911
|
+
handler: "beliefs.list"
|
|
27779
27912
|
},
|
|
27780
27913
|
args: listBeliefsInputSchema
|
|
27781
27914
|
}),
|
|
@@ -27960,12 +28093,6 @@ var evidenceIdInput = (input) => compactRecord4({
|
|
|
27960
28093
|
insightId: input.insightId,
|
|
27961
28094
|
nodeId: input.nodeId ?? input.id ?? input.evidenceId
|
|
27962
28095
|
});
|
|
27963
|
-
var evidenceTopicInput = (input) => compactRecord4({
|
|
27964
|
-
topicId: input.topicId,
|
|
27965
|
-
status: input.status,
|
|
27966
|
-
userId: input.userId,
|
|
27967
|
-
limit: input.limit
|
|
27968
|
-
});
|
|
27969
28096
|
var createEvidenceInput = (input, context) => {
|
|
27970
28097
|
const parsed = createEvidenceProjection.inputSchema.safeParse(input);
|
|
27971
28098
|
if (!parsed.success) {
|
|
@@ -28096,11 +28223,8 @@ var evidenceContracts = [
|
|
|
28096
28223
|
sdkNamespace: "evidence",
|
|
28097
28224
|
sdkMethod: "listEvidence",
|
|
28098
28225
|
summary: "List evidence for a topic.",
|
|
28099
|
-
|
|
28100
|
-
|
|
28101
|
-
functionName: "getByTopic",
|
|
28102
|
-
kind: "query",
|
|
28103
|
-
inputProjection: evidenceTopicInput
|
|
28226
|
+
gateway: {
|
|
28227
|
+
handler: "evidence.list"
|
|
28104
28228
|
}
|
|
28105
28229
|
}),
|
|
28106
28230
|
surfaceContract({
|
|
@@ -28335,11 +28459,8 @@ var questionsContracts = [
|
|
|
28335
28459
|
sdkNamespace: "questions",
|
|
28336
28460
|
sdkMethod: "listQuestions",
|
|
28337
28461
|
summary: "List questions for a topic.",
|
|
28338
|
-
|
|
28339
|
-
|
|
28340
|
-
functionName: "getByTopic",
|
|
28341
|
-
kind: "query",
|
|
28342
|
-
inputProjection: questionTopicInput
|
|
28462
|
+
gateway: {
|
|
28463
|
+
handler: "questions.list"
|
|
28343
28464
|
}
|
|
28344
28465
|
}),
|
|
28345
28466
|
surfaceContract({
|
|
@@ -29444,6 +29565,19 @@ var worktreeEvidenceSignalInputSchema = z.object({
|
|
|
29444
29565
|
progress: z.string().optional().describe("Collection progress note for the signal."),
|
|
29445
29566
|
notes: z.string().optional().describe("Additional evidence collection notes.")
|
|
29446
29567
|
}).passthrough().describe("Evidence signal embedded in the worktree plan.");
|
|
29568
|
+
var worktreeDocCompanionTargetSchema = z.object({
|
|
29569
|
+
docPath: z.string().describe(
|
|
29570
|
+
"Repo-relative path to a documentation file the worktree promises to update."
|
|
29571
|
+
),
|
|
29572
|
+
sectionAnchor: z.string().optional().describe(
|
|
29573
|
+
"Markdown heading anchor (e.g. '## Function-surface manifest') that scopes the promised update."
|
|
29574
|
+
),
|
|
29575
|
+
reason: z.string().describe(
|
|
29576
|
+
"Why this doc section must be updated for the worktree to be complete."
|
|
29577
|
+
)
|
|
29578
|
+
}).passthrough().describe(
|
|
29579
|
+
"Intent-driven docs companion target. pr-gate-reviewer verifies that the PR actually touches each declared (docPath, sectionAnchor). Distinct from the touch-driven docs-loop. See docs/development/docs-sync-discipline.md Lock 3."
|
|
29580
|
+
);
|
|
29447
29581
|
var worktreeDecisionGateInputSchema = z.object({
|
|
29448
29582
|
goCriteria: z.array(z.string()).describe("Criteria that must hold for the worktree to proceed."),
|
|
29449
29583
|
noGoSignals: z.array(z.string()).describe("Signals that stop or redirect the worktree."),
|
|
@@ -29476,6 +29610,9 @@ var addWorktreeArgs = z.object({
|
|
|
29476
29610
|
keyQuestions: z.array(worktreeKeyQuestionInputSchema).optional().describe("Inline key questions captured as part of the worktree plan."),
|
|
29477
29611
|
evidenceSignals: z.array(worktreeEvidenceSignalInputSchema).optional().describe("Evidence signals the worktree needs to collect or validate."),
|
|
29478
29612
|
decisionGate: worktreeDecisionGateInputSchema.optional(),
|
|
29613
|
+
docCompanionTargets: z.array(worktreeDocCompanionTargetSchema).optional().describe(
|
|
29614
|
+
"Doc sections the worktree promises to update at PR time. Enforced by pr-gate-reviewer (Lock 3)."
|
|
29615
|
+
),
|
|
29479
29616
|
goCriteria: z.array(z.string()).optional().describe("Shorthand go criteria used to build decisionGate."),
|
|
29480
29617
|
noGoSignals: z.array(z.string()).optional().describe("Shorthand no-go signals used to build decisionGate."),
|
|
29481
29618
|
proofArtifacts: z.array(z.unknown()).optional().describe("Expected proof artifacts required to close the worktree."),
|
|
@@ -34658,7 +34795,7 @@ function createLucernStandaloneMcpServer(options) {
|
|
|
34658
34795
|
});
|
|
34659
34796
|
const server = new McpServer({
|
|
34660
34797
|
name: "lucern-mcp",
|
|
34661
|
-
version: "0.3.0-alpha.
|
|
34798
|
+
version: "0.3.0-alpha.17"
|
|
34662
34799
|
});
|
|
34663
34800
|
registerTools(server, runtime);
|
|
34664
34801
|
const resources = registerResources(server, runtime, observationStore);
|