@lucern/mcp 0.3.0-alpha.15 → 0.3.0-alpha.17
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +2 -1
- package/dist/cli.js +205 -72
- package/dist/cli.js.map +1 -1
- package/dist/gateway.js +763 -136
- package/dist/gateway.js.map +1 -1
- package/dist/hosted-route.js +203 -66
- package/dist/hosted-route.js.map +1 -1
- package/dist/index.js +205 -72
- package/dist/index.js.map +1 -1
- package/dist/runtime.js +33 -43
- package/dist/runtime.js.map +1 -1
- package/package.json +9 -8
package/dist/index.js
CHANGED
|
@@ -302,13 +302,9 @@ function loadProfile(options) {
|
|
|
302
302
|
const localEnv = options.readLocalEnv === false ? {} : readLocalEnvFiles(options.cwd);
|
|
303
303
|
const mergedEnv = { ...localEnv, ...options.env };
|
|
304
304
|
const envProfile = profileFromEnvironment(mergedEnv);
|
|
305
|
-
const hasEnvCredentials = Boolean(
|
|
306
|
-
envProfile.apiKey || envProfile.userToken || envProfile.packKey
|
|
307
|
-
);
|
|
308
|
-
const explicitProfileSelected = options.profileName !== void 0 || mergedEnv.LUCERN_PROFILE !== void 0;
|
|
309
305
|
const selectedProfile = options.profileName ?? mergedEnv.LUCERN_PROFILE ?? profiles.activeProfile ?? credentials.LUCERN_PROFILE ?? "default";
|
|
310
|
-
const selected =
|
|
311
|
-
const savedProfile =
|
|
306
|
+
const selected = selectedProfile;
|
|
307
|
+
const savedProfile = profiles.profiles?.[selectedProfile] ?? {};
|
|
312
308
|
const credentialsProfile = {
|
|
313
309
|
apiKey: credentials.LUCERN_API_KEY,
|
|
314
310
|
userToken: readFirst(credentials, ["LUCERN_SESSION_TOKEN", "LUCERN_USER_TOKEN"]),
|
|
@@ -1342,6 +1338,7 @@ defineTable({
|
|
|
1342
1338
|
shape: z.object({
|
|
1343
1339
|
"tenantId": idOf("tenants"),
|
|
1344
1340
|
"workspaceId": idOf("workspaces").optional(),
|
|
1341
|
+
"environment": z.enum(["dev", "staging", "prod"]).optional(),
|
|
1345
1342
|
"keyPrefix": z.enum(["luc", "stk"]),
|
|
1346
1343
|
"keyHash": z.string(),
|
|
1347
1344
|
"keyHint": z.string(),
|
|
@@ -1369,7 +1366,7 @@ defineTable({
|
|
|
1369
1366
|
shape: z.object({
|
|
1370
1367
|
"tenantId": idOf("tenants").optional(),
|
|
1371
1368
|
"apiKeyId": idOf("apiKeys").optional(),
|
|
1372
|
-
"action": z.enum(["key_created", "key_revoked", "key_expired", "key_used", "tenant_secret_created", "tenant_secret_rotated", "tenant_secret_revoked", "tenant_slot_binding_upserted", "tenant_slot_binding_revoked", "proxy_token_minted", "proxy_token_lease_issued", "proxy_token_lease_renewed", "proxy_token_lease_revoked", "proxy_request_recorded", "tenant_created", "tenant_updated", "tenant_suspended", "tenant_archived", "tenant_reactivated", "principal_created", "principal_updated", "principal_suspended", "principal_identity_alias_upserted", "principal_identity_alias_revoked", "membership_created", "membership_updated", "membership_revoked", "group_created", "group_updated", "group_deleted", "group_member_added", "group_member_removed", "workspace_created", "workspace_updated", "workspace_archived", "workspace_deployment_set", "workspace_deployment_removed", "deployment_host_registered", "deployment_host_revoked", "service_key_created", "service_key_rotated", "service_key_revoked", "service_key_used", "service_key_auth_failed", "session_created", "session_validated", "session_revoked", "session_cascade_revoked", "session_expired", "sandbox_created", "sandbox_secret_injected", "sandbox_execution_started", "sandbox_execution_completed", "sandbox_limit_violated", "policy_created", "policy_updated", "policy_enforced", "policy_archived", "permit_sync_enqueued", "permit_sync_succeeded", "permit_sync_failed", "permit_sync_skipped", "agent_registered", "agent_updated", "tool_registered", "tool_updated", "pack_entitled", "pack_installed", "pack_enabled", "pack_disabled", "pack_entitlement_revoked", "pack_upgraded", "pack_upgrade_committed", "pack_upgrade_rolled_back", "pack_group_assigned", "pack_group_unassigned", "methodology_pack_created", "methodology_pack_updated", "methodology_pack_assigned", "methodology_pack_removed", "pack_assigned_to_group", "pack_revoked_from_group", "pack_ontology_materialized", "pack_ontology_topic_bound", "cutover_flag_set", "cutover_flag_cleared"]),
|
|
1369
|
+
"action": z.enum(["key_created", "key_revoked", "key_expired", "key_used", "tenant_secret_created", "tenant_secret_rotated", "tenant_secret_revoked", "tenant_slot_binding_upserted", "tenant_slot_binding_revoked", "proxy_token_minted", "proxy_token_lease_issued", "proxy_token_lease_renewed", "proxy_token_lease_revoked", "proxy_request_recorded", "tenant_created", "tenant_updated", "tenant_suspended", "tenant_archived", "tenant_reactivated", "tenant_clerk_organization_linked", "principal_created", "principal_updated", "principal_suspended", "principal_identity_alias_upserted", "principal_identity_alias_revoked", "membership_created", "membership_updated", "membership_revoked", "group_created", "group_updated", "group_deleted", "group_member_added", "group_member_removed", "workspace_created", "workspace_updated", "workspace_archived", "workspace_deployment_set", "workspace_deployment_removed", "deployment_host_registered", "deployment_host_revoked", "service_key_created", "service_key_rotated", "service_key_revoked", "service_key_used", "service_key_auth_failed", "session_created", "session_validated", "session_revoked", "session_cascade_revoked", "session_expired", "sandbox_created", "sandbox_secret_injected", "sandbox_execution_started", "sandbox_execution_completed", "sandbox_limit_violated", "policy_created", "policy_updated", "policy_enforced", "policy_archived", "permit_sync_enqueued", "permit_sync_succeeded", "permit_sync_failed", "permit_sync_skipped", "agent_registered", "agent_updated", "tool_registered", "tool_updated", "pack_entitled", "pack_installed", "pack_enabled", "pack_disabled", "pack_entitlement_revoked", "pack_upgraded", "pack_upgrade_committed", "pack_upgrade_rolled_back", "pack_group_assigned", "pack_group_unassigned", "methodology_pack_created", "methodology_pack_updated", "methodology_pack_assigned", "methodology_pack_removed", "pack_assigned_to_group", "pack_revoked_from_group", "pack_ontology_materialized", "pack_ontology_topic_bound", "cutover_flag_set", "cutover_flag_cleared"]),
|
|
1373
1370
|
"actorClerkId": z.string(),
|
|
1374
1371
|
"details": z.any().optional(),
|
|
1375
1372
|
"createdAt": z.number()
|
|
@@ -6580,6 +6577,21 @@ var INFISICAL_RUNTIME_PATHS = [
|
|
|
6580
6577
|
}
|
|
6581
6578
|
]
|
|
6582
6579
|
},
|
|
6580
|
+
{
|
|
6581
|
+
id: "platform-operator-credentials",
|
|
6582
|
+
secretPath: "/platform/runtime",
|
|
6583
|
+
description: "Lucern-owned operator credential material for local CLI, MCP, and SDK sessions.",
|
|
6584
|
+
variables: [
|
|
6585
|
+
{
|
|
6586
|
+
name: "LUCERN_API_KEY",
|
|
6587
|
+
required: false,
|
|
6588
|
+
secret: true,
|
|
6589
|
+
public: false,
|
|
6590
|
+
aliases: ["LUCERN_KEY"],
|
|
6591
|
+
description: "Lucern-owned operator API key for gateway calls from trusted local tooling."
|
|
6592
|
+
}
|
|
6593
|
+
]
|
|
6594
|
+
},
|
|
6583
6595
|
{
|
|
6584
6596
|
id: "tenant-shared-install",
|
|
6585
6597
|
secretPath: TENANT_CLIENT_INSTALL_TOKEN_INFISICAL_PATH,
|
|
@@ -6615,7 +6627,7 @@ var INFISICAL_RUNTIME_SURFACES = [
|
|
|
6615
6627
|
id: "lucern-sdk",
|
|
6616
6628
|
packageName: "@lucern/sdk",
|
|
6617
6629
|
delivery: "runtime_fetch",
|
|
6618
|
-
sourcePathIds: ["platform-runtime"],
|
|
6630
|
+
sourcePathIds: ["platform-runtime", "platform-operator-credentials"],
|
|
6619
6631
|
consumer: "server-side SDK operator contexts with a scoped Infisical identity",
|
|
6620
6632
|
description: "SDK exposes the runtime Infisical resolver used by clients that have machine identity credentials."
|
|
6621
6633
|
},
|
|
@@ -6624,7 +6636,7 @@ var INFISICAL_RUNTIME_SURFACES = [
|
|
|
6624
6636
|
packageName: "@lucern/cli",
|
|
6625
6637
|
delivery: "runtime_fetch",
|
|
6626
6638
|
fallback: "device_auth",
|
|
6627
|
-
sourcePathIds: ["platform-runtime"],
|
|
6639
|
+
sourcePathIds: ["platform-runtime", "platform-operator-credentials"],
|
|
6628
6640
|
consumer: "developer/operator CLI processes",
|
|
6629
6641
|
description: "CLI hydrates runtime defaults from Infisical when configured, then authenticates users through Lucern device login."
|
|
6630
6642
|
},
|
|
@@ -6633,7 +6645,7 @@ var INFISICAL_RUNTIME_SURFACES = [
|
|
|
6633
6645
|
packageName: "@lucern/mcp",
|
|
6634
6646
|
delivery: "runtime_fetch",
|
|
6635
6647
|
fallback: "device_auth",
|
|
6636
|
-
sourcePathIds: ["platform-runtime"],
|
|
6648
|
+
sourcePathIds: ["platform-runtime", "platform-operator-credentials"],
|
|
6637
6649
|
consumer: "MCP server/client processes",
|
|
6638
6650
|
description: "MCP hydrates runtime defaults through the SDK resolver and remains a Lucern client, not a platform secret owner."
|
|
6639
6651
|
},
|
|
@@ -9114,9 +9126,33 @@ var GENERATED_INFISICAL_RUNTIME_ENV = {
|
|
|
9114
9126
|
"consumer": "server-side SDK operator contexts with a scoped Infisical identity",
|
|
9115
9127
|
"description": "SDK exposes the runtime Infisical resolver used by clients that have machine identity credentials.",
|
|
9116
9128
|
"sourcePathIds": [
|
|
9117
|
-
"platform-runtime"
|
|
9129
|
+
"platform-runtime",
|
|
9130
|
+
"platform-operator-credentials"
|
|
9118
9131
|
],
|
|
9119
9132
|
"variables": [
|
|
9133
|
+
{
|
|
9134
|
+
"canonicalName": "LUCERN_API_KEY",
|
|
9135
|
+
"envNames": [
|
|
9136
|
+
"LUCERN_API_KEY",
|
|
9137
|
+
"LUCERN_KEY"
|
|
9138
|
+
],
|
|
9139
|
+
"aliases": [
|
|
9140
|
+
"LUCERN_KEY"
|
|
9141
|
+
],
|
|
9142
|
+
"writeNames": [
|
|
9143
|
+
"LUCERN_API_KEY"
|
|
9144
|
+
],
|
|
9145
|
+
"required": false,
|
|
9146
|
+
"secret": true,
|
|
9147
|
+
"public": false,
|
|
9148
|
+
"sourcePath": "/platform/runtime",
|
|
9149
|
+
"environmentPolicy": "environment_specific",
|
|
9150
|
+
"consumers": [
|
|
9151
|
+
"lucern-sdk"
|
|
9152
|
+
],
|
|
9153
|
+
"destinations": [],
|
|
9154
|
+
"description": "Lucern-owned operator API key for gateway calls from trusted local tooling."
|
|
9155
|
+
},
|
|
9120
9156
|
{
|
|
9121
9157
|
"canonicalName": "LUCERN_API_URL",
|
|
9122
9158
|
"envNames": [
|
|
@@ -9217,9 +9253,57 @@ var GENERATED_INFISICAL_RUNTIME_ENV = {
|
|
|
9217
9253
|
"consumer": "developer/operator CLI processes",
|
|
9218
9254
|
"description": "CLI hydrates runtime defaults from Infisical when configured, then authenticates users through Lucern device login.",
|
|
9219
9255
|
"sourcePathIds": [
|
|
9220
|
-
"platform-runtime"
|
|
9256
|
+
"platform-runtime",
|
|
9257
|
+
"platform-operator-credentials"
|
|
9221
9258
|
],
|
|
9222
9259
|
"variables": [
|
|
9260
|
+
{
|
|
9261
|
+
"canonicalName": "LUCERN_API_KEY",
|
|
9262
|
+
"envNames": [
|
|
9263
|
+
"LUCERN_API_KEY",
|
|
9264
|
+
"LUCERN_KEY"
|
|
9265
|
+
],
|
|
9266
|
+
"aliases": [
|
|
9267
|
+
"LUCERN_KEY"
|
|
9268
|
+
],
|
|
9269
|
+
"writeNames": [
|
|
9270
|
+
"LUCERN_API_KEY"
|
|
9271
|
+
],
|
|
9272
|
+
"required": false,
|
|
9273
|
+
"secret": true,
|
|
9274
|
+
"public": false,
|
|
9275
|
+
"sourcePath": "/platform/runtime",
|
|
9276
|
+
"environmentPolicy": "environment_specific",
|
|
9277
|
+
"consumers": [
|
|
9278
|
+
"lucern-cli",
|
|
9279
|
+
"lucern-mcp",
|
|
9280
|
+
"lucern-repo-ci"
|
|
9281
|
+
],
|
|
9282
|
+
"destinations": [
|
|
9283
|
+
{
|
|
9284
|
+
"kind": "runtime_fetch",
|
|
9285
|
+
"target": "lucern-cli-mcp-sdk",
|
|
9286
|
+
"writeNames": [
|
|
9287
|
+
"LUCERN_API_KEY"
|
|
9288
|
+
]
|
|
9289
|
+
},
|
|
9290
|
+
{
|
|
9291
|
+
"kind": "operator_local",
|
|
9292
|
+
"target": "lucern-repo",
|
|
9293
|
+
"writeNames": [
|
|
9294
|
+
"LUCERN_API_KEY"
|
|
9295
|
+
]
|
|
9296
|
+
},
|
|
9297
|
+
{
|
|
9298
|
+
"kind": "github_actions",
|
|
9299
|
+
"target": "LucernAI/lucern",
|
|
9300
|
+
"writeNames": [
|
|
9301
|
+
"LUCERN_API_KEY"
|
|
9302
|
+
]
|
|
9303
|
+
}
|
|
9304
|
+
],
|
|
9305
|
+
"description": "Lucern-owned operator API key for gateway calls from trusted local tooling. Lucern-owned operator API key for trusted CLI/MCP/CI calls. Source it from /platform/runtime; do not persist it into local user credential files."
|
|
9306
|
+
},
|
|
9223
9307
|
{
|
|
9224
9308
|
"canonicalName": "LUCERN_API_URL",
|
|
9225
9309
|
"envNames": [
|
|
@@ -9558,7 +9642,8 @@ var GENERATED_INFISICAL_RUNTIME_ENV = {
|
|
|
9558
9642
|
"consumer": "MCP server/client processes",
|
|
9559
9643
|
"description": "MCP hydrates runtime defaults through the SDK resolver and remains a Lucern client, not a platform secret owner.",
|
|
9560
9644
|
"sourcePathIds": [
|
|
9561
|
-
"platform-runtime"
|
|
9645
|
+
"platform-runtime",
|
|
9646
|
+
"platform-operator-credentials"
|
|
9562
9647
|
],
|
|
9563
9648
|
"variables": [
|
|
9564
9649
|
{
|
|
@@ -9646,6 +9731,53 @@ var GENERATED_INFISICAL_RUNTIME_ENV = {
|
|
|
9646
9731
|
],
|
|
9647
9732
|
"description": "Lucern-owned Clerk backend secret. Never route to tenant-owned apps unless that tenant is Lucern itself."
|
|
9648
9733
|
},
|
|
9734
|
+
{
|
|
9735
|
+
"canonicalName": "LUCERN_API_KEY",
|
|
9736
|
+
"envNames": [
|
|
9737
|
+
"LUCERN_API_KEY",
|
|
9738
|
+
"LUCERN_KEY"
|
|
9739
|
+
],
|
|
9740
|
+
"aliases": [
|
|
9741
|
+
"LUCERN_KEY"
|
|
9742
|
+
],
|
|
9743
|
+
"writeNames": [
|
|
9744
|
+
"LUCERN_API_KEY"
|
|
9745
|
+
],
|
|
9746
|
+
"required": false,
|
|
9747
|
+
"secret": true,
|
|
9748
|
+
"public": false,
|
|
9749
|
+
"sourcePath": "/platform/runtime",
|
|
9750
|
+
"environmentPolicy": "environment_specific",
|
|
9751
|
+
"consumers": [
|
|
9752
|
+
"lucern-cli",
|
|
9753
|
+
"lucern-mcp",
|
|
9754
|
+
"lucern-repo-ci"
|
|
9755
|
+
],
|
|
9756
|
+
"destinations": [
|
|
9757
|
+
{
|
|
9758
|
+
"kind": "runtime_fetch",
|
|
9759
|
+
"target": "lucern-cli-mcp-sdk",
|
|
9760
|
+
"writeNames": [
|
|
9761
|
+
"LUCERN_API_KEY"
|
|
9762
|
+
]
|
|
9763
|
+
},
|
|
9764
|
+
{
|
|
9765
|
+
"kind": "operator_local",
|
|
9766
|
+
"target": "lucern-repo",
|
|
9767
|
+
"writeNames": [
|
|
9768
|
+
"LUCERN_API_KEY"
|
|
9769
|
+
]
|
|
9770
|
+
},
|
|
9771
|
+
{
|
|
9772
|
+
"kind": "github_actions",
|
|
9773
|
+
"target": "LucernAI/lucern",
|
|
9774
|
+
"writeNames": [
|
|
9775
|
+
"LUCERN_API_KEY"
|
|
9776
|
+
]
|
|
9777
|
+
}
|
|
9778
|
+
],
|
|
9779
|
+
"description": "Lucern-owned operator API key for gateway calls from trusted local tooling. Lucern-owned operator API key for trusted CLI/MCP/CI calls. Source it from /platform/runtime; do not persist it into local user credential files."
|
|
9780
|
+
},
|
|
9649
9781
|
{
|
|
9650
9782
|
"canonicalName": "LUCERN_API_URL",
|
|
9651
9783
|
"envNames": [
|
|
@@ -10386,7 +10518,7 @@ function compactRecord2(input) {
|
|
|
10386
10518
|
Object.entries(input).filter(([, value]) => value !== void 0)
|
|
10387
10519
|
);
|
|
10388
10520
|
}
|
|
10389
|
-
|
|
10521
|
+
defineProjection({
|
|
10390
10522
|
contractName: "list_beliefs",
|
|
10391
10523
|
inputSchema: listBeliefsInputSchema,
|
|
10392
10524
|
project: (input) => compactRecord2({
|
|
@@ -12895,7 +13027,7 @@ var IDENTITY_WHOAMI = {
|
|
|
12895
13027
|
response: {
|
|
12896
13028
|
description: "Canonical identity summary for the current session",
|
|
12897
13029
|
fields: {
|
|
12898
|
-
principalId: "string \u2014 canonical
|
|
13030
|
+
principalId: "string \u2014 canonical principal identifier; for humans this is the Clerk user_... ID",
|
|
12899
13031
|
principalType: "string \u2014 human, service, agent, group, or external_viewer",
|
|
12900
13032
|
tenantId: "string | undefined \u2014 resolved tenant scope",
|
|
12901
13033
|
workspaceId: "string | undefined \u2014 resolved workspace scope",
|
|
@@ -12909,7 +13041,7 @@ var IDENTITY_WHOAMI = {
|
|
|
12909
13041
|
};
|
|
12910
13042
|
var RESOLVE_INTERACTIVE_PRINCIPAL = {
|
|
12911
13043
|
name: "resolve_interactive_principal",
|
|
12912
|
-
description: "Read the Permit-backed Lucern principal context for an authenticated Clerk user. Like `git config --get user.email` plus the repository ACL \u2014 resolves the
|
|
13044
|
+
description: "Read the Permit-backed Lucern principal context for an authenticated Clerk user. Like `git config --get user.email` plus the repository ACL \u2014 resolves the Clerk subject into tenant/workspace authorization context.",
|
|
12913
13045
|
parameters: {
|
|
12914
13046
|
clerkId: {
|
|
12915
13047
|
type: "string",
|
|
@@ -12932,7 +13064,7 @@ var RESOLVE_INTERACTIVE_PRINCIPAL = {
|
|
|
12932
13064
|
response: {
|
|
12933
13065
|
description: "Permit-backed Lucern principal context for tenant SDK bootstrap",
|
|
12934
13066
|
fields: {
|
|
12935
|
-
principalId: "string \u2014 canonical
|
|
13067
|
+
principalId: "string \u2014 canonical Clerk user_... ID for human sessions",
|
|
12936
13068
|
principalType: "string \u2014 human, service, agent, group, or external_viewer",
|
|
12937
13069
|
clerkId: "string \u2014 authenticated Clerk subject alias",
|
|
12938
13070
|
tenantId: "string \u2014 resolved tenant scope",
|
|
@@ -13760,7 +13892,7 @@ var MANAGE_WRITE_POLICY = {
|
|
|
13760
13892
|
},
|
|
13761
13893
|
role: {
|
|
13762
13894
|
type: "string",
|
|
13763
|
-
description: "Role to set policy for (required for 'set'). E.g. 'agent:internal'
|
|
13895
|
+
description: "Role to set policy for (required for 'set'). E.g. 'agent:internal' or a Permit role key such as 'workspace_admin'."
|
|
13764
13896
|
},
|
|
13765
13897
|
permission: {
|
|
13766
13898
|
type: "string",
|
|
@@ -15702,11 +15834,8 @@ var identityContracts = [
|
|
|
15702
15834
|
sdkNamespace: "identity",
|
|
15703
15835
|
sdkMethod: "whoami",
|
|
15704
15836
|
summary: "Describe the current gateway principal.",
|
|
15705
|
-
|
|
15706
|
-
|
|
15707
|
-
functionName: "whoami",
|
|
15708
|
-
kind: "query",
|
|
15709
|
-
inputProjection: withPrincipal
|
|
15837
|
+
gateway: {
|
|
15838
|
+
handler: "identity.whoami"
|
|
15710
15839
|
}
|
|
15711
15840
|
}),
|
|
15712
15841
|
surfaceContract({
|
|
@@ -15726,7 +15855,7 @@ var identityContracts = [
|
|
|
15726
15855
|
providerProjectId: z.string().min(1).optional()
|
|
15727
15856
|
}),
|
|
15728
15857
|
convex: {
|
|
15729
|
-
module: "
|
|
15858
|
+
module: "platform",
|
|
15730
15859
|
functionName: "resolveInteractivePrincipal",
|
|
15731
15860
|
kind: "query"
|
|
15732
15861
|
}
|
|
@@ -15810,15 +15939,6 @@ var beliefLookupInput = (input) => compactRecord4({
|
|
|
15810
15939
|
var beliefNodeInput = (input) => compactRecord4({
|
|
15811
15940
|
nodeId: input.nodeId ?? input.id ?? input.beliefId
|
|
15812
15941
|
});
|
|
15813
|
-
var beliefTopicInput = (input) => {
|
|
15814
|
-
const parsed = listBeliefsProjection.inputSchema.safeParse(input);
|
|
15815
|
-
if (!parsed.success) {
|
|
15816
|
-
throw new Error(
|
|
15817
|
-
`list_beliefs projection input rejected: ${parsed.error.message}`
|
|
15818
|
-
);
|
|
15819
|
-
}
|
|
15820
|
-
return compactRecord4(listBeliefsProjection.project(parsed.data));
|
|
15821
|
-
};
|
|
15822
15942
|
var createBeliefInput = (input, context) => {
|
|
15823
15943
|
return withUserId(
|
|
15824
15944
|
compactRecord4({
|
|
@@ -15907,11 +16027,8 @@ var beliefsContracts = [
|
|
|
15907
16027
|
sdkNamespace: "beliefs",
|
|
15908
16028
|
sdkMethod: "listBeliefs",
|
|
15909
16029
|
summary: "List beliefs for a topic.",
|
|
15910
|
-
|
|
15911
|
-
|
|
15912
|
-
functionName: "getByTopic",
|
|
15913
|
-
kind: "query",
|
|
15914
|
-
inputProjection: beliefTopicInput
|
|
16030
|
+
gateway: {
|
|
16031
|
+
handler: "beliefs.list"
|
|
15915
16032
|
},
|
|
15916
16033
|
args: listBeliefsInputSchema
|
|
15917
16034
|
}),
|
|
@@ -16096,12 +16213,6 @@ var evidenceIdInput = (input) => compactRecord4({
|
|
|
16096
16213
|
insightId: input.insightId,
|
|
16097
16214
|
nodeId: input.nodeId ?? input.id ?? input.evidenceId
|
|
16098
16215
|
});
|
|
16099
|
-
var evidenceTopicInput = (input) => compactRecord4({
|
|
16100
|
-
topicId: input.topicId,
|
|
16101
|
-
status: input.status,
|
|
16102
|
-
userId: input.userId,
|
|
16103
|
-
limit: input.limit
|
|
16104
|
-
});
|
|
16105
16216
|
var createEvidenceInput = (input, context) => {
|
|
16106
16217
|
const parsed = createEvidenceProjection.inputSchema.safeParse(input);
|
|
16107
16218
|
if (!parsed.success) {
|
|
@@ -16232,11 +16343,8 @@ var evidenceContracts = [
|
|
|
16232
16343
|
sdkNamespace: "evidence",
|
|
16233
16344
|
sdkMethod: "listEvidence",
|
|
16234
16345
|
summary: "List evidence for a topic.",
|
|
16235
|
-
|
|
16236
|
-
|
|
16237
|
-
functionName: "getByTopic",
|
|
16238
|
-
kind: "query",
|
|
16239
|
-
inputProjection: evidenceTopicInput
|
|
16346
|
+
gateway: {
|
|
16347
|
+
handler: "evidence.list"
|
|
16240
16348
|
}
|
|
16241
16349
|
}),
|
|
16242
16350
|
surfaceContract({
|
|
@@ -16471,11 +16579,8 @@ var questionsContracts = [
|
|
|
16471
16579
|
sdkNamespace: "questions",
|
|
16472
16580
|
sdkMethod: "listQuestions",
|
|
16473
16581
|
summary: "List questions for a topic.",
|
|
16474
|
-
|
|
16475
|
-
|
|
16476
|
-
functionName: "getByTopic",
|
|
16477
|
-
kind: "query",
|
|
16478
|
-
inputProjection: questionTopicInput
|
|
16582
|
+
gateway: {
|
|
16583
|
+
handler: "questions.list"
|
|
16479
16584
|
}
|
|
16480
16585
|
}),
|
|
16481
16586
|
surfaceContract({
|
|
@@ -17580,6 +17685,19 @@ var worktreeEvidenceSignalInputSchema = z.object({
|
|
|
17580
17685
|
progress: z.string().optional().describe("Collection progress note for the signal."),
|
|
17581
17686
|
notes: z.string().optional().describe("Additional evidence collection notes.")
|
|
17582
17687
|
}).passthrough().describe("Evidence signal embedded in the worktree plan.");
|
|
17688
|
+
var worktreeDocCompanionTargetSchema = z.object({
|
|
17689
|
+
docPath: z.string().describe(
|
|
17690
|
+
"Repo-relative path to a documentation file the worktree promises to update."
|
|
17691
|
+
),
|
|
17692
|
+
sectionAnchor: z.string().optional().describe(
|
|
17693
|
+
"Markdown heading anchor (e.g. '## Function-surface manifest') that scopes the promised update."
|
|
17694
|
+
),
|
|
17695
|
+
reason: z.string().describe(
|
|
17696
|
+
"Why this doc section must be updated for the worktree to be complete."
|
|
17697
|
+
)
|
|
17698
|
+
}).passthrough().describe(
|
|
17699
|
+
"Intent-driven docs companion target. pr-gate-reviewer verifies that the PR actually touches each declared (docPath, sectionAnchor). Distinct from the touch-driven docs-loop. See docs/development/docs-sync-discipline.md Lock 3."
|
|
17700
|
+
);
|
|
17583
17701
|
var worktreeDecisionGateInputSchema = z.object({
|
|
17584
17702
|
goCriteria: z.array(z.string()).describe("Criteria that must hold for the worktree to proceed."),
|
|
17585
17703
|
noGoSignals: z.array(z.string()).describe("Signals that stop or redirect the worktree."),
|
|
@@ -17612,6 +17730,9 @@ var addWorktreeArgs = z.object({
|
|
|
17612
17730
|
keyQuestions: z.array(worktreeKeyQuestionInputSchema).optional().describe("Inline key questions captured as part of the worktree plan."),
|
|
17613
17731
|
evidenceSignals: z.array(worktreeEvidenceSignalInputSchema).optional().describe("Evidence signals the worktree needs to collect or validate."),
|
|
17614
17732
|
decisionGate: worktreeDecisionGateInputSchema.optional(),
|
|
17733
|
+
docCompanionTargets: z.array(worktreeDocCompanionTargetSchema).optional().describe(
|
|
17734
|
+
"Doc sections the worktree promises to update at PR time. Enforced by pr-gate-reviewer (Lock 3)."
|
|
17735
|
+
),
|
|
17615
17736
|
goCriteria: z.array(z.string()).optional().describe("Shorthand go criteria used to build decisionGate."),
|
|
17616
17737
|
noGoSignals: z.array(z.string()).optional().describe("Shorthand no-go signals used to build decisionGate."),
|
|
17617
17738
|
proofArtifacts: z.array(z.unknown()).optional().describe("Expected proof artifacts required to close the worktree."),
|
|
@@ -21265,13 +21386,31 @@ function mergeHeaderRecord(base, addition) {
|
|
|
21265
21386
|
}
|
|
21266
21387
|
return Object.fromEntries(headers.entries());
|
|
21267
21388
|
}
|
|
21389
|
+
function cleanHeaderValue(value) {
|
|
21390
|
+
const normalized = value?.trim();
|
|
21391
|
+
return normalized ? normalized : void 0;
|
|
21392
|
+
}
|
|
21268
21393
|
function createGatewayRequestClient(config = {}) {
|
|
21269
21394
|
const fetchImpl = config.fetchImpl ?? fetch;
|
|
21270
21395
|
const baseUrl = config.baseUrl?.replace(/\/+$/, "") ?? "";
|
|
21271
21396
|
const maxRetries = config.maxRetries ?? 2;
|
|
21272
21397
|
const requestIdFactory = config.requestIdFactory ?? (() => generatePortableRequestId());
|
|
21273
21398
|
async function resolveAuthHeaders2() {
|
|
21274
|
-
const
|
|
21399
|
+
const provided = config.getAuthHeaders ? await config.getAuthHeaders() : {};
|
|
21400
|
+
const headers = new Headers(provided);
|
|
21401
|
+
const setIfAbsent = (name, value) => {
|
|
21402
|
+
const normalized = cleanHeaderValue(value);
|
|
21403
|
+
if (normalized && !headers.has(name)) {
|
|
21404
|
+
headers.set(name, normalized);
|
|
21405
|
+
}
|
|
21406
|
+
};
|
|
21407
|
+
setIfAbsent("x-lucern-key", config.apiKey);
|
|
21408
|
+
setIfAbsent("x-lucern-session-token", config.userToken);
|
|
21409
|
+
setIfAbsent("x-lucern-environment", config.environment);
|
|
21410
|
+
setIfAbsent("x-lucern-clerk-id", config.clerkId);
|
|
21411
|
+
setIfAbsent("x-lucern-user-id", config.userId ?? config.clerkId);
|
|
21412
|
+
setIfAbsent("x-lucern-deployment-host", config.deploymentHost);
|
|
21413
|
+
const base = Object.fromEntries(headers.entries());
|
|
21275
21414
|
const authContextInput = await resolveConfiguredAuthContext(
|
|
21276
21415
|
config.authContext
|
|
21277
21416
|
);
|
|
@@ -22565,7 +22704,7 @@ function normalizeCanonicalPrincipalIdentity(input, options = {}) {
|
|
|
22565
22704
|
})) {
|
|
22566
22705
|
throw new LucernAccessControlError(
|
|
22567
22706
|
"clerk_alias_unrecognized",
|
|
22568
|
-
"Observed Clerk user id
|
|
22707
|
+
"Observed Clerk user id does not match the canonical human principal id."
|
|
22569
22708
|
);
|
|
22570
22709
|
}
|
|
22571
22710
|
return {
|
|
@@ -28167,7 +28306,7 @@ function createToolRegistryClient(config = {}) {
|
|
|
28167
28306
|
}
|
|
28168
28307
|
|
|
28169
28308
|
// ../sdk/src/version.ts
|
|
28170
|
-
var LUCERN_SDK_VERSION = "0.3.0-alpha.
|
|
28309
|
+
var LUCERN_SDK_VERSION = "0.3.0-alpha.17";
|
|
28171
28310
|
|
|
28172
28311
|
// ../sdk/src/workflowClient.ts
|
|
28173
28312
|
function normalizeLensQuery(value) {
|
|
@@ -28575,6 +28714,12 @@ function toGatewayConfig(config) {
|
|
|
28575
28714
|
return {
|
|
28576
28715
|
baseUrl: config.baseUrl,
|
|
28577
28716
|
fetchImpl: config.fetchImpl,
|
|
28717
|
+
apiKey: config.apiKey,
|
|
28718
|
+
userToken: config.userToken,
|
|
28719
|
+
environment: config.environment,
|
|
28720
|
+
clerkId: config.clerkId,
|
|
28721
|
+
userId: config.userId,
|
|
28722
|
+
deploymentHost: config.deploymentHost,
|
|
28578
28723
|
maxRetries: config.maxRetries,
|
|
28579
28724
|
timeoutMs: config.timeoutMs,
|
|
28580
28725
|
timeoutMsByMethod: config.timeoutMsByMethod,
|
|
@@ -28583,19 +28728,7 @@ function toGatewayConfig(config) {
|
|
|
28583
28728
|
onResponse: config.onResponse,
|
|
28584
28729
|
authContext: config.authContext,
|
|
28585
28730
|
requireCanonicalAuthContext: config.requireCanonicalAuthContext,
|
|
28586
|
-
getAuthHeaders:
|
|
28587
|
-
const base = config.getAuthHeaders ? await config.getAuthHeaders() : {};
|
|
28588
|
-
if (config.apiKey && !base["x-lucern-key"] && !base.Authorization) {
|
|
28589
|
-
base["x-lucern-key"] = config.apiKey;
|
|
28590
|
-
}
|
|
28591
|
-
if (config.userToken && !base["x-lucern-session-token"]) {
|
|
28592
|
-
base["x-lucern-session-token"] = config.userToken;
|
|
28593
|
-
}
|
|
28594
|
-
if (config.environment && !base["x-lucern-environment"]) {
|
|
28595
|
-
base["x-lucern-environment"] = config.environment;
|
|
28596
|
-
}
|
|
28597
|
-
return base;
|
|
28598
|
-
}
|
|
28731
|
+
getAuthHeaders: config.getAuthHeaders
|
|
28599
28732
|
};
|
|
28600
28733
|
}
|
|
28601
28734
|
function exposeGatewayData(response) {
|
|
@@ -31867,7 +32000,7 @@ var SESSION_LIFECYCLE_STATUSES = [
|
|
|
31867
32000
|
"revoked"
|
|
31868
32001
|
];
|
|
31869
32002
|
function inferSessionPrincipalType(principalId) {
|
|
31870
|
-
if (principalId
|
|
32003
|
+
if (/^user_[A-Za-z0-9]+$/.test(principalId)) {
|
|
31871
32004
|
return "human";
|
|
31872
32005
|
}
|
|
31873
32006
|
if (principalId.startsWith("agent:")) {
|
|
@@ -34994,7 +35127,7 @@ function createLucernStandaloneMcpServer(options) {
|
|
|
34994
35127
|
});
|
|
34995
35128
|
const server = new McpServer({
|
|
34996
35129
|
name: "lucern-mcp",
|
|
34997
|
-
version: "0.3.0-alpha.
|
|
35130
|
+
version: "0.3.0-alpha.17"
|
|
34998
35131
|
});
|
|
34999
35132
|
registerTools(server, runtime);
|
|
35000
35133
|
const resources = registerResources(server, runtime, observationStore);
|