@lucern/sdk 0.3.0-alpha.0 → 0.3.0-alpha.10

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (221) hide show
  1. package/CHANGELOG.md +3 -0
  2. package/README.md +84 -25
  3. package/dist/adminClient.d.ts +10 -8
  4. package/dist/adminClient.js +242 -39
  5. package/dist/adminClient.js.map +1 -1
  6. package/dist/answersClient.d.ts +2 -0
  7. package/dist/answersClient.js +221 -11
  8. package/dist/answersClient.js.map +1 -1
  9. package/dist/audience/index.d.ts +2 -1
  10. package/dist/audience/index.js +1 -3
  11. package/dist/audience/index.js.map +1 -1
  12. package/dist/audiencesClient.d.ts +18 -16
  13. package/dist/audiencesClient.js +297 -90
  14. package/dist/audiencesClient.js.map +1 -1
  15. package/dist/auditClient.d.ts +2 -0
  16. package/dist/auditClient.js +227 -15
  17. package/dist/auditClient.js.map +1 -1
  18. package/dist/authContext.d.ts +56 -0
  19. package/dist/authContext.js +170 -0
  20. package/dist/authContext.js.map +1 -0
  21. package/dist/authDeviceClient.d.ts +49 -0
  22. package/dist/authDeviceClient.js +121 -0
  23. package/dist/authDeviceClient.js.map +1 -0
  24. package/dist/beliefs/index.d.ts +31 -11
  25. package/dist/beliefs/index.js +3347 -1109
  26. package/dist/beliefs/index.js.map +1 -1
  27. package/dist/beliefsClient.d.ts +18 -31
  28. package/dist/beliefsClient.js +264 -97
  29. package/dist/beliefsClient.js.map +1 -1
  30. package/dist/boundaryClientSurface.d.ts +20 -0
  31. package/dist/boundaryClientSurface.js +73 -0
  32. package/dist/boundaryClientSurface.js.map +1 -0
  33. package/dist/client.d.ts +2969 -27
  34. package/dist/client.js +3347 -1109
  35. package/dist/client.js.map +1 -1
  36. package/dist/clientHelpers.d.ts +48 -0
  37. package/dist/clientHelpers.js +137 -0
  38. package/dist/clientHelpers.js.map +1 -0
  39. package/dist/contextClient.d.ts +6 -3
  40. package/dist/contextClient.js +252 -30
  41. package/dist/contextClient.js.map +1 -1
  42. package/dist/contextFacade.js +25 -16
  43. package/dist/contextFacade.js.map +1 -1
  44. package/dist/contextPackCompiler.js +19 -30
  45. package/dist/contextPackCompiler.js.map +1 -1
  46. package/dist/contextPackPolicy.js +7 -17
  47. package/dist/contextPackPolicy.js.map +1 -1
  48. package/dist/contextTypes.d.ts +2 -0
  49. package/dist/contracts/api-enums.contract.d.ts +1 -1
  50. package/dist/contracts/api-enums.contract.js.map +1 -1
  51. package/dist/contracts/index.d.ts +1 -0
  52. package/dist/contracts/index.js +109 -5
  53. package/dist/contracts/index.js.map +1 -1
  54. package/dist/contracts/lens-filter.contract.js +4 -3
  55. package/dist/contracts/lens-filter.contract.js.map +1 -1
  56. package/dist/contracts/lens-workflow.contract.js +4 -3
  57. package/dist/contracts/lens-workflow.contract.js.map +1 -1
  58. package/dist/contracts/lensFilter.js +4 -3
  59. package/dist/contracts/lensFilter.js.map +1 -1
  60. package/dist/contracts/lensWorkflow.js +4 -3
  61. package/dist/contracts/lensWorkflow.js.map +1 -1
  62. package/dist/contracts/mcpTools.d.ts +46 -1
  63. package/dist/contracts/mcpTools.js +102 -0
  64. package/dist/contracts/mcpTools.js.map +1 -1
  65. package/dist/contracts/workflow-runtime.contract.js +1 -1
  66. package/dist/contracts/workflow-runtime.contract.js.map +1 -1
  67. package/dist/contracts/workflowRuntime.js +1 -1
  68. package/dist/contracts/workflowRuntime.js.map +1 -1
  69. package/dist/contradictions/index.d.ts +24 -4
  70. package/dist/contradictions/index.js +3347 -1109
  71. package/dist/contradictions/index.js.map +1 -1
  72. package/dist/coreClient.d.ts +11 -1
  73. package/dist/coreClient.js +222 -14
  74. package/dist/coreClient.js.map +1 -1
  75. package/dist/decisions/index.d.ts +34 -14
  76. package/dist/decisions/index.js +3347 -1109
  77. package/dist/decisions/index.js.map +1 -1
  78. package/dist/decisionsClient.d.ts +6 -12
  79. package/dist/decisionsClient.js +235 -37
  80. package/dist/decisionsClient.js.map +1 -1
  81. package/dist/edges/index.d.ts +47 -87
  82. package/dist/edges/index.js +3347 -1109
  83. package/dist/edges/index.js.map +1 -1
  84. package/dist/embeddingsClient.d.ts +106 -0
  85. package/dist/embeddingsClient.js +731 -0
  86. package/dist/embeddingsClient.js.map +1 -0
  87. package/dist/eventingClient.d.ts +96 -0
  88. package/dist/eventingClient.js +728 -0
  89. package/dist/eventingClient.js.map +1 -0
  90. package/dist/events.js +6 -3
  91. package/dist/events.js.map +1 -1
  92. package/dist/eventsCore.d.ts +3 -1
  93. package/dist/eventsCore.js +222 -14
  94. package/dist/eventsCore.js.map +1 -1
  95. package/dist/evidence/index.d.ts +25 -4
  96. package/dist/evidence/index.js +3347 -1109
  97. package/dist/evidence/index.js.map +1 -1
  98. package/dist/evidenceClient.d.ts +2 -0
  99. package/dist/evidenceClient.js +222 -14
  100. package/dist/evidenceClient.js.map +1 -1
  101. package/dist/facade/context.d.ts +2 -1
  102. package/dist/facade/context.js +25 -16
  103. package/dist/facade/context.js.map +1 -1
  104. package/dist/functionSurface.d.ts +143 -0
  105. package/dist/functionSurface.js +1204 -0
  106. package/dist/functionSurface.js.map +1 -0
  107. package/dist/functionSurfaceClient.d.ts +8 -0
  108. package/dist/functionSurfaceClient.js +1204 -0
  109. package/dist/functionSurfaceClient.js.map +1 -0
  110. package/dist/gatewayFacades.d.ts +81 -52
  111. package/dist/gatewayFacades.js +483 -169
  112. package/dist/gatewayFacades.js.map +1 -1
  113. package/dist/graphAnalysisClient.d.ts +192 -0
  114. package/dist/graphAnalysisClient.js +799 -0
  115. package/dist/graphAnalysisClient.js.map +1 -0
  116. package/dist/graphClient.d.ts +7 -13
  117. package/dist/graphClient.js +244 -45
  118. package/dist/graphClient.js.map +1 -1
  119. package/dist/graphIntel.d.ts +3 -0
  120. package/dist/graphIntel.js +3 -0
  121. package/dist/graphIntel.js.map +1 -0
  122. package/dist/graphIntelligence.d.ts +2 -0
  123. package/dist/graphIntelligence.js +47 -0
  124. package/dist/graphIntelligence.js.map +1 -0
  125. package/dist/graphRecommendationsClient.d.ts +56 -0
  126. package/dist/graphRecommendationsClient.js +664 -0
  127. package/dist/graphRecommendationsClient.js.map +1 -0
  128. package/dist/graphStateClassifierClient.d.ts +73 -0
  129. package/dist/graphStateClassifierClient.js +716 -0
  130. package/dist/graphStateClassifierClient.js.map +1 -0
  131. package/dist/harnessClient.d.ts +15 -24
  132. package/dist/harnessClient.js +235 -42
  133. package/dist/harnessClient.js.map +1 -1
  134. package/dist/identityClient.d.ts +97 -11
  135. package/dist/identityClient.js +409 -33
  136. package/dist/identityClient.js.map +1 -1
  137. package/dist/index.d.ts +29 -6
  138. package/dist/index.js +3936 -1155
  139. package/dist/index.js.map +1 -1
  140. package/dist/infisicalRuntime.d.ts +42 -0
  141. package/dist/infisicalRuntime.js +314 -0
  142. package/dist/infisicalRuntime.js.map +1 -0
  143. package/dist/jobsClient.d.ts +98 -0
  144. package/dist/jobsClient.js +726 -0
  145. package/dist/jobsClient.js.map +1 -0
  146. package/dist/learningClient.d.ts +8 -6
  147. package/dist/learningClient.js +252 -44
  148. package/dist/learningClient.js.map +1 -1
  149. package/dist/lenses/index.d.ts +82 -42
  150. package/dist/lenses/index.js +3347 -1109
  151. package/dist/lenses/index.js.map +1 -1
  152. package/dist/mcpClient.d.ts +28 -0
  153. package/dist/mcpClient.js +668 -0
  154. package/dist/mcpClient.js.map +1 -0
  155. package/dist/modelRuntimeClient.d.ts +72 -0
  156. package/dist/modelRuntimeClient.js +704 -0
  157. package/dist/modelRuntimeClient.js.map +1 -0
  158. package/dist/nodes/index.d.ts +63 -21
  159. package/dist/nodes/index.js +3347 -1109
  160. package/dist/nodes/index.js.map +1 -1
  161. package/dist/ontologies/index.d.ts +53 -32
  162. package/dist/ontologies/index.js +3347 -1109
  163. package/dist/ontologies/index.js.map +1 -1
  164. package/dist/ontologyClient.d.ts +19 -25
  165. package/dist/ontologyClient.js +258 -40
  166. package/dist/ontologyClient.js.map +1 -1
  167. package/dist/ontologyLinksClient.d.ts +71 -0
  168. package/dist/ontologyLinksClient.js +697 -0
  169. package/dist/ontologyLinksClient.js.map +1 -0
  170. package/dist/opinion.d.ts +2 -2
  171. package/dist/opinion.js +4 -4
  172. package/dist/opinion.js.map +1 -1
  173. package/dist/orgGraphSearchClient.d.ts +85 -0
  174. package/dist/orgGraphSearchClient.js +672 -0
  175. package/dist/orgGraphSearchClient.js.map +1 -0
  176. package/dist/packsClient.d.ts +11 -23
  177. package/dist/packsClient.js +234 -46
  178. package/dist/packsClient.js.map +1 -1
  179. package/dist/policyClient.d.ts +13 -10
  180. package/dist/policyClient.js +243 -25
  181. package/dist/policyClient.js.map +1 -1
  182. package/dist/questions/index.d.ts +24 -4
  183. package/dist/questions/index.js +3347 -1109
  184. package/dist/questions/index.js.map +1 -1
  185. package/dist/realtime/index.d.ts +1 -1
  186. package/dist/reportsClient.d.ts +9 -7
  187. package/dist/reportsClient.js +281 -53
  188. package/dist/reportsClient.js.map +1 -1
  189. package/dist/schemaClient.d.ts +5 -3
  190. package/dist/schemaClient.js +235 -29
  191. package/dist/schemaClient.js.map +1 -1
  192. package/dist/sdkSurface.d.ts +8 -3
  193. package/dist/sdkSurface.js +10 -6
  194. package/dist/sdkSurface.js.map +1 -1
  195. package/dist/sourcesClient.d.ts +2 -0
  196. package/dist/sourcesClient.js +222 -14
  197. package/dist/sourcesClient.js.map +1 -1
  198. package/dist/telemetryClient.d.ts +94 -0
  199. package/dist/telemetryClient.js +741 -0
  200. package/dist/telemetryClient.js.map +1 -0
  201. package/dist/toolRegistryClient.d.ts +115 -0
  202. package/dist/toolRegistryClient.js +767 -0
  203. package/dist/toolRegistryClient.js.map +1 -0
  204. package/dist/topics/index.d.ts +35 -9
  205. package/dist/topics/index.js +3349 -1109
  206. package/dist/topics/index.js.map +1 -1
  207. package/dist/topicsClient.d.ts +4 -0
  208. package/dist/topicsClient.js +237 -24
  209. package/dist/topicsClient.js.map +1 -1
  210. package/dist/types.d.ts +12 -7
  211. package/dist/version.d.ts +1 -1
  212. package/dist/version.js +1 -1
  213. package/dist/version.js.map +1 -1
  214. package/dist/workflowClient.d.ts +76 -45
  215. package/dist/workflowClient.js +262 -65
  216. package/dist/workflowClient.js.map +1 -1
  217. package/dist/worktrees/index.d.ts +78 -39
  218. package/dist/worktrees/index.js +3347 -1109
  219. package/dist/worktrees/index.js.map +1 -1
  220. package/package.json +13 -3
  221. package/dist/client-DAuKnDlx.d.ts +0 -2547
@@ -6,6 +6,8 @@ import { Opinion } from './opinion.js';
6
6
  import './contracts/workflow-runtime.contract.js';
7
7
  import './contracts/lens-workflow.contract.js';
8
8
  import './contracts/lens-filter.contract.js';
9
+ import './authContext.js';
10
+ import './contracts/auth-session.contract.js';
9
11
 
10
12
  /** Configuration for the beliefs client. Inherits gateway transport settings. */
11
13
  type BeliefsClientConfig = GatewayClientConfig;
@@ -18,7 +20,7 @@ type OpinionHistoryEntry = {
18
20
  P: number;
19
21
  trigger: string;
20
22
  triggeringRef?: {
21
- kind: "evidence" | "worktree";
23
+ kind: "evidence" | "question" | "answer" | "contradiction" | "worktree";
22
24
  id: string;
23
25
  };
24
26
  rationale?: string;
@@ -32,8 +34,8 @@ declare function mapOpinionHistoryEntriesFromGatewayData(payload: GatewayRecord)
32
34
  *
33
35
  * Use `text` as the canonical belief statement.
34
36
  * `canonicalText` remains available as a legacy alias for backwards compatibility.
35
- * Beliefs start as drafts but must carry a prior via `baseRate`, which is
36
- * stored as the vacuous opinion `(0, 0, 1, a)` at creation time.
37
+ * Beliefs start as drafts with a vacuous prior `(0, 0, 1, a)`. When omitted,
38
+ * `baseRate` defaults to the canonical neutral prior `0.5`.
37
39
  */
38
40
  type CreateBeliefInput = {
39
41
  topicId?: string;
@@ -50,7 +52,7 @@ type CreateBeliefInput = {
50
52
  title?: string;
51
53
  subtype?: string;
52
54
  confidence?: number;
53
- baseRate: number;
55
+ baseRate?: number;
54
56
  tags?: string[];
55
57
  metadata?: JsonObject;
56
58
  verificationStatus?: "unverified" | "verified" | "rejected";
@@ -69,10 +71,15 @@ type RefineBeliefInput = {
69
71
  rationale?: string;
70
72
  title?: string;
71
73
  };
72
- type BeliefConfidenceTrigger = "evidence_added" | "evidence_removed" | "contradiction_detected" | "contradiction_resolved" | "manual" | "decay" | "agent_assessment" | "worktree_outcome" | "worktree_completed" | "fusion" | "discount" | "deduction";
74
+ type BeliefConfidenceTrigger = "evidence_added" | "evidence_removed" | "contradiction_detected" | "contradiction_resolved" | "agent_assessment" | "worktree_outcome" | "worktree_completed" | "fusion" | "discount" | "deduction";
73
75
  type ModulateConfidenceInputBase = {
74
- trigger?: BeliefConfidenceTrigger;
76
+ trigger: BeliefConfidenceTrigger;
75
77
  rationale: string;
78
+ triggeringEvidenceId?: string;
79
+ triggeringQuestionId?: string;
80
+ triggeringAnswerId?: string;
81
+ triggeringContradictionId?: string;
82
+ triggeringWorktreeId?: string;
76
83
  maxInlinePropagationTargets?: number;
77
84
  };
78
85
  /**
@@ -82,24 +89,7 @@ type ModulateConfidenceInputBase = {
82
89
  type ModulateConfidenceOpinionInput = ModulateConfidenceInputBase & {
83
90
  opinion: Opinion;
84
91
  };
85
- /**
86
- * @deprecated Prefer passing `opinion` directly or call an `opinionFrom*`
87
- * helper before invoking `modulateConfidence`.
88
- */
89
- type ModulateConfidenceScalarInput = (ModulateConfidenceInputBase & {
90
- confidence: number;
91
- interpretation: "base_rate";
92
- }) | (ModulateConfidenceInputBase & {
93
- confidence: number;
94
- interpretation: "dogmatic";
95
- baseRate?: number;
96
- }) | (ModulateConfidenceInputBase & {
97
- confidence: number;
98
- interpretation: "projected";
99
- uncertainty: number;
100
- baseRate?: number;
101
- });
102
- type ModulateConfidenceInput = ModulateConfidenceOpinionInput | ModulateConfidenceScalarInput;
92
+ type ModulateConfidenceInput = ModulateConfidenceOpinionInput;
103
93
  /**
104
94
  * Input for forking a scored belief into a new formulation.
105
95
  * Scored beliefs are immutable — fork to evolve understanding.
@@ -184,10 +174,7 @@ declare function createBeliefsClient(config?: BeliefsClientConfig): {
184
174
  /**
185
175
  * Record a confidence change for an existing belief.
186
176
  */
187
- modulateConfidence: {
188
- (beliefId: string, input: ModulateConfidenceOpinionInput, idempotencyKey?: string): Promise<PlatformGatewaySuccess<ModulateConfidenceResponse>>;
189
- (beliefId: string, input: ModulateConfidenceScalarInput, idempotencyKey?: string): Promise<PlatformGatewaySuccess<ModulateConfidenceResponse>>;
190
- };
177
+ modulateConfidence: (beliefId: string, input: ModulateConfidenceOpinionInput, idempotencyKey?: string) => Promise<PlatformGatewaySuccess<ModulateConfidenceResponse>>;
191
178
  /**
192
179
  * Returns the belief's confidence trajectory as a chronological array.
193
180
  *
@@ -201,9 +188,9 @@ declare function createBeliefsClient(config?: BeliefsClientConfig): {
201
188
  * trigger = cause of the score change
202
189
  * triggeringRef = optional pointer to the evidence or worktree that drove the change
203
190
  */
204
- getOpinionHistory(beliefId: string): Promise<OpinionHistoryEntry[]>;
191
+ getOpinionHistory: (beliefId: string) => Promise<OpinionHistoryEntry[]>;
205
192
  /** @deprecated Use getOpinionHistory(). */
206
- getConfidenceHistory(beliefId: string): Promise<OpinionHistoryEntry[]>;
193
+ getConfidenceHistory: (beliefId: string) => Promise<OpinionHistoryEntry[]>;
207
194
  /**
208
195
  * Fork a scored belief into a new formulation.
209
196
  */
@@ -238,4 +225,4 @@ declare function createBeliefsClient(config?: BeliefsClientConfig): {
238
225
  reassignBeliefsTopic(input: ReassignBeliefsTopicInput, idempotencyKey?: string): Promise<PlatformGatewaySuccess<Record<string, unknown>>>;
239
226
  };
240
227
 
241
- export { type BatchUpdateBeliefCriticalityInput, type BeliefsClientConfig, type CreateBeliefInput, type ForkBeliefInput, ForkBeliefResponse, type LinkBeliefsInput, type ModulateConfidenceInput, type ModulateConfidenceOpinionInput, ModulateConfidenceResponse, type ModulateConfidenceScalarInput, Opinion, type OpinionHistoryEntry, PlatformGatewaySuccess, type ReassignBeliefsTopicInput, type RefineBeliefInput, type UnlinkBeliefEvidenceInput, type UpdateBeliefCriticalityInput, type UpdateBeliefRationaleInput, type UpdateBeliefStatusInput, createBeliefsClient, mapOpinionHistoryEntriesFromGatewayData };
228
+ export { type BatchUpdateBeliefCriticalityInput, type BeliefsClientConfig, type CreateBeliefInput, type ForkBeliefInput, ForkBeliefResponse, type LinkBeliefsInput, type ModulateConfidenceInput, type ModulateConfidenceOpinionInput, ModulateConfidenceResponse, Opinion, type OpinionHistoryEntry, PlatformGatewaySuccess, type ReassignBeliefsTopicInput, type RefineBeliefInput, type UnlinkBeliefEvidenceInput, type UpdateBeliefCriticalityInput, type UpdateBeliefRationaleInput, type UpdateBeliefStatusInput, createBeliefsClient, mapOpinionHistoryEntriesFromGatewayData };
@@ -1,3 +1,170 @@
1
+ // src/authContext.ts
2
+ var LucernSdkAuthContextError = class extends Error {
3
+ reason;
4
+ constructor(reason, message) {
5
+ super(message);
6
+ this.name = "LucernSdkAuthContextError";
7
+ this.reason = reason;
8
+ }
9
+ };
10
+ function cleanString(value) {
11
+ const normalized = value?.trim();
12
+ return normalized ? normalized : void 0;
13
+ }
14
+ function cleanStringList(values) {
15
+ if (!values) {
16
+ return [];
17
+ }
18
+ return values.map((value) => value.trim()).filter(
19
+ (value, index, list) => value.length > 0 && list.indexOf(value) === index
20
+ );
21
+ }
22
+ function requireString(value, reason, label) {
23
+ const normalized = cleanString(value);
24
+ if (!normalized) {
25
+ throw new LucernSdkAuthContextError(
26
+ reason,
27
+ `Canonical Lucern SDK auth context is missing ${label}.`
28
+ );
29
+ }
30
+ return normalized;
31
+ }
32
+ function requirePrincipalType(principalType) {
33
+ if (!principalType) {
34
+ throw new LucernSdkAuthContextError(
35
+ "principal_missing",
36
+ "Canonical Lucern SDK auth context is missing principalType."
37
+ );
38
+ }
39
+ return principalType;
40
+ }
41
+ function requireAuthMode(authMode) {
42
+ if (!authMode) {
43
+ throw new LucernSdkAuthContextError(
44
+ "principal_missing",
45
+ "Canonical Lucern SDK auth context is missing authMode."
46
+ );
47
+ }
48
+ return authMode;
49
+ }
50
+ function ensurePermitMatch(args) {
51
+ const actual = cleanString(args.actual);
52
+ if (actual && actual !== args.expected) {
53
+ throw new LucernSdkAuthContextError(
54
+ "policy_denied",
55
+ `Canonical Lucern SDK auth context has conflicting Permit ${args.field}.`
56
+ );
57
+ }
58
+ }
59
+ function normalizeCanonicalLucernAuthContext(input) {
60
+ if (!input) {
61
+ throw new LucernSdkAuthContextError(
62
+ "principal_missing",
63
+ "Canonical Lucern SDK auth context is required."
64
+ );
65
+ }
66
+ if (input.policyDecision === "deny") {
67
+ throw new LucernSdkAuthContextError(
68
+ "policy_denied",
69
+ "Canonical Lucern SDK auth context carries a denied policy decision."
70
+ );
71
+ }
72
+ const principalId = requireString(
73
+ input.principalId,
74
+ "principal_missing",
75
+ "principalId"
76
+ );
77
+ const tenantId = requireString(input.tenantId, "tenant_missing", "tenantId");
78
+ const workspaceId = requireString(
79
+ input.workspaceId,
80
+ "workspace_missing",
81
+ "workspaceId"
82
+ );
83
+ const roles = cleanStringList(input.roles);
84
+ const scopes = cleanStringList(input.scopes);
85
+ const principalType = requirePrincipalType(input.principalType);
86
+ const authMode = requireAuthMode(input.authMode);
87
+ const roleBasedInteractiveAuth = authMode === "interactive_user" && roles.length > 0;
88
+ if (roles.length === 0 || scopes.length === 0 && !roleBasedInteractiveAuth) {
89
+ throw new LucernSdkAuthContextError(
90
+ "membership_missing",
91
+ "Canonical Lucern SDK auth context requires non-empty roles and scopes."
92
+ );
93
+ }
94
+ const subject = cleanString(input.permit?.subject) ?? principalId;
95
+ const tenant = cleanString(input.permit?.tenant) ?? tenantId;
96
+ const workspace = cleanString(input.permit?.workspace) ?? workspaceId;
97
+ ensurePermitMatch({
98
+ field: "subject",
99
+ expected: principalId,
100
+ actual: subject
101
+ });
102
+ ensurePermitMatch({ field: "tenant", expected: tenantId, actual: tenant });
103
+ ensurePermitMatch({
104
+ field: "workspace",
105
+ expected: workspaceId,
106
+ actual: workspace
107
+ });
108
+ const context = input.permit?.context ? { ...input.permit.context } : void 0;
109
+ return {
110
+ clerkId: cleanString(input.clerkId),
111
+ principalId,
112
+ tenantId,
113
+ workspaceId,
114
+ principalType,
115
+ authMode,
116
+ roles,
117
+ scopes,
118
+ delegationChain: input.delegationChain ? [...input.delegationChain] : [],
119
+ policyTraceId: cleanString(input.policyTraceId),
120
+ correlationId: cleanString(input.correlationId),
121
+ membershipId: cleanString(input.membershipId),
122
+ permit: {
123
+ subject,
124
+ tenant,
125
+ workspace,
126
+ resource: cleanString(input.permit?.resource),
127
+ action: cleanString(input.permit?.action),
128
+ relation: cleanString(input.permit?.relation),
129
+ context
130
+ }
131
+ };
132
+ }
133
+ function createCanonicalAuthHeaders(authContext) {
134
+ const headers = {
135
+ "x-lucern-principal-id": authContext.principalId,
136
+ "x-lucern-principal-type": authContext.principalType,
137
+ "x-lucern-tenant": authContext.tenantId,
138
+ "x-lucern-tenant-id": authContext.tenantId,
139
+ "x-lucern-workspace": authContext.workspaceId,
140
+ "x-lucern-workspace-id": authContext.workspaceId,
141
+ "x-lucern-auth-mode": authContext.authMode,
142
+ "x-lucern-roles": authContext.roles.join(","),
143
+ "x-lucern-scopes": authContext.scopes.join(","),
144
+ "x-lucern-permit-context": JSON.stringify(authContext.permit)
145
+ };
146
+ if (authContext.clerkId) {
147
+ headers["x-lucern-clerk-id"] = authContext.clerkId;
148
+ headers["x-lucern-user-id"] = authContext.clerkId;
149
+ }
150
+ if (authContext.delegationChain.length > 0) {
151
+ headers["x-lucern-delegation-chain"] = JSON.stringify(
152
+ authContext.delegationChain
153
+ );
154
+ }
155
+ if (authContext.policyTraceId) {
156
+ headers["x-lucern-policy-trace-id"] = authContext.policyTraceId;
157
+ }
158
+ if (authContext.correlationId) {
159
+ headers["x-correlation-id"] = authContext.correlationId;
160
+ headers["x-lucern-correlation-id"] = authContext.correlationId;
161
+ }
162
+ if (authContext.membershipId) {
163
+ headers["x-lucern-membership-id"] = authContext.membershipId;
164
+ }
165
+ return headers;
166
+ }
167
+
1
168
  // src/coreClient.ts
2
169
  var LucernApiError = class extends Error {
3
170
  code;
@@ -45,9 +212,7 @@ function generatePortableRequestId() {
45
212
  8
46
213
  ).join("")}-${hex.slice(8, 10).join("")}-${hex.slice(10).join("")}`;
47
214
  }
48
- function randomIdempotencyKey() {
49
- return generatePortableRequestId();
50
- }
215
+ var randomIdempotencyKey = generatePortableRequestId;
51
216
  function isRetryableStatus(status) {
52
217
  return status >= 500 || status === 408 || status === 429;
53
218
  }
@@ -112,8 +277,11 @@ function timeoutError(timeoutMs) {
112
277
  error.name = "AbortError";
113
278
  return error;
114
279
  }
280
+ function isRecord(value) {
281
+ return value !== null && typeof value === "object" && !Array.isArray(value);
282
+ }
115
283
  function readPolicySummaryFromDetails(details) {
116
- if (!details || typeof details !== "object" || Array.isArray(details)) {
284
+ if (!isRecord(details)) {
117
285
  return null;
118
286
  }
119
287
  const directSummary = details.summary;
@@ -121,11 +289,11 @@ function readPolicySummaryFromDetails(details) {
121
289
  return directSummary.trim();
122
290
  }
123
291
  const policy = details.policy;
124
- if (!policy || typeof policy !== "object" || Array.isArray(policy)) {
292
+ if (!isRecord(policy)) {
125
293
  return null;
126
294
  }
127
295
  const explanation = policy.explanation;
128
- if (!explanation || typeof explanation !== "object" || Array.isArray(explanation)) {
296
+ if (!isRecord(explanation)) {
129
297
  return null;
130
298
  }
131
299
  const nestedSummary = explanation.summary;
@@ -134,16 +302,41 @@ function readPolicySummaryFromDetails(details) {
134
302
  }
135
303
  return null;
136
304
  }
305
+ async function resolveConfiguredAuthContext(authContext) {
306
+ if (typeof authContext === "function") {
307
+ return await authContext();
308
+ }
309
+ return authContext;
310
+ }
311
+ function mergeHeaderRecord(base, addition) {
312
+ const headers = new Headers(base);
313
+ for (const [key, value] of Object.entries(addition)) {
314
+ const existing = headers.get(key);
315
+ if (existing !== null && existing !== value) {
316
+ throw new LucernSdkAuthContextError(
317
+ "policy_denied",
318
+ `Canonical Lucern SDK auth context conflicts with existing ${key} header.`
319
+ );
320
+ }
321
+ headers.set(key, value);
322
+ }
323
+ return Object.fromEntries(headers.entries());
324
+ }
137
325
  function createGatewayRequestClient(config = {}) {
138
326
  const fetchImpl = config.fetchImpl ?? fetch;
139
327
  const baseUrl = config.baseUrl?.replace(/\/+$/, "") ?? "";
140
328
  const maxRetries = config.maxRetries ?? 2;
141
329
  const requestIdFactory = config.requestIdFactory ?? (() => generatePortableRequestId());
142
330
  async function resolveAuthHeaders() {
143
- if (!config.getAuthHeaders) {
144
- return {};
331
+ const base = config.getAuthHeaders ? await config.getAuthHeaders() : {};
332
+ const authContextInput = await resolveConfiguredAuthContext(
333
+ config.authContext
334
+ );
335
+ if (!authContextInput && !config.requireCanonicalAuthContext) {
336
+ return base;
145
337
  }
146
- return await config.getAuthHeaders();
338
+ const authContext = normalizeCanonicalLucernAuthContext(authContextInput);
339
+ return mergeHeaderRecord(base, createCanonicalAuthHeaders(authContext));
147
340
  }
148
341
  async function fetchWithTimeout(url, init, timeoutMs) {
149
342
  const controller = new AbortController();
@@ -164,11 +357,11 @@ function createGatewayRequestClient(config = {}) {
164
357
  if (!text) {
165
358
  return null;
166
359
  }
167
- try {
168
- return JSON.parse(text);
169
- } catch {
360
+ const parsed = tryParseGatewayEnvelopeJson(text);
361
+ if (!parsed.ok) {
170
362
  return null;
171
363
  }
364
+ return isRecord(parsed.value) ? parsed.value : null;
172
365
  }
173
366
  function resolveTimeoutMs(method, requestTimeoutMs) {
174
367
  if (typeof requestTimeoutMs === "number") {
@@ -180,16 +373,31 @@ function createGatewayRequestClient(config = {}) {
180
373
  }
181
374
  return config.timeoutMs ?? 15e3;
182
375
  }
376
+ function tryParseGatewayEnvelopeJson(text) {
377
+ const trimmed = text.trim();
378
+ if (!trimmed.startsWith("{") && !trimmed.startsWith("[")) {
379
+ return { ok: false, reason: "non-json" };
380
+ }
381
+ try {
382
+ return { ok: true, value: JSON.parse(trimmed) };
383
+ } catch (error) {
384
+ if (error instanceof SyntaxError) {
385
+ return { ok: false, reason: "invalid-json", error };
386
+ }
387
+ throw error;
388
+ }
389
+ }
183
390
  function buildApiError(args) {
184
391
  const failure = args.failure;
185
- const legacyError = failure && typeof failure.error === "object" && failure.error !== null ? failure.error : failure?.legacyError;
392
+ const legacyError = failure && isRecord(failure.error) ? failure.error : failure?.legacyError;
186
393
  const correlationId = failure?.correlationId ?? args.response.headers.get("x-lucern-correlation-id")?.trim() ?? args.requestId;
187
394
  const policyTraceId = failure?.policyTraceId ?? args.response.headers.get("x-lucern-policy-trace-id")?.trim() ?? null;
188
395
  const details = failure?.details ?? legacyError?.details;
189
396
  const policySummary = readPolicySummaryFromDetails(details);
397
+ const failureMessage = typeof failure?.error === "string" ? failure.error : legacyError?.message;
190
398
  return new LucernApiError({
191
399
  code: failure?.code ?? legacyError?.code ?? fallbackErrorCode(args.response.status),
192
- message: policySummary ?? (typeof failure?.error === "string" ? failure.error : legacyError?.message ?? (args.response.ok ? "Platform API returned an invalid success payload." : "Platform API request failed.")),
400
+ message: policySummary ?? failureMessage ?? (args.response.ok ? "Platform API returned an invalid success payload." : "Platform API request failed."),
193
401
  status: args.response.status,
194
402
  invariant: failure?.invariant,
195
403
  suggestion: failure?.suggestion,
@@ -314,44 +522,12 @@ function createGatewayRequestClient(config = {}) {
314
522
  };
315
523
  }
316
524
 
317
- // src/opinion.ts
318
- function clamp01(value) {
319
- if (!Number.isFinite(value)) {
320
- return 0;
321
- }
322
- return Math.max(0, Math.min(1, value));
323
- }
324
- function vacuous(baseRate = 0.5) {
325
- return { b: 0, d: 0, u: 1, a: clamp01(baseRate) };
326
- }
327
- function dogmatic(probability, baseRate = 0.5) {
328
- const p = clamp01(probability);
329
- return { b: p, d: 1 - p, u: 0, a: clamp01(baseRate) };
330
- }
331
- function opinionFromBaseRate(probability) {
332
- return vacuous(clamp01(probability));
333
- }
334
- function opinionFromDogmatic(probability, baseRate = 0.5) {
335
- return dogmatic(clamp01(probability), clamp01(baseRate));
336
- }
337
- function opinionFromProjected(probability, uncertainty, baseRate = 0.5) {
338
- const p = clamp01(probability);
339
- const u = clamp01(uncertainty);
340
- const remainingMass = 1 - u;
341
- return {
342
- b: p * remainingMass,
343
- d: (1 - p) * remainingMass,
344
- u,
345
- a: clamp01(baseRate)
346
- };
347
- }
348
-
349
525
  // src/sdkSurface.ts
350
- function cleanString(value) {
526
+ function cleanString2(value) {
351
527
  return typeof value === "string" && value.trim().length > 0 ? value.trim() : void 0;
352
528
  }
353
529
  function normalizeVerificationStatus(value) {
354
- const status = cleanString(value);
530
+ const status = cleanString2(value);
355
531
  if (!status) {
356
532
  return void 0;
357
533
  }
@@ -364,10 +540,10 @@ function normalizeVerificationStatus(value) {
364
540
  return status;
365
541
  }
366
542
  function resolveTopicId(value) {
367
- return cleanString(value.topicId);
543
+ return cleanString2(value.topicId);
368
544
  }
369
545
  function resolveText(value) {
370
- return cleanString(value.text) ?? cleanString(value.canonicalText);
546
+ return cleanString2(value.text) ?? cleanString2(value.canonicalText);
371
547
  }
372
548
  function normalizeNodeWriteInput(value) {
373
549
  const topicId = resolveTopicId(value);
@@ -401,7 +577,7 @@ function readString(value) {
401
577
  function readNumber(value) {
402
578
  return typeof value === "number" && Number.isFinite(value) ? value : void 0;
403
579
  }
404
- function clamp012(value) {
580
+ function clamp01(value) {
405
581
  return Math.max(0, Math.min(1, value));
406
582
  }
407
583
  function normalizeOpinionTuple(record) {
@@ -410,20 +586,16 @@ function normalizeOpinionTuple(record) {
410
586
  const rawDisbelief = readNumber(opinion.d) ?? readNumber(record.disbelief);
411
587
  const rawUncertainty = readNumber(opinion.u) ?? readNumber(record.uncertainty);
412
588
  const rawBaseRate = readNumber(opinion.a) ?? readNumber(record.baseRate);
413
- if (rawBelief === void 0 && rawDisbelief === void 0 && rawUncertainty === void 0) {
414
- const projected = clamp012(readNumber(record.confidence) ?? 0);
415
- return {
416
- b: projected,
417
- d: 1 - projected,
418
- u: 0,
419
- a: 0.5
420
- };
589
+ if (rawBelief === void 0 || rawDisbelief === void 0 || rawUncertainty === void 0 || rawBaseRate === void 0) {
590
+ throw new Error(
591
+ "Gateway opinion history entries must include belief, disbelief, uncertainty, and baseRate."
592
+ );
421
593
  }
422
594
  return {
423
- b: clamp012(rawBelief ?? 0),
424
- d: clamp012(rawDisbelief ?? 0),
425
- u: clamp012(rawUncertainty ?? 0),
426
- a: clamp012(rawBaseRate ?? 0.5)
595
+ b: clamp01(rawBelief),
596
+ d: clamp01(rawDisbelief),
597
+ u: clamp01(rawUncertainty),
598
+ a: clamp01(rawBaseRate)
427
599
  };
428
600
  }
429
601
  function mapOpinionHistoryEntriesFromGatewayData(payload) {
@@ -431,28 +603,28 @@ function mapOpinionHistoryEntriesFromGatewayData(payload) {
431
603
  return entries.map((value) => {
432
604
  const record = asRecord(value);
433
605
  const tuple = normalizeOpinionTuple(record);
434
- const projected = readNumber(record.confidence) ?? clamp012(tuple.b + tuple.a * tuple.u);
606
+ const projected = readNumber(record.confidence) ?? clamp01(tuple.b + tuple.a * tuple.u);
435
607
  const triggeringEvidenceId = readString(record.triggeringEvidenceId);
608
+ const triggeringQuestionId = readString(record.triggeringQuestionId);
609
+ const triggeringAnswerId = readString(record.triggeringAnswerId);
610
+ const triggeringContradictionId = readString(
611
+ record.triggeringContradictionId
612
+ );
436
613
  const triggeringWorktreeId = readString(record.triggeringWorktreeId);
614
+ const triggeringRef = triggeringEvidenceId ? { kind: "evidence", id: triggeringEvidenceId } : triggeringQuestionId ? { kind: "question", id: triggeringQuestionId } : triggeringAnswerId ? { kind: "answer", id: triggeringAnswerId } : triggeringContradictionId ? { kind: "contradiction", id: triggeringContradictionId } : triggeringWorktreeId ? { kind: "worktree", id: triggeringWorktreeId } : void 0;
615
+ const trigger = readString(record.trigger);
616
+ if (!trigger) {
617
+ throw new Error("Gateway opinion history entries must include trigger.");
618
+ }
437
619
  return {
438
620
  t: readNumber(record.timestamp) ?? readNumber(record.assessedAt) ?? 0,
439
621
  b: tuple.b,
440
622
  d: tuple.d,
441
623
  u: tuple.u,
442
624
  a: tuple.a,
443
- P: clamp012(projected),
444
- trigger: readString(record.trigger) ?? "manual",
445
- ...triggeringEvidenceId ? {
446
- triggeringRef: {
447
- kind: "evidence",
448
- id: triggeringEvidenceId
449
- }
450
- } : triggeringWorktreeId ? {
451
- triggeringRef: {
452
- kind: "worktree",
453
- id: triggeringWorktreeId
454
- }
455
- } : {},
625
+ P: clamp01(projected),
626
+ trigger,
627
+ ...triggeringRef ? { triggeringRef } : {},
456
628
  ...readString(record.rationale) ? { rationale: readString(record.rationale) } : {},
457
629
  ...readString(record.userId) ? { userId: readString(record.userId) } : {},
458
630
  ...readString(record.slOperator) ? { slOperator: readString(record.slOperator) } : {}
@@ -460,11 +632,7 @@ function mapOpinionHistoryEntriesFromGatewayData(payload) {
460
632
  }).sort((left, right) => left.t - right.t);
461
633
  }
462
634
  function normalizeModulateConfidenceInput(input) {
463
- const opinion = "opinion" in input ? input.opinion : input.interpretation === "base_rate" ? opinionFromBaseRate(input.confidence) : input.interpretation === "dogmatic" ? opinionFromDogmatic(input.confidence, input.baseRate) : opinionFromProjected(
464
- input.confidence,
465
- input.uncertainty,
466
- input.baseRate
467
- );
635
+ const opinion = input.opinion;
468
636
  return {
469
637
  belief: opinion.b,
470
638
  disbelief: opinion.d,
@@ -472,20 +640,23 @@ function normalizeModulateConfidenceInput(input) {
472
640
  baseRate: opinion.a,
473
641
  trigger: input.trigger,
474
642
  rationale: input.rationale,
643
+ triggeringEvidenceId: input.triggeringEvidenceId,
644
+ triggeringQuestionId: input.triggeringQuestionId,
645
+ triggeringAnswerId: input.triggeringAnswerId,
646
+ triggeringContradictionId: input.triggeringContradictionId,
647
+ triggeringWorktreeId: input.triggeringWorktreeId,
475
648
  maxInlinePropagationTargets: input.maxInlinePropagationTargets
476
649
  };
477
650
  }
478
651
  function createBeliefsClient(config = {}) {
479
652
  const gateway = createGatewayRequestClient(config);
480
- function requireBaseRate(value) {
653
+ function normalizeBaseRate(value) {
481
654
  const baseRate = readNumber(value);
482
- if (baseRate === void 0) {
483
- throw new Error("baseRate is required for belief creation.");
484
- }
485
- if (baseRate < 0 || baseRate > 1) {
655
+ const normalized = baseRate ?? 0.5;
656
+ if (normalized < 0 || normalized > 1) {
486
657
  throw new Error("baseRate must be within [0, 1].");
487
658
  }
488
- return baseRate;
659
+ return normalized;
489
660
  }
490
661
  const modulateConfidence = async (beliefId, input, idempotencyKey) => gateway.request({
491
662
  path: `/api/platform/v1/beliefs/${encodeURIComponent(beliefId)}/confidence`,
@@ -493,18 +664,18 @@ function createBeliefsClient(config = {}) {
493
664
  body: normalizeModulateConfidenceInput(input),
494
665
  idempotencyKey: idempotencyKey ?? randomIdempotencyKey()
495
666
  });
496
- async function getOpinionHistory(beliefId) {
667
+ const getOpinionHistory = async (beliefId) => {
497
668
  const response = await gateway.request({
498
669
  path: `/api/platform/v1/beliefs/${encodeURIComponent(beliefId)}/confidence-history`
499
670
  });
500
671
  return mapOpinionHistoryEntriesFromGatewayData(response.data);
501
- }
672
+ };
502
673
  return {
503
674
  /**
504
675
  * Create a belief within a topic scope.
505
676
  */
506
677
  async createBelief(input, idempotencyKey) {
507
- const baseRate = requireBaseRate(input.baseRate);
678
+ const baseRate = normalizeBaseRate(input.baseRate);
508
679
  return gateway.request({
509
680
  path: "/api/platform/v1/beliefs",
510
681
  method: "POST",
@@ -543,13 +714,9 @@ function createBeliefsClient(config = {}) {
543
714
  * trigger = cause of the score change
544
715
  * triggeringRef = optional pointer to the evidence or worktree that drove the change
545
716
  */
546
- async getOpinionHistory(beliefId) {
547
- return getOpinionHistory(beliefId);
548
- },
717
+ getOpinionHistory,
549
718
  /** @deprecated Use getOpinionHistory(). */
550
- async getConfidenceHistory(beliefId) {
551
- return getOpinionHistory(beliefId);
552
- },
719
+ getConfidenceHistory: getOpinionHistory,
553
720
  /**
554
721
  * Fork a scored belief into a new formulation.
555
722
  */