@lucern/sdk 0.3.0-alpha.1 → 0.3.0-alpha.11

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (221) hide show
  1. package/CHANGELOG.md +3 -0
  2. package/README.md +51 -4
  3. package/dist/accessControl.d.ts +78 -0
  4. package/dist/accessControl.js +1118 -0
  5. package/dist/accessControl.js.map +1 -0
  6. package/dist/adminClient.d.ts +10 -8
  7. package/dist/adminClient.js +242 -39
  8. package/dist/adminClient.js.map +1 -1
  9. package/dist/answersClient.d.ts +2 -0
  10. package/dist/answersClient.js +221 -11
  11. package/dist/answersClient.js.map +1 -1
  12. package/dist/audience/index.d.ts +2 -1
  13. package/dist/audience/index.js +1 -3
  14. package/dist/audience/index.js.map +1 -1
  15. package/dist/audiencesClient.d.ts +18 -16
  16. package/dist/audiencesClient.js +297 -90
  17. package/dist/audiencesClient.js.map +1 -1
  18. package/dist/auditClient.d.ts +2 -0
  19. package/dist/auditClient.js +227 -15
  20. package/dist/auditClient.js.map +1 -1
  21. package/dist/authContext.d.ts +56 -0
  22. package/dist/authContext.js +170 -0
  23. package/dist/authContext.js.map +1 -0
  24. package/dist/authDeviceClient.d.ts +49 -0
  25. package/dist/authDeviceClient.js +121 -0
  26. package/dist/authDeviceClient.js.map +1 -0
  27. package/dist/beliefs/index.d.ts +26 -5
  28. package/dist/beliefs/index.js +3625 -1140
  29. package/dist/beliefs/index.js.map +1 -1
  30. package/dist/beliefsClient.d.ts +4 -2
  31. package/dist/beliefsClient.js +230 -26
  32. package/dist/beliefsClient.js.map +1 -1
  33. package/dist/boundaryClientSurface.d.ts +20 -0
  34. package/dist/boundaryClientSurface.js +73 -0
  35. package/dist/boundaryClientSurface.js.map +1 -0
  36. package/dist/client.d.ts +2988 -27
  37. package/dist/client.js +3625 -1140
  38. package/dist/client.js.map +1 -1
  39. package/dist/clientHelpers.d.ts +48 -0
  40. package/dist/clientHelpers.js +137 -0
  41. package/dist/clientHelpers.js.map +1 -0
  42. package/dist/contextClient.d.ts +6 -3
  43. package/dist/contextClient.js +252 -30
  44. package/dist/contextClient.js.map +1 -1
  45. package/dist/contextFacade.js +25 -16
  46. package/dist/contextFacade.js.map +1 -1
  47. package/dist/contextPackCompiler.js +19 -30
  48. package/dist/contextPackCompiler.js.map +1 -1
  49. package/dist/contextPackPolicy.js +7 -17
  50. package/dist/contextPackPolicy.js.map +1 -1
  51. package/dist/contextTypes.d.ts +2 -0
  52. package/dist/contracts/api-enums.contract.d.ts +2 -2
  53. package/dist/contracts/api-enums.contract.js +6 -1
  54. package/dist/contracts/api-enums.contract.js.map +1 -1
  55. package/dist/contracts/index.d.ts +1 -0
  56. package/dist/contracts/index.js +120 -5
  57. package/dist/contracts/index.js.map +1 -1
  58. package/dist/contracts/lens-filter.contract.js +4 -3
  59. package/dist/contracts/lens-filter.contract.js.map +1 -1
  60. package/dist/contracts/lens-workflow.contract.js +4 -3
  61. package/dist/contracts/lens-workflow.contract.js.map +1 -1
  62. package/dist/contracts/lensFilter.js +4 -3
  63. package/dist/contracts/lensFilter.js.map +1 -1
  64. package/dist/contracts/lensWorkflow.js +4 -3
  65. package/dist/contracts/lensWorkflow.js.map +1 -1
  66. package/dist/contracts/mcpTools.d.ts +46 -1
  67. package/dist/contracts/mcpTools.js +108 -0
  68. package/dist/contracts/mcpTools.js.map +1 -1
  69. package/dist/contradictions/index.d.ts +25 -4
  70. package/dist/contradictions/index.js +3625 -1140
  71. package/dist/contradictions/index.js.map +1 -1
  72. package/dist/coreClient.d.ts +11 -1
  73. package/dist/coreClient.js +222 -14
  74. package/dist/coreClient.js.map +1 -1
  75. package/dist/decisions/index.d.ts +35 -14
  76. package/dist/decisions/index.js +3625 -1140
  77. package/dist/decisions/index.js.map +1 -1
  78. package/dist/decisionsClient.d.ts +6 -12
  79. package/dist/decisionsClient.js +235 -37
  80. package/dist/decisionsClient.js.map +1 -1
  81. package/dist/edges/index.d.ts +48 -87
  82. package/dist/edges/index.js +3625 -1140
  83. package/dist/edges/index.js.map +1 -1
  84. package/dist/embeddingsClient.d.ts +106 -0
  85. package/dist/embeddingsClient.js +731 -0
  86. package/dist/embeddingsClient.js.map +1 -0
  87. package/dist/eventingClient.d.ts +96 -0
  88. package/dist/eventingClient.js +728 -0
  89. package/dist/eventingClient.js.map +1 -0
  90. package/dist/events.js +6 -3
  91. package/dist/events.js.map +1 -1
  92. package/dist/eventsCore.d.ts +3 -1
  93. package/dist/eventsCore.js +222 -14
  94. package/dist/eventsCore.js.map +1 -1
  95. package/dist/evidence/index.d.ts +25 -4
  96. package/dist/evidence/index.js +3625 -1140
  97. package/dist/evidence/index.js.map +1 -1
  98. package/dist/evidenceClient.d.ts +2 -0
  99. package/dist/evidenceClient.js +222 -14
  100. package/dist/evidenceClient.js.map +1 -1
  101. package/dist/facade/context.d.ts +2 -1
  102. package/dist/facade/context.js +25 -16
  103. package/dist/facade/context.js.map +1 -1
  104. package/dist/functionSurface.d.ts +143 -0
  105. package/dist/functionSurface.js +1204 -0
  106. package/dist/functionSurface.js.map +1 -0
  107. package/dist/functionSurfaceClient.d.ts +8 -0
  108. package/dist/functionSurfaceClient.js +1204 -0
  109. package/dist/functionSurfaceClient.js.map +1 -0
  110. package/dist/gatewayFacades.d.ts +64 -46
  111. package/dist/gatewayFacades.js +461 -128
  112. package/dist/gatewayFacades.js.map +1 -1
  113. package/dist/graphAnalysisClient.d.ts +192 -0
  114. package/dist/graphAnalysisClient.js +799 -0
  115. package/dist/graphAnalysisClient.js.map +1 -0
  116. package/dist/graphClient.d.ts +8 -13
  117. package/dist/graphClient.js +244 -45
  118. package/dist/graphClient.js.map +1 -1
  119. package/dist/graphIntel.d.ts +4 -0
  120. package/dist/graphIntel.js +3 -0
  121. package/dist/graphIntel.js.map +1 -0
  122. package/dist/graphIntelligence.d.ts +2 -0
  123. package/dist/graphIntelligence.js +47 -0
  124. package/dist/graphIntelligence.js.map +1 -0
  125. package/dist/graphRecommendationsClient.d.ts +56 -0
  126. package/dist/graphRecommendationsClient.js +664 -0
  127. package/dist/graphRecommendationsClient.js.map +1 -0
  128. package/dist/graphStateClassifierClient.d.ts +73 -0
  129. package/dist/graphStateClassifierClient.js +716 -0
  130. package/dist/graphStateClassifierClient.js.map +1 -0
  131. package/dist/harnessClient.d.ts +15 -24
  132. package/dist/harnessClient.js +235 -42
  133. package/dist/harnessClient.js.map +1 -1
  134. package/dist/identityClient.d.ts +97 -11
  135. package/dist/identityClient.js +409 -33
  136. package/dist/identityClient.js.map +1 -1
  137. package/dist/index.d.ts +30 -5
  138. package/dist/index.js +4272 -1225
  139. package/dist/index.js.map +1 -1
  140. package/dist/infisicalRuntime.d.ts +43 -0
  141. package/dist/infisicalRuntime.js +346 -0
  142. package/dist/infisicalRuntime.js.map +1 -0
  143. package/dist/jobsClient.d.ts +98 -0
  144. package/dist/jobsClient.js +726 -0
  145. package/dist/jobsClient.js.map +1 -0
  146. package/dist/learningClient.d.ts +8 -6
  147. package/dist/learningClient.js +252 -44
  148. package/dist/learningClient.js.map +1 -1
  149. package/dist/lenses/index.d.ts +77 -38
  150. package/dist/lenses/index.js +3625 -1140
  151. package/dist/lenses/index.js.map +1 -1
  152. package/dist/mcpClient.d.ts +28 -0
  153. package/dist/mcpClient.js +669 -0
  154. package/dist/mcpClient.js.map +1 -0
  155. package/dist/modelRuntimeClient.d.ts +72 -0
  156. package/dist/modelRuntimeClient.js +704 -0
  157. package/dist/modelRuntimeClient.js.map +1 -0
  158. package/dist/nodes/index.d.ts +64 -21
  159. package/dist/nodes/index.js +3625 -1140
  160. package/dist/nodes/index.js.map +1 -1
  161. package/dist/ontologies/index.d.ts +54 -32
  162. package/dist/ontologies/index.js +3625 -1140
  163. package/dist/ontologies/index.js.map +1 -1
  164. package/dist/ontologyClient.d.ts +19 -25
  165. package/dist/ontologyClient.js +258 -40
  166. package/dist/ontologyClient.js.map +1 -1
  167. package/dist/ontologyLinksClient.d.ts +71 -0
  168. package/dist/ontologyLinksClient.js +697 -0
  169. package/dist/ontologyLinksClient.js.map +1 -0
  170. package/dist/orgGraphSearchClient.d.ts +85 -0
  171. package/dist/orgGraphSearchClient.js +672 -0
  172. package/dist/orgGraphSearchClient.js.map +1 -0
  173. package/dist/packsClient.d.ts +11 -23
  174. package/dist/packsClient.js +234 -46
  175. package/dist/packsClient.js.map +1 -1
  176. package/dist/policyClient.d.ts +13 -10
  177. package/dist/policyClient.js +243 -25
  178. package/dist/policyClient.js.map +1 -1
  179. package/dist/questions/index.d.ts +25 -4
  180. package/dist/questions/index.js +3625 -1140
  181. package/dist/questions/index.js.map +1 -1
  182. package/dist/realtime/index.d.ts +1 -1
  183. package/dist/reportsClient.d.ts +9 -7
  184. package/dist/reportsClient.js +281 -53
  185. package/dist/reportsClient.js.map +1 -1
  186. package/dist/schemaClient.d.ts +5 -3
  187. package/dist/schemaClient.js +235 -29
  188. package/dist/schemaClient.js.map +1 -1
  189. package/dist/sdkSurface.d.ts +8 -3
  190. package/dist/sdkSurface.js +10 -6
  191. package/dist/sdkSurface.js.map +1 -1
  192. package/dist/secrets.d.ts +1 -0
  193. package/dist/secrets.js +3 -0
  194. package/dist/secrets.js.map +1 -0
  195. package/dist/sourcesClient.d.ts +2 -0
  196. package/dist/sourcesClient.js +222 -14
  197. package/dist/sourcesClient.js.map +1 -1
  198. package/dist/telemetryClient.d.ts +94 -0
  199. package/dist/telemetryClient.js +741 -0
  200. package/dist/telemetryClient.js.map +1 -0
  201. package/dist/toolRegistryClient.d.ts +115 -0
  202. package/dist/toolRegistryClient.js +767 -0
  203. package/dist/toolRegistryClient.js.map +1 -0
  204. package/dist/topics/index.d.ts +36 -9
  205. package/dist/topics/index.js +3627 -1140
  206. package/dist/topics/index.js.map +1 -1
  207. package/dist/topicsClient.d.ts +4 -0
  208. package/dist/topicsClient.js +237 -24
  209. package/dist/topicsClient.js.map +1 -1
  210. package/dist/types.d.ts +5 -0
  211. package/dist/version.d.ts +1 -1
  212. package/dist/version.js +1 -1
  213. package/dist/version.js.map +1 -1
  214. package/dist/workflowClient.d.ts +58 -40
  215. package/dist/workflowClient.js +243 -58
  216. package/dist/workflowClient.js.map +1 -1
  217. package/dist/worktrees/index.d.ts +70 -33
  218. package/dist/worktrees/index.js +3625 -1140
  219. package/dist/worktrees/index.js.map +1 -1
  220. package/package.json +13 -3
  221. package/dist/client-B6aWUUwp.d.ts +0 -2552
@@ -5,6 +5,8 @@ export { LucernApiError } from './coreClient.js';
5
5
  import './contracts/workflow-runtime.contract.js';
6
6
  import './contracts/lens-workflow.contract.js';
7
7
  import './contracts/lens-filter.contract.js';
8
+ import './authContext.js';
9
+ import './contracts/auth-session.contract.js';
8
10
 
9
11
  /** Configuration for the decisions client. */
10
12
  type DecisionsClientConfig = GatewayClientConfig;
@@ -82,10 +84,6 @@ declare function createDecisionsClient(config?: DecisionsClientConfig): {
82
84
  * List judgments still awaiting outcome review.
83
85
  */
84
86
  listPendingOutcomeReviews(query: ListPendingJudgmentOutcomeReviewInput): Promise<PlatformGatewaySuccess<ListResult<PendingJudgmentOutcomeRecord, "reviews">>>;
85
- /**
86
- * @deprecated Use listPendingOutcomeReviews.
87
- */
88
- listPendingJudgmentOutcomeReview(query: ListPendingJudgmentOutcomeReviewInput): Promise<PlatformGatewaySuccess<ListResult<PendingJudgmentOutcomeRecord, "reviews">>>;
89
87
  /**
90
88
  * Get audit integrity checks for judgment transitions.
91
89
  */
@@ -94,18 +92,14 @@ declare function createDecisionsClient(config?: DecisionsClientConfig): {
94
92
  * Create a judgment.
95
93
  */
96
94
  createJudgment(input: RecordJudgmentInput, idempotencyKey?: string): Promise<PlatformGatewaySuccess<RecordJudgmentResponse>>;
97
- /**
98
- * @deprecated Use createJudgment.
99
- */
100
- recordJudgment(input: RecordJudgmentInput, idempotencyKey?: string): Promise<PlatformGatewaySuccess<RecordJudgmentResponse>>;
101
95
  /**
102
96
  * Update the outcome for an existing judgment.
103
97
  */
104
98
  updateJudgmentOutcome(judgmentId: string, input: RecordJudgmentOutcomeInput, idempotencyKey?: string): Promise<PlatformGatewaySuccess<RecordJudgmentOutcomeResponse>>;
105
- /**
106
- * @deprecated Use updateJudgmentOutcome.
107
- */
108
- recordJudgmentOutcome(judgmentId: string, input: RecordJudgmentOutcomeInput, idempotencyKey?: string): Promise<PlatformGatewaySuccess<RecordJudgmentOutcomeResponse>>;
99
+ } & {
100
+ listPendingJudgmentOutcomeReview: (query: ListPendingJudgmentOutcomeReviewInput) => Promise<PlatformGatewaySuccess<ListResult<PendingJudgmentOutcomeRecord, "reviews">>>;
101
+ recordJudgment: (input: RecordJudgmentInput, idempotencyKey?: string) => Promise<PlatformGatewaySuccess<RecordJudgmentResponse>>;
102
+ recordJudgmentOutcome: (judgmentId: string, input: RecordJudgmentOutcomeInput, idempotencyKey?: string) => Promise<PlatformGatewaySuccess<RecordJudgmentOutcomeResponse>>;
109
103
  };
110
104
 
111
105
  export { type DecisionsClientConfig, type GetJudgmentCalibrationInput, GetJudgmentResponse, type GetJudgmentTransitionAuditIntegrityInput, JudgmentCalibrationResponse, JudgmentReadinessResponse, JudgmentTransitionAuditIntegrityResponse, type ListJudgmentsInput, ListJudgmentsResponse, type ListPendingJudgmentOutcomeReviewInput, PlatformGatewaySuccess, type RecordJudgmentInput, type RecordJudgmentOutcomeInput, RecordJudgmentOutcomeResponse, RecordJudgmentResponse, createDecisionsClient };
@@ -1,3 +1,170 @@
1
+ // src/authContext.ts
2
+ var LucernSdkAuthContextError = class extends Error {
3
+ reason;
4
+ constructor(reason, message) {
5
+ super(message);
6
+ this.name = "LucernSdkAuthContextError";
7
+ this.reason = reason;
8
+ }
9
+ };
10
+ function cleanString(value) {
11
+ const normalized = value?.trim();
12
+ return normalized ? normalized : void 0;
13
+ }
14
+ function cleanStringList(values) {
15
+ if (!values) {
16
+ return [];
17
+ }
18
+ return values.map((value) => value.trim()).filter(
19
+ (value, index, list) => value.length > 0 && list.indexOf(value) === index
20
+ );
21
+ }
22
+ function requireString(value, reason, label) {
23
+ const normalized = cleanString(value);
24
+ if (!normalized) {
25
+ throw new LucernSdkAuthContextError(
26
+ reason,
27
+ `Canonical Lucern SDK auth context is missing ${label}.`
28
+ );
29
+ }
30
+ return normalized;
31
+ }
32
+ function requirePrincipalType(principalType) {
33
+ if (!principalType) {
34
+ throw new LucernSdkAuthContextError(
35
+ "principal_missing",
36
+ "Canonical Lucern SDK auth context is missing principalType."
37
+ );
38
+ }
39
+ return principalType;
40
+ }
41
+ function requireAuthMode(authMode) {
42
+ if (!authMode) {
43
+ throw new LucernSdkAuthContextError(
44
+ "principal_missing",
45
+ "Canonical Lucern SDK auth context is missing authMode."
46
+ );
47
+ }
48
+ return authMode;
49
+ }
50
+ function ensurePermitMatch(args) {
51
+ const actual = cleanString(args.actual);
52
+ if (actual && actual !== args.expected) {
53
+ throw new LucernSdkAuthContextError(
54
+ "policy_denied",
55
+ `Canonical Lucern SDK auth context has conflicting Permit ${args.field}.`
56
+ );
57
+ }
58
+ }
59
+ function normalizeCanonicalLucernAuthContext(input) {
60
+ if (!input) {
61
+ throw new LucernSdkAuthContextError(
62
+ "principal_missing",
63
+ "Canonical Lucern SDK auth context is required."
64
+ );
65
+ }
66
+ if (input.policyDecision === "deny") {
67
+ throw new LucernSdkAuthContextError(
68
+ "policy_denied",
69
+ "Canonical Lucern SDK auth context carries a denied policy decision."
70
+ );
71
+ }
72
+ const principalId = requireString(
73
+ input.principalId,
74
+ "principal_missing",
75
+ "principalId"
76
+ );
77
+ const tenantId = requireString(input.tenantId, "tenant_missing", "tenantId");
78
+ const workspaceId = requireString(
79
+ input.workspaceId,
80
+ "workspace_missing",
81
+ "workspaceId"
82
+ );
83
+ const roles = cleanStringList(input.roles);
84
+ const scopes = cleanStringList(input.scopes);
85
+ const principalType = requirePrincipalType(input.principalType);
86
+ const authMode = requireAuthMode(input.authMode);
87
+ const roleBasedInteractiveAuth = authMode === "interactive_user" && roles.length > 0;
88
+ if (roles.length === 0 || scopes.length === 0 && !roleBasedInteractiveAuth) {
89
+ throw new LucernSdkAuthContextError(
90
+ "membership_missing",
91
+ "Canonical Lucern SDK auth context requires non-empty roles and scopes."
92
+ );
93
+ }
94
+ const subject = cleanString(input.permit?.subject) ?? principalId;
95
+ const tenant = cleanString(input.permit?.tenant) ?? tenantId;
96
+ const workspace = cleanString(input.permit?.workspace) ?? workspaceId;
97
+ ensurePermitMatch({
98
+ field: "subject",
99
+ expected: principalId,
100
+ actual: subject
101
+ });
102
+ ensurePermitMatch({ field: "tenant", expected: tenantId, actual: tenant });
103
+ ensurePermitMatch({
104
+ field: "workspace",
105
+ expected: workspaceId,
106
+ actual: workspace
107
+ });
108
+ const context = input.permit?.context ? { ...input.permit.context } : void 0;
109
+ return {
110
+ clerkId: cleanString(input.clerkId),
111
+ principalId,
112
+ tenantId,
113
+ workspaceId,
114
+ principalType,
115
+ authMode,
116
+ roles,
117
+ scopes,
118
+ delegationChain: input.delegationChain ? [...input.delegationChain] : [],
119
+ policyTraceId: cleanString(input.policyTraceId),
120
+ correlationId: cleanString(input.correlationId),
121
+ membershipId: cleanString(input.membershipId),
122
+ permit: {
123
+ subject,
124
+ tenant,
125
+ workspace,
126
+ resource: cleanString(input.permit?.resource),
127
+ action: cleanString(input.permit?.action),
128
+ relation: cleanString(input.permit?.relation),
129
+ context
130
+ }
131
+ };
132
+ }
133
+ function createCanonicalAuthHeaders(authContext) {
134
+ const headers = {
135
+ "x-lucern-principal-id": authContext.principalId,
136
+ "x-lucern-principal-type": authContext.principalType,
137
+ "x-lucern-tenant": authContext.tenantId,
138
+ "x-lucern-tenant-id": authContext.tenantId,
139
+ "x-lucern-workspace": authContext.workspaceId,
140
+ "x-lucern-workspace-id": authContext.workspaceId,
141
+ "x-lucern-auth-mode": authContext.authMode,
142
+ "x-lucern-roles": authContext.roles.join(","),
143
+ "x-lucern-scopes": authContext.scopes.join(","),
144
+ "x-lucern-permit-context": JSON.stringify(authContext.permit)
145
+ };
146
+ if (authContext.clerkId) {
147
+ headers["x-lucern-clerk-id"] = authContext.clerkId;
148
+ headers["x-lucern-user-id"] = authContext.clerkId;
149
+ }
150
+ if (authContext.delegationChain.length > 0) {
151
+ headers["x-lucern-delegation-chain"] = JSON.stringify(
152
+ authContext.delegationChain
153
+ );
154
+ }
155
+ if (authContext.policyTraceId) {
156
+ headers["x-lucern-policy-trace-id"] = authContext.policyTraceId;
157
+ }
158
+ if (authContext.correlationId) {
159
+ headers["x-correlation-id"] = authContext.correlationId;
160
+ headers["x-lucern-correlation-id"] = authContext.correlationId;
161
+ }
162
+ if (authContext.membershipId) {
163
+ headers["x-lucern-membership-id"] = authContext.membershipId;
164
+ }
165
+ return headers;
166
+ }
167
+
1
168
  // src/coreClient.ts
2
169
  var LucernApiError = class extends Error {
3
170
  code;
@@ -65,9 +232,7 @@ function generatePortableRequestId() {
65
232
  8
66
233
  ).join("")}-${hex.slice(8, 10).join("")}-${hex.slice(10).join("")}`;
67
234
  }
68
- function randomIdempotencyKey() {
69
- return generatePortableRequestId();
70
- }
235
+ var randomIdempotencyKey = generatePortableRequestId;
71
236
  function isRetryableStatus(status) {
72
237
  return status >= 500 || status === 408 || status === 429;
73
238
  }
@@ -132,8 +297,11 @@ function timeoutError(timeoutMs) {
132
297
  error.name = "AbortError";
133
298
  return error;
134
299
  }
300
+ function isRecord(value) {
301
+ return value !== null && typeof value === "object" && !Array.isArray(value);
302
+ }
135
303
  function readPolicySummaryFromDetails(details) {
136
- if (!details || typeof details !== "object" || Array.isArray(details)) {
304
+ if (!isRecord(details)) {
137
305
  return null;
138
306
  }
139
307
  const directSummary = details.summary;
@@ -141,11 +309,11 @@ function readPolicySummaryFromDetails(details) {
141
309
  return directSummary.trim();
142
310
  }
143
311
  const policy = details.policy;
144
- if (!policy || typeof policy !== "object" || Array.isArray(policy)) {
312
+ if (!isRecord(policy)) {
145
313
  return null;
146
314
  }
147
315
  const explanation = policy.explanation;
148
- if (!explanation || typeof explanation !== "object" || Array.isArray(explanation)) {
316
+ if (!isRecord(explanation)) {
149
317
  return null;
150
318
  }
151
319
  const nestedSummary = explanation.summary;
@@ -154,16 +322,41 @@ function readPolicySummaryFromDetails(details) {
154
322
  }
155
323
  return null;
156
324
  }
325
+ async function resolveConfiguredAuthContext(authContext) {
326
+ if (typeof authContext === "function") {
327
+ return await authContext();
328
+ }
329
+ return authContext;
330
+ }
331
+ function mergeHeaderRecord(base, addition) {
332
+ const headers = new Headers(base);
333
+ for (const [key, value] of Object.entries(addition)) {
334
+ const existing = headers.get(key);
335
+ if (existing !== null && existing !== value) {
336
+ throw new LucernSdkAuthContextError(
337
+ "policy_denied",
338
+ `Canonical Lucern SDK auth context conflicts with existing ${key} header.`
339
+ );
340
+ }
341
+ headers.set(key, value);
342
+ }
343
+ return Object.fromEntries(headers.entries());
344
+ }
157
345
  function createGatewayRequestClient(config = {}) {
158
346
  const fetchImpl = config.fetchImpl ?? fetch;
159
347
  const baseUrl = config.baseUrl?.replace(/\/+$/, "") ?? "";
160
348
  const maxRetries = config.maxRetries ?? 2;
161
349
  const requestIdFactory = config.requestIdFactory ?? (() => generatePortableRequestId());
162
350
  async function resolveAuthHeaders() {
163
- if (!config.getAuthHeaders) {
164
- return {};
351
+ const base = config.getAuthHeaders ? await config.getAuthHeaders() : {};
352
+ const authContextInput = await resolveConfiguredAuthContext(
353
+ config.authContext
354
+ );
355
+ if (!authContextInput && !config.requireCanonicalAuthContext) {
356
+ return base;
165
357
  }
166
- return await config.getAuthHeaders();
358
+ const authContext = normalizeCanonicalLucernAuthContext(authContextInput);
359
+ return mergeHeaderRecord(base, createCanonicalAuthHeaders(authContext));
167
360
  }
168
361
  async function fetchWithTimeout(url, init, timeoutMs) {
169
362
  const controller = new AbortController();
@@ -184,11 +377,11 @@ function createGatewayRequestClient(config = {}) {
184
377
  if (!text) {
185
378
  return null;
186
379
  }
187
- try {
188
- return JSON.parse(text);
189
- } catch {
380
+ const parsed = tryParseGatewayEnvelopeJson(text);
381
+ if (!parsed.ok) {
190
382
  return null;
191
383
  }
384
+ return isRecord(parsed.value) ? parsed.value : null;
192
385
  }
193
386
  function resolveTimeoutMs(method, requestTimeoutMs) {
194
387
  if (typeof requestTimeoutMs === "number") {
@@ -200,16 +393,31 @@ function createGatewayRequestClient(config = {}) {
200
393
  }
201
394
  return config.timeoutMs ?? 15e3;
202
395
  }
396
+ function tryParseGatewayEnvelopeJson(text) {
397
+ const trimmed = text.trim();
398
+ if (!trimmed.startsWith("{") && !trimmed.startsWith("[")) {
399
+ return { ok: false, reason: "non-json" };
400
+ }
401
+ try {
402
+ return { ok: true, value: JSON.parse(trimmed) };
403
+ } catch (error) {
404
+ if (error instanceof SyntaxError) {
405
+ return { ok: false, reason: "invalid-json", error };
406
+ }
407
+ throw error;
408
+ }
409
+ }
203
410
  function buildApiError(args) {
204
411
  const failure = args.failure;
205
- const legacyError = failure && typeof failure.error === "object" && failure.error !== null ? failure.error : failure?.legacyError;
412
+ const legacyError = failure && isRecord(failure.error) ? failure.error : failure?.legacyError;
206
413
  const correlationId = failure?.correlationId ?? args.response.headers.get("x-lucern-correlation-id")?.trim() ?? args.requestId;
207
414
  const policyTraceId = failure?.policyTraceId ?? args.response.headers.get("x-lucern-policy-trace-id")?.trim() ?? null;
208
415
  const details = failure?.details ?? legacyError?.details;
209
416
  const policySummary = readPolicySummaryFromDetails(details);
417
+ const failureMessage = typeof failure?.error === "string" ? failure.error : legacyError?.message;
210
418
  return new LucernApiError({
211
419
  code: failure?.code ?? legacyError?.code ?? fallbackErrorCode(args.response.status),
212
- message: policySummary ?? (typeof failure?.error === "string" ? failure.error : legacyError?.message ?? (args.response.ok ? "Platform API returned an invalid success payload." : "Platform API request failed.")),
420
+ message: policySummary ?? failureMessage ?? (args.response.ok ? "Platform API returned an invalid success payload." : "Platform API request failed."),
213
421
  status: args.response.status,
214
422
  invariant: failure?.invariant,
215
423
  suggestion: failure?.suggestion,
@@ -335,21 +543,21 @@ function createGatewayRequestClient(config = {}) {
335
543
  }
336
544
 
337
545
  // src/sdkSurface.ts
338
- function cleanString(value) {
546
+ function cleanString2(value) {
339
547
  return typeof value === "string" && value.trim().length > 0 ? value.trim() : void 0;
340
548
  }
341
549
  function cloneWith(value, patch) {
342
550
  return { ...value, ...patch };
343
551
  }
344
552
  function withTopicAlias(value) {
345
- const topicId = cleanString(value.topicId) ?? void 0;
553
+ const topicId = cleanString2(value.topicId) ?? void 0;
346
554
  if (!topicId) {
347
555
  return value;
348
556
  }
349
557
  return cloneWith(value, { topicId });
350
558
  }
351
559
  function normalizeTopicQuery(value) {
352
- const topicId = cleanString(value.topicId);
560
+ const topicId = cleanString2(value.topicId);
353
561
  if (!topicId) {
354
562
  return value;
355
563
  }
@@ -361,7 +569,10 @@ function createListResult(items, legacyKey) {
361
569
  total: items.length
362
570
  };
363
571
  if (legacyKey) {
364
- result[legacyKey] = items;
572
+ return {
573
+ ...result,
574
+ [legacyKey]: items
575
+ };
365
576
  }
366
577
  return result;
367
578
  }
@@ -375,7 +586,7 @@ function mapGatewayData(response, mapper) {
375
586
  // src/decisionsClient.ts
376
587
  function createDecisionsClient(config = {}) {
377
588
  const gateway = createGatewayRequestClient(config);
378
- return {
589
+ const client = {
379
590
  /**
380
591
  * List judgments for a topic scope.
381
592
  */
@@ -453,12 +664,6 @@ function createDecisionsClient(config = {}) {
453
664
  })
454
665
  );
455
666
  },
456
- /**
457
- * @deprecated Use listPendingOutcomeReviews.
458
- */
459
- async listPendingJudgmentOutcomeReview(query) {
460
- return this.listPendingOutcomeReviews(query);
461
- },
462
667
  /**
463
668
  * Get audit integrity checks for judgment transitions.
464
669
  */
@@ -491,12 +696,6 @@ function createDecisionsClient(config = {}) {
491
696
  )
492
697
  );
493
698
  },
494
- /**
495
- * @deprecated Use createJudgment.
496
- */
497
- async recordJudgment(input, idempotencyKey) {
498
- return this.createJudgment(input, idempotencyKey);
499
- },
500
699
  /**
501
700
  * Update the outcome for an existing judgment.
502
701
  */
@@ -507,14 +706,13 @@ function createDecisionsClient(config = {}) {
507
706
  body: input,
508
707
  idempotencyKey: idempotencyKey ?? randomIdempotencyKey()
509
708
  });
510
- },
511
- /**
512
- * @deprecated Use updateJudgmentOutcome.
513
- */
514
- async recordJudgmentOutcome(judgmentId, input, idempotencyKey) {
515
- return this.updateJudgmentOutcome(judgmentId, input, idempotencyKey);
516
709
  }
517
710
  };
711
+ return Object.assign(client, {
712
+ listPendingJudgmentOutcomeReview: client.listPendingOutcomeReviews,
713
+ recordJudgment: client.createJudgment,
714
+ recordJudgmentOutcome: client.updateJudgmentOutcome
715
+ });
518
716
  }
519
717
 
520
718
  export { LucernApiError, createDecisionsClient };