@lucern/sdk 0.3.0-alpha.10 → 0.3.0-alpha.11

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (104) hide show
  1. package/README.md +1 -1
  2. package/dist/accessControl.d.ts +78 -0
  3. package/dist/accessControl.js +1118 -0
  4. package/dist/accessControl.js.map +1 -0
  5. package/dist/adminClient.js.map +1 -1
  6. package/dist/answersClient.js.map +1 -1
  7. package/dist/audiencesClient.js.map +1 -1
  8. package/dist/auditClient.js.map +1 -1
  9. package/dist/authContext.d.ts +1 -1
  10. package/dist/authContext.js.map +1 -1
  11. package/dist/beliefs/index.d.ts +1 -0
  12. package/dist/beliefs/index.js +799 -551
  13. package/dist/beliefs/index.js.map +1 -1
  14. package/dist/beliefsClient.js.map +1 -1
  15. package/dist/client.d.ts +27 -8
  16. package/dist/client.js +799 -551
  17. package/dist/client.js.map +1 -1
  18. package/dist/contextClient.js.map +1 -1
  19. package/dist/contracts/api-enums.contract.d.ts +1 -1
  20. package/dist/contracts/api-enums.contract.js +6 -1
  21. package/dist/contracts/api-enums.contract.js.map +1 -1
  22. package/dist/contracts/index.js +12 -1
  23. package/dist/contracts/index.js.map +1 -1
  24. package/dist/contracts/mcpTools.js +6 -0
  25. package/dist/contracts/mcpTools.js.map +1 -1
  26. package/dist/contradictions/index.d.ts +1 -0
  27. package/dist/contradictions/index.js +799 -551
  28. package/dist/contradictions/index.js.map +1 -1
  29. package/dist/coreClient.js.map +1 -1
  30. package/dist/decisions/index.d.ts +1 -0
  31. package/dist/decisions/index.js +799 -551
  32. package/dist/decisions/index.js.map +1 -1
  33. package/dist/decisionsClient.js.map +1 -1
  34. package/dist/edges/index.d.ts +1 -0
  35. package/dist/edges/index.js +799 -551
  36. package/dist/edges/index.js.map +1 -1
  37. package/dist/embeddingsClient.js.map +1 -1
  38. package/dist/eventingClient.js.map +1 -1
  39. package/dist/eventsCore.js.map +1 -1
  40. package/dist/evidence/index.d.ts +1 -0
  41. package/dist/evidence/index.js +799 -551
  42. package/dist/evidence/index.js.map +1 -1
  43. package/dist/evidenceClient.js.map +1 -1
  44. package/dist/functionSurface.js.map +1 -1
  45. package/dist/functionSurfaceClient.js.map +1 -1
  46. package/dist/gatewayFacades.d.ts +1 -0
  47. package/dist/gatewayFacades.js.map +1 -1
  48. package/dist/graphAnalysisClient.js.map +1 -1
  49. package/dist/graphClient.d.ts +1 -0
  50. package/dist/graphClient.js.map +1 -1
  51. package/dist/graphIntel.d.ts +1 -0
  52. package/dist/graphRecommendationsClient.js.map +1 -1
  53. package/dist/graphStateClassifierClient.js.map +1 -1
  54. package/dist/harnessClient.js.map +1 -1
  55. package/dist/identityClient.d.ts +1 -1
  56. package/dist/identityClient.js.map +1 -1
  57. package/dist/index.d.ts +2 -0
  58. package/dist/index.js +790 -490
  59. package/dist/index.js.map +1 -1
  60. package/dist/infisicalRuntime.d.ts +1 -0
  61. package/dist/infisicalRuntime.js +64 -32
  62. package/dist/infisicalRuntime.js.map +1 -1
  63. package/dist/jobsClient.js.map +1 -1
  64. package/dist/learningClient.js.map +1 -1
  65. package/dist/lenses/index.d.ts +1 -0
  66. package/dist/lenses/index.js +799 -551
  67. package/dist/lenses/index.js.map +1 -1
  68. package/dist/mcpClient.js +2 -1
  69. package/dist/mcpClient.js.map +1 -1
  70. package/dist/modelRuntimeClient.js.map +1 -1
  71. package/dist/nodes/index.d.ts +1 -0
  72. package/dist/nodes/index.js +799 -551
  73. package/dist/nodes/index.js.map +1 -1
  74. package/dist/ontologies/index.d.ts +1 -0
  75. package/dist/ontologies/index.js +799 -551
  76. package/dist/ontologies/index.js.map +1 -1
  77. package/dist/ontologyClient.js.map +1 -1
  78. package/dist/ontologyLinksClient.js.map +1 -1
  79. package/dist/orgGraphSearchClient.js.map +1 -1
  80. package/dist/packsClient.js.map +1 -1
  81. package/dist/policyClient.js.map +1 -1
  82. package/dist/questions/index.d.ts +1 -0
  83. package/dist/questions/index.js +799 -551
  84. package/dist/questions/index.js.map +1 -1
  85. package/dist/reportsClient.js.map +1 -1
  86. package/dist/schemaClient.js.map +1 -1
  87. package/dist/secrets.d.ts +1 -0
  88. package/dist/secrets.js +3 -0
  89. package/dist/secrets.js.map +1 -0
  90. package/dist/sourcesClient.js.map +1 -1
  91. package/dist/telemetryClient.js.map +1 -1
  92. package/dist/toolRegistryClient.js.map +1 -1
  93. package/dist/topics/index.d.ts +1 -0
  94. package/dist/topics/index.js +799 -551
  95. package/dist/topics/index.js.map +1 -1
  96. package/dist/topicsClient.js.map +1 -1
  97. package/dist/version.d.ts +1 -1
  98. package/dist/version.js +1 -1
  99. package/dist/version.js.map +1 -1
  100. package/dist/workflowClient.js.map +1 -1
  101. package/dist/worktrees/index.d.ts +1 -0
  102. package/dist/worktrees/index.js +799 -551
  103. package/dist/worktrees/index.js.map +1 -1
  104. package/package.json +5 -4
package/dist/client.js CHANGED
@@ -1048,6 +1048,574 @@ function createAdminClient(config = {}) {
1048
1048
  };
1049
1049
  }
1050
1050
 
1051
+ // src/boundaryClientSurface.ts
1052
+ function cleanOptionalString(value) {
1053
+ const normalized = value?.trim();
1054
+ return normalized ? normalized : void 0;
1055
+ }
1056
+ function isRecord3(value) {
1057
+ return Boolean(value) && typeof value === "object" && !Array.isArray(value);
1058
+ }
1059
+ function cleanRequiredString(value, label) {
1060
+ const normalized = cleanOptionalString(value);
1061
+ if (!normalized) {
1062
+ throw new Error(`${label} is required`);
1063
+ }
1064
+ return normalized;
1065
+ }
1066
+ function readTopicId(input) {
1067
+ return cleanOptionalString(input.topicId) ?? cleanOptionalString(input.projectId);
1068
+ }
1069
+ function requireTopicId(input) {
1070
+ const topicId = readTopicId(input);
1071
+ if (!topicId) {
1072
+ throw new Error("topicId is required");
1073
+ }
1074
+ return topicId;
1075
+ }
1076
+ function assertKnownKeys(input, allowed, operation) {
1077
+ const allowedSet = new Set(allowed);
1078
+ const unknownKeys = Object.keys(input).filter((key) => !allowedSet.has(key));
1079
+ if (unknownKeys.length > 0) {
1080
+ throw new Error(
1081
+ `${operation} received unsupported field(s): ${unknownKeys.join(", ")}`
1082
+ );
1083
+ }
1084
+ }
1085
+ function knownPayload(input, allowed, operation) {
1086
+ assertKnownKeys(input, allowed, operation);
1087
+ return { ...input };
1088
+ }
1089
+ function topicPayload(input, allowed, operation) {
1090
+ assertKnownKeys(input, allowed, operation);
1091
+ return {
1092
+ ...input,
1093
+ topicId: requireTopicId(input),
1094
+ projectId: void 0
1095
+ };
1096
+ }
1097
+ function listResultFromEnvelope(data, legacyKey) {
1098
+ const record = isRecord3(data) ? data : {};
1099
+ const legacyItems = record[legacyKey];
1100
+ return createListResult(
1101
+ Array.isArray(legacyItems) ? legacyItems : Array.isArray(data) ? data : [],
1102
+ legacyKey
1103
+ );
1104
+ }
1105
+
1106
+ // src/identityClient.ts
1107
+ function createIdentityWhoamiClient(config = {}) {
1108
+ const gateway = createGatewayRequestClient(config);
1109
+ return {
1110
+ async whoami() {
1111
+ return gateway.request({
1112
+ path: "/api/platform/v1/identity/whoami"
1113
+ });
1114
+ }
1115
+ };
1116
+ }
1117
+ var TENANT_IDENTITY_FIELDS = [
1118
+ "tenantId",
1119
+ "workspaceId",
1120
+ "principalId",
1121
+ "integrationKey",
1122
+ "secretRef",
1123
+ "policySubject",
1124
+ "policyAction",
1125
+ "policyResource",
1126
+ "decision",
1127
+ "config",
1128
+ "configKey",
1129
+ "configValue",
1130
+ "provider",
1131
+ "status",
1132
+ "metadata",
1133
+ "limit",
1134
+ "cursor"
1135
+ ];
1136
+ function tenantIdentityQuery(input) {
1137
+ return {
1138
+ tenantId: cleanRequiredString(input.tenantId, "tenantId"),
1139
+ workspaceId: input.workspaceId,
1140
+ principalId: input.principalId,
1141
+ limit: input.limit,
1142
+ cursor: input.cursor
1143
+ };
1144
+ }
1145
+ function tenantIdentityBody(input, operation) {
1146
+ return knownPayload(input, TENANT_IDENTITY_FIELDS, operation);
1147
+ }
1148
+ function createIdentityClient(config = {}) {
1149
+ const gateway = createGatewayRequestClient(config);
1150
+ const whoamiClient = createIdentityWhoamiClient(config);
1151
+ const requestPrincipalWrite = (method, input, idempotencyKey) => gateway.request({
1152
+ path: "/api/platform/v1/identity/principals",
1153
+ method,
1154
+ body: input,
1155
+ idempotencyKey: idempotencyKey ?? randomIdempotencyKey()
1156
+ });
1157
+ const updatePrincipal = (input, idempotencyKey) => requestPrincipalWrite("PATCH", input, idempotencyKey);
1158
+ const deleteKey = (keyId, input = {}, idempotencyKey) => gateway.request({
1159
+ path: `/api/platform/v1/identity/keys/${encodeURIComponent(keyId)}/revoke`,
1160
+ method: "POST",
1161
+ body: input,
1162
+ idempotencyKey: idempotencyKey ?? randomIdempotencyKey()
1163
+ });
1164
+ return {
1165
+ /**
1166
+ * Resolve the current authenticated identity summary.
1167
+ */
1168
+ async whoami() {
1169
+ return whoamiClient.whoami().then(
1170
+ (response) => mapGatewayData(response, (data) => ({
1171
+ principalId: data.principalId,
1172
+ principalType: data.principalType,
1173
+ tenantId: data.tenantId ?? null,
1174
+ workspaceId: data.workspaceId ?? null,
1175
+ scopes: Array.isArray(data.scopes) ? data.scopes : [],
1176
+ roles: Array.isArray(data.roles) ? data.roles : [],
1177
+ isPlatformAdmin: data.isPlatformAdmin === true,
1178
+ isTenantAdmin: data.isTenantAdmin === true,
1179
+ isWorkspaceAdmin: data.isWorkspaceAdmin === true,
1180
+ authMode: data.authMode,
1181
+ sessionId: data.sessionId,
1182
+ delegatedBy: data.delegatedBy,
1183
+ expiresAt: data.expiresAt
1184
+ }))
1185
+ );
1186
+ },
1187
+ /**
1188
+ * List principals in the current identity scope.
1189
+ */
1190
+ async listPrincipals(query5 = {}) {
1191
+ return gateway.request({
1192
+ path: `/api/platform/v1/identity/principals${toQueryString(query5)}`
1193
+ }).then(
1194
+ (response) => mapGatewayData(
1195
+ response,
1196
+ (data) => createListResult(
1197
+ Array.isArray(data) ? data : [],
1198
+ "principals"
1199
+ )
1200
+ )
1201
+ );
1202
+ },
1203
+ /**
1204
+ * Create a principal.
1205
+ */
1206
+ async createPrincipal(input, idempotencyKey) {
1207
+ return requestPrincipalWrite("POST", input, idempotencyKey);
1208
+ },
1209
+ /**
1210
+ * Update a principal.
1211
+ */
1212
+ updatePrincipal,
1213
+ /**
1214
+ * @deprecated Use createPrincipal or updatePrincipal.
1215
+ */
1216
+ upsertPrincipal: updatePrincipal,
1217
+ /**
1218
+ * List keys in the current identity scope.
1219
+ */
1220
+ async listKeys(query5 = {}) {
1221
+ return gateway.request({
1222
+ path: `/api/platform/v1/identity/keys${toQueryString(query5)}`
1223
+ }).then(
1224
+ (response) => mapGatewayData(
1225
+ response,
1226
+ (data) => createListResult(Array.isArray(data) ? data : [], "keys")
1227
+ )
1228
+ );
1229
+ },
1230
+ /**
1231
+ * Create an API key.
1232
+ */
1233
+ async createKey(input, idempotencyKey) {
1234
+ return gateway.request({
1235
+ path: "/api/platform/v1/identity/keys",
1236
+ method: "POST",
1237
+ body: input,
1238
+ idempotencyKey: idempotencyKey ?? randomIdempotencyKey()
1239
+ });
1240
+ },
1241
+ /**
1242
+ * Rotate an API key.
1243
+ */
1244
+ async rotateKey(keyId, input = {}, idempotencyKey) {
1245
+ return gateway.request({
1246
+ path: `/api/platform/v1/identity/keys/${encodeURIComponent(keyId)}/rotate`,
1247
+ method: "POST",
1248
+ body: input,
1249
+ idempotencyKey: idempotencyKey ?? randomIdempotencyKey()
1250
+ });
1251
+ },
1252
+ /**
1253
+ * Delete an API key by revoking it.
1254
+ */
1255
+ deleteKey,
1256
+ /**
1257
+ * @deprecated Use deleteKey.
1258
+ */
1259
+ revokeKey: deleteKey,
1260
+ /**
1261
+ * Search Clerk users by email or display attributes.
1262
+ */
1263
+ async searchClerkUsers(q) {
1264
+ return gateway.request({
1265
+ path: `/api/platform/v1/identity/clerk-users${toQueryString({ q })}`
1266
+ });
1267
+ },
1268
+ async getTenantConfig(input) {
1269
+ return gateway.request({
1270
+ path: `/api/platform/v1/identity/tenant-config${toQueryString(
1271
+ tenantIdentityQuery(input)
1272
+ )}`
1273
+ });
1274
+ },
1275
+ async updateTenantConfig(input, idempotencyKey) {
1276
+ cleanRequiredString(input.tenantId, "tenantId");
1277
+ return gateway.request({
1278
+ path: "/api/platform/v1/identity/tenant-config",
1279
+ method: "PATCH",
1280
+ body: tenantIdentityBody(
1281
+ input,
1282
+ "identity.updateTenantConfig"
1283
+ ),
1284
+ idempotencyKey: idempotencyKey ?? randomIdempotencyKey()
1285
+ });
1286
+ },
1287
+ async listIntegrations(input) {
1288
+ return gateway.request({
1289
+ path: `/api/platform/v1/identity/integrations${toQueryString(
1290
+ tenantIdentityQuery(input)
1291
+ )}`
1292
+ }).then(
1293
+ (response) => mapGatewayData(
1294
+ response,
1295
+ (data) => listResultFromEnvelope(
1296
+ data,
1297
+ "integrations"
1298
+ )
1299
+ )
1300
+ );
1301
+ },
1302
+ async upsertIntegration(input, idempotencyKey) {
1303
+ cleanRequiredString(input.tenantId, "tenantId");
1304
+ cleanRequiredString(input.integrationKey, "integrationKey");
1305
+ return gateway.request({
1306
+ path: "/api/platform/v1/identity/integrations",
1307
+ method: "PUT",
1308
+ body: tenantIdentityBody(
1309
+ input,
1310
+ "identity.upsertIntegration"
1311
+ ),
1312
+ idempotencyKey: idempotencyKey ?? randomIdempotencyKey()
1313
+ });
1314
+ },
1315
+ async listSecrets(input) {
1316
+ return gateway.request({
1317
+ path: `/api/platform/v1/identity/secrets${toQueryString(
1318
+ tenantIdentityQuery(input)
1319
+ )}`
1320
+ }).then(
1321
+ (response) => mapGatewayData(
1322
+ response,
1323
+ (data) => listResultFromEnvelope(
1324
+ data,
1325
+ "secrets"
1326
+ )
1327
+ )
1328
+ );
1329
+ },
1330
+ async putSecretReference(input, idempotencyKey) {
1331
+ cleanRequiredString(input.tenantId, "tenantId");
1332
+ cleanRequiredString(input.secretRef, "secretRef");
1333
+ return gateway.request({
1334
+ path: "/api/platform/v1/identity/secrets",
1335
+ method: "PUT",
1336
+ body: tenantIdentityBody(
1337
+ input,
1338
+ "identity.putSecretReference"
1339
+ ),
1340
+ idempotencyKey: idempotencyKey ?? randomIdempotencyKey()
1341
+ });
1342
+ },
1343
+ async evaluatePolicy(input, idempotencyKey) {
1344
+ cleanRequiredString(input.tenantId, "tenantId");
1345
+ cleanRequiredString(input.policySubject, "policySubject");
1346
+ cleanRequiredString(input.policyAction, "policyAction");
1347
+ cleanRequiredString(input.policyResource, "policyResource");
1348
+ return gateway.request({
1349
+ path: "/api/platform/v1/identity/policy/evaluate",
1350
+ method: "POST",
1351
+ body: tenantIdentityBody(
1352
+ input,
1353
+ "identity.evaluatePolicy"
1354
+ ),
1355
+ idempotencyKey: idempotencyKey ?? randomIdempotencyKey()
1356
+ });
1357
+ },
1358
+ async recordPolicyDecision(input, idempotencyKey) {
1359
+ cleanRequiredString(input.tenantId, "tenantId");
1360
+ cleanRequiredString(input.decision, "decision");
1361
+ return gateway.request({
1362
+ path: "/api/platform/v1/identity/policy/decisions",
1363
+ method: "POST",
1364
+ body: tenantIdentityBody(
1365
+ input,
1366
+ "identity.recordPolicyDecision"
1367
+ ),
1368
+ idempotencyKey: idempotencyKey ?? randomIdempotencyKey()
1369
+ });
1370
+ }
1371
+ };
1372
+ }
1373
+
1374
+ // src/accessControl.ts
1375
+ var LucernAccessControlError = class extends LucernSdkAuthContextError {
1376
+ policyDecision;
1377
+ constructor(reason, message, policyDecision) {
1378
+ super(reason, message);
1379
+ this.name = "LucernAccessControlError";
1380
+ this.policyDecision = policyDecision;
1381
+ }
1382
+ };
1383
+ function cleanString3(value) {
1384
+ const normalized = value?.trim();
1385
+ return normalized ? normalized : void 0;
1386
+ }
1387
+ function cleanStringList2(values) {
1388
+ if (!values) {
1389
+ return [];
1390
+ }
1391
+ return [
1392
+ ...new Set(
1393
+ values.map((value) => value.trim()).filter((value) => value.length > 0)
1394
+ )
1395
+ ];
1396
+ }
1397
+ function requireString2(value, reason, label) {
1398
+ const normalized = cleanString3(value);
1399
+ if (!normalized) {
1400
+ throw new LucernAccessControlError(
1401
+ reason,
1402
+ `Lucern SDK access control requires ${label}.`
1403
+ );
1404
+ }
1405
+ return normalized;
1406
+ }
1407
+ function normalizePrincipalType(principalType) {
1408
+ if (principalType === "agent") {
1409
+ return "agent";
1410
+ }
1411
+ if (principalType === "service") {
1412
+ return "service";
1413
+ }
1414
+ return "human";
1415
+ }
1416
+ function aliasKey(alias) {
1417
+ return `${alias.provider}:${alias.providerProjectId ?? ""}:${alias.externalSubjectId}`;
1418
+ }
1419
+ function normalizeAliases(input, canonicalClerkUserId) {
1420
+ const aliases = /* @__PURE__ */ new Map();
1421
+ for (const alias of input ?? []) {
1422
+ const externalSubjectId = cleanString3(alias.externalSubjectId);
1423
+ if (!externalSubjectId) {
1424
+ continue;
1425
+ }
1426
+ const normalized = {
1427
+ provider: cleanString3(alias.provider) ?? "clerk",
1428
+ providerProjectId: cleanString3(alias.providerProjectId),
1429
+ externalSubjectId,
1430
+ status: cleanString3(alias.status)
1431
+ };
1432
+ aliases.set(aliasKey(normalized), normalized);
1433
+ }
1434
+ if (canonicalClerkUserId) {
1435
+ const canonicalAlias = {
1436
+ provider: "clerk",
1437
+ externalSubjectId: canonicalClerkUserId,
1438
+ status: "active"
1439
+ };
1440
+ aliases.set(aliasKey(canonicalAlias), canonicalAlias);
1441
+ }
1442
+ return [...aliases.values()];
1443
+ }
1444
+ function isKnownClerkSubject(args) {
1445
+ if (args.clerkId === args.canonicalClerkUserId) {
1446
+ return true;
1447
+ }
1448
+ return args.aliases.some(
1449
+ (alias) => alias.provider === "clerk" && alias.externalSubjectId === args.clerkId
1450
+ );
1451
+ }
1452
+ function authContextToPrincipalInput(input) {
1453
+ const normalized = normalizeCanonicalLucernAuthContext(input);
1454
+ return {
1455
+ principalId: normalized.principalId,
1456
+ principalType: normalized.principalType,
1457
+ canonicalClerkUserId: normalized.clerkId,
1458
+ clerkId: normalized.clerkId,
1459
+ tenantId: normalized.tenantId,
1460
+ workspaceId: normalized.workspaceId,
1461
+ roles: normalized.roles,
1462
+ scopes: normalized.scopes
1463
+ };
1464
+ }
1465
+ function isAuthContextInput(input) {
1466
+ return "authMode" in input || "permit" in input || "delegationChain" in input;
1467
+ }
1468
+ function normalizeCanonicalPrincipalIdentity(input, options = {}) {
1469
+ const principalInput = isAuthContextInput(input) ? authContextToPrincipalInput(input) : input;
1470
+ const principalId = requireString2(
1471
+ principalInput.principalId,
1472
+ "principal_missing",
1473
+ "principalId"
1474
+ );
1475
+ const principalType = normalizePrincipalType(principalInput.principalType);
1476
+ const observedClerkId = cleanString3(options.observedClerkId);
1477
+ const canonicalClerkUserId = cleanString3(principalInput.canonicalClerkUserId) ?? cleanString3(principalInput.clerkId);
1478
+ if (principalType === "human" && !canonicalClerkUserId) {
1479
+ throw new LucernAccessControlError(
1480
+ "clerk_alias_missing",
1481
+ "Human principals require one canonical Clerk user id."
1482
+ );
1483
+ }
1484
+ const aliases = normalizeAliases(
1485
+ principalInput.clerkIdentityAliases,
1486
+ canonicalClerkUserId
1487
+ );
1488
+ if (observedClerkId && !isKnownClerkSubject({
1489
+ clerkId: observedClerkId,
1490
+ canonicalClerkUserId,
1491
+ aliases
1492
+ })) {
1493
+ throw new LucernAccessControlError(
1494
+ "clerk_alias_unrecognized",
1495
+ "Observed Clerk user id is not attached to the canonical Lucern principal."
1496
+ );
1497
+ }
1498
+ return {
1499
+ principalId,
1500
+ principalType,
1501
+ canonicalClerkUserId,
1502
+ clerkIdentityAliases: aliases,
1503
+ tenantId: cleanString3(principalInput.tenantId),
1504
+ workspaceId: cleanString3(principalInput.workspaceId),
1505
+ roles: cleanStringList2(principalInput.roles),
1506
+ scopes: cleanStringList2(principalInput.scopes)
1507
+ };
1508
+ }
1509
+ function formatPermitResource(resource) {
1510
+ if (typeof resource === "string") {
1511
+ return requireString2(resource, "policy_denied", "policyResource");
1512
+ }
1513
+ const type = requireString2(resource.type, "policy_denied", "resource.type");
1514
+ const key = requireString2(resource.key, "policy_denied", "resource.key");
1515
+ return key.startsWith(`${type}:`) ? key : `${type}:${key}`;
1516
+ }
1517
+ function resourceRequiresWorkspace(resource) {
1518
+ if (typeof resource === "string") {
1519
+ return !resource.startsWith("tenant:");
1520
+ }
1521
+ return resource.type !== "tenant";
1522
+ }
1523
+ function buildPolicyInput(identity, input) {
1524
+ const tenantId = requireString2(
1525
+ input.tenantId ?? identity.tenantId,
1526
+ "tenant_missing",
1527
+ "tenantId"
1528
+ );
1529
+ const workspaceId = cleanString3(input.workspaceId ?? identity.workspaceId);
1530
+ if (resourceRequiresWorkspace(input.resource) && !workspaceId) {
1531
+ throw new LucernAccessControlError(
1532
+ "workspace_missing",
1533
+ "Workspace-scoped Permit checks require workspaceId."
1534
+ );
1535
+ }
1536
+ return {
1537
+ tenantId,
1538
+ workspaceId,
1539
+ principalId: identity.principalId,
1540
+ policySubject: identity.principalId,
1541
+ policyAction: requireString2(input.action, "policy_denied", "policyAction"),
1542
+ policyResource: formatPermitResource(input.resource),
1543
+ metadata: input.context
1544
+ };
1545
+ }
1546
+ async function resolveConfiguredPrincipalInput(authContext) {
1547
+ if (typeof authContext === "function") {
1548
+ return await authContext();
1549
+ }
1550
+ return authContext;
1551
+ }
1552
+ function assertPermitAllowed(decision) {
1553
+ if (decision.decision !== "allow") {
1554
+ throw new LucernAccessControlError(
1555
+ decision.decision === "deny" ? "policy_denied" : "policy_unknown",
1556
+ `Permit denied ${decision.policyAction} on ${decision.policyResource}.`,
1557
+ decision
1558
+ );
1559
+ }
1560
+ }
1561
+ function createAccessControlClient(config = {}) {
1562
+ const identityClient = createIdentityClient(config);
1563
+ async function resolveIdentity(input, observedClerkId) {
1564
+ const identityInput = input ?? await resolveConfiguredPrincipalInput(config.authContext);
1565
+ if (!identityInput) {
1566
+ throw new LucernAccessControlError(
1567
+ "principal_missing",
1568
+ "Lucern SDK access control requires a canonical principal identity."
1569
+ );
1570
+ }
1571
+ return normalizeCanonicalPrincipalIdentity(identityInput, {
1572
+ observedClerkId
1573
+ });
1574
+ }
1575
+ async function checkAccess(input, idempotencyKey) {
1576
+ const identity = await resolveIdentity(input.identity, input.observedClerkId);
1577
+ const policyInput = buildPolicyInput(identity, input);
1578
+ try {
1579
+ const response = await identityClient.evaluatePolicy(
1580
+ policyInput,
1581
+ idempotencyKey
1582
+ );
1583
+ return {
1584
+ identity,
1585
+ policyInput,
1586
+ decision: response.data
1587
+ };
1588
+ } catch (error) {
1589
+ if (error instanceof LucernSdkAuthContextError) {
1590
+ throw error;
1591
+ }
1592
+ throw new LucernAccessControlError(
1593
+ "policy_unavailable",
1594
+ "Permit policy check failed closed before an allow decision was returned."
1595
+ );
1596
+ }
1597
+ }
1598
+ async function requireAccess(input, idempotencyKey) {
1599
+ const result = await checkAccess(input, idempotencyKey);
1600
+ assertPermitAllowed(result.decision);
1601
+ return result;
1602
+ }
1603
+ async function canAccess(input, idempotencyKey) {
1604
+ try {
1605
+ await requireAccess(input, idempotencyKey);
1606
+ return true;
1607
+ } catch {
1608
+ return false;
1609
+ }
1610
+ }
1611
+ return {
1612
+ normalizePrincipal: normalizeCanonicalPrincipalIdentity,
1613
+ checkAccess,
1614
+ requireAccess,
1615
+ canAccess
1616
+ };
1617
+ }
1618
+
1051
1619
  // src/answersClient.ts
1052
1620
  function createAnswersClient(config = {}) {
1053
1621
  const gateway = createGatewayRequestClient(config);
@@ -1215,7 +1783,7 @@ function authBaseUrl(config) {
1215
1783
  async function readJson(response) {
1216
1784
  try {
1217
1785
  const payload = await response.json();
1218
- return isRecord3(payload) ? payload : {};
1786
+ return isRecord4(payload) ? payload : {};
1219
1787
  } catch (error) {
1220
1788
  return unreadableJsonBodyFallback();
1221
1789
  }
@@ -1223,7 +1791,7 @@ async function readJson(response) {
1223
1791
  function unreadableJsonBodyFallback(_error) {
1224
1792
  return {};
1225
1793
  }
1226
- function isRecord3(value) {
1794
+ function isRecord4(value) {
1227
1795
  return value !== null && typeof value === "object" && !Array.isArray(value);
1228
1796
  }
1229
1797
  function readString(value) {
@@ -1266,7 +1834,7 @@ function assertDeviceTokenResponse(payload) {
1266
1834
  tenant_id: tenantId,
1267
1835
  workspace_id: readString(payload.workspace_id),
1268
1836
  principal_id: principalId,
1269
- user: isRecord3(payload.user) && typeof payload.user.id === "string" && typeof payload.user.principalId === "string" ? {
1837
+ user: isRecord4(payload.user) && typeof payload.user.id === "string" && typeof payload.user.principalId === "string" ? {
1270
1838
  id: payload.user.id,
1271
1839
  principalId: payload.user.principalId
1272
1840
  } : void 0
@@ -1612,61 +2180,6 @@ function createEvidenceClient(config = {}) {
1612
2180
  };
1613
2181
  }
1614
2182
 
1615
- // src/boundaryClientSurface.ts
1616
- function cleanOptionalString(value) {
1617
- const normalized = value?.trim();
1618
- return normalized ? normalized : void 0;
1619
- }
1620
- function isRecord4(value) {
1621
- return Boolean(value) && typeof value === "object" && !Array.isArray(value);
1622
- }
1623
- function cleanRequiredString(value, label) {
1624
- const normalized = cleanOptionalString(value);
1625
- if (!normalized) {
1626
- throw new Error(`${label} is required`);
1627
- }
1628
- return normalized;
1629
- }
1630
- function readTopicId(input) {
1631
- return cleanOptionalString(input.topicId) ?? cleanOptionalString(input.projectId);
1632
- }
1633
- function requireTopicId(input) {
1634
- const topicId = readTopicId(input);
1635
- if (!topicId) {
1636
- throw new Error("topicId is required");
1637
- }
1638
- return topicId;
1639
- }
1640
- function assertKnownKeys(input, allowed, operation) {
1641
- const allowedSet = new Set(allowed);
1642
- const unknownKeys = Object.keys(input).filter((key) => !allowedSet.has(key));
1643
- if (unknownKeys.length > 0) {
1644
- throw new Error(
1645
- `${operation} received unsupported field(s): ${unknownKeys.join(", ")}`
1646
- );
1647
- }
1648
- }
1649
- function knownPayload(input, allowed, operation) {
1650
- assertKnownKeys(input, allowed, operation);
1651
- return { ...input };
1652
- }
1653
- function topicPayload(input, allowed, operation) {
1654
- assertKnownKeys(input, allowed, operation);
1655
- return {
1656
- ...input,
1657
- topicId: requireTopicId(input),
1658
- projectId: void 0
1659
- };
1660
- }
1661
- function listResultFromEnvelope(data, legacyKey) {
1662
- const record = isRecord4(data) ? data : {};
1663
- const legacyItems = record[legacyKey];
1664
- return createListResult(
1665
- Array.isArray(legacyItems) ? legacyItems : Array.isArray(data) ? data : [],
1666
- legacyKey
1667
- );
1668
- }
1669
-
1670
2183
  // src/eventingClient.ts
1671
2184
  var EVENTING_FIELDS = [
1672
2185
  "tenantId",
@@ -2065,628 +2578,360 @@ function createOntologyClient(config = {}) {
2065
2578
  });
2066
2579
  },
2067
2580
  /**
2068
- * Bind an ontology definition to a topic.
2069
- */
2070
- async bind(input, idempotencyKey) {
2071
- return gateway.request({
2072
- path: `/api/platform/v1/ontologies/${encodeURIComponent(input.ontologyId)}/bind`,
2073
- method: "POST",
2074
- body: {
2075
- topicId: input.topicId
2076
- },
2077
- idempotencyKey: idempotencyKey ?? randomIdempotencyKey()
2078
- });
2079
- },
2080
- /**
2081
- * Create an ontology definition.
2082
- */
2083
- async createDefinition(input, idempotencyKey) {
2084
- return gateway.request({
2085
- path: "/api/platform/v1/ontologies",
2086
- method: "POST",
2087
- body: input,
2088
- idempotencyKey: idempotencyKey ?? randomIdempotencyKey()
2089
- });
2090
- },
2091
- /**
2092
- * Update an ontology definition.
2093
- */
2094
- async updateDefinition(id, input, idempotencyKey) {
2095
- return gateway.request({
2096
- path: `/api/platform/v1/ontologies/${encodeURIComponent(id)}`,
2097
- method: "PATCH",
2098
- body: input,
2099
- idempotencyKey: idempotencyKey ?? randomIdempotencyKey()
2100
- });
2101
- },
2102
- /**
2103
- * Archive an ontology definition.
2104
- */
2105
- async archiveDefinition(id, idempotencyKey) {
2106
- return gateway.request({
2107
- path: `/api/platform/v1/ontologies/${encodeURIComponent(id)}`,
2108
- method: "DELETE",
2109
- idempotencyKey: idempotencyKey ?? randomIdempotencyKey()
2110
- });
2111
- },
2112
- /**
2113
- * List versions for an ontology definition.
2114
- */
2115
- async listVersions(ontologyId, filters = {}) {
2116
- return gateway.request({
2117
- path: `/api/platform/v1/ontologies/${encodeURIComponent(ontologyId)}/versions${toQueryString(filters)}`
2118
- }).then(
2119
- (response) => mapGatewayData(
2120
- response,
2121
- (data) => createListResult(asListItems(data, "versions"), "versions")
2122
- )
2123
- );
2124
- },
2125
- /**
2126
- * Create an ontology version.
2127
- */
2128
- async createVersion(ontologyId, input, idempotencyKey) {
2129
- return gateway.request({
2130
- path: `/api/platform/v1/ontologies/${encodeURIComponent(ontologyId)}/versions`,
2131
- method: "POST",
2132
- body: input,
2133
- idempotencyKey: idempotencyKey ?? randomIdempotencyKey()
2134
- });
2135
- },
2136
- /**
2137
- * Publish an ontology version.
2138
- */
2139
- async publishVersion(ontologyId, versionId, idempotencyKey) {
2140
- return gateway.request({
2141
- path: `/api/platform/v1/ontologies/${encodeURIComponent(ontologyId)}/versions/${encodeURIComponent(versionId)}/publish`,
2142
- method: "POST",
2143
- idempotencyKey: idempotencyKey ?? randomIdempotencyKey()
2144
- });
2145
- },
2146
- /**
2147
- * Deprecate an ontology version.
2148
- */
2149
- async deprecateVersion(ontologyId, versionId, idempotencyKey) {
2150
- return gateway.request({
2151
- path: `/api/platform/v1/ontologies/${encodeURIComponent(ontologyId)}/versions/${encodeURIComponent(versionId)}/deprecate`,
2152
- method: "POST",
2153
- idempotencyKey: idempotencyKey ?? randomIdempotencyKey()
2154
- });
2155
- },
2156
- /**
2157
- * List topics directly bound to a specific ontology definition.
2158
- * Uses the topics gateway with ontologyId filter.
2159
- */
2160
- async listTopics(ontologyId) {
2161
- return gateway.request({
2162
- path: `/api/platform/v1/topics?ontologyId=${encodeURIComponent(ontologyId)}`
2163
- }).then(
2164
- (response) => mapGatewayData(
2165
- response,
2166
- (data) => createListResult(Array.isArray(data) ? data : [], "topics")
2167
- )
2168
- );
2169
- }
2170
- };
2171
- return Object.assign(client, {
2172
- listDefinitions: client.list,
2173
- getDefinition: client.get,
2174
- listTopicsByOntology: client.listTopics
2175
- });
2176
- }
2177
-
2178
- // src/graphClient.ts
2179
- function createGraphClient(config = {}) {
2180
- const gateway = createGatewayRequestClient(config);
2181
- const client = {
2182
- /**
2183
- * List graph nodes matching the provided filters.
2184
- */
2185
- async listNodes(query5) {
2186
- return gateway.request({
2187
- path: `/api/platform/v1/graph/nodes${toQueryString(
2188
- normalizeTopicQuery(query5)
2189
- )}`
2190
- }).then(
2191
- (response) => mapGatewayData(response, (data) => mapAliasedList(data, "nodes"))
2192
- );
2193
- },
2194
- /**
2195
- * Retrieve a single graph node by nodeId or globalId.
2196
- */
2197
- async getNode(query5) {
2198
- return gateway.request({
2199
- path: `/api/platform/v1/graph/nodes${toQueryString(query5)}`
2200
- }).then(
2201
- (response) => mapGatewayData(
2202
- response,
2203
- (data) => withSdkAliases(data)
2204
- )
2205
- );
2206
- },
2207
- /**
2208
- * Create a graph node.
2209
- */
2210
- async createNode(input, idempotencyKey) {
2211
- return gateway.request({
2212
- path: "/api/platform/v1/graph/nodes",
2213
- method: "POST",
2214
- body: normalizeNodeWriteInput(input),
2215
- idempotencyKey: idempotencyKey ?? randomIdempotencyKey()
2216
- }).then(
2217
- (response) => mapGatewayData(
2218
- response,
2219
- (data) => withSdkAliases(data)
2220
- )
2221
- );
2222
- },
2223
- /**
2224
- * Update a graph node.
2225
- */
2226
- async updateNode(input, idempotencyKey) {
2227
- return gateway.request({
2228
- path: "/api/platform/v1/graph/nodes",
2229
- method: "PUT",
2230
- body: normalizeNodeWriteInput(input),
2231
- idempotencyKey: idempotencyKey ?? randomIdempotencyKey()
2232
- }).then(
2233
- (response) => mapGatewayData(
2234
- response,
2235
- (data) => withSdkAliases(data)
2236
- )
2237
- );
2238
- },
2239
- /**
2240
- * Batch create graph nodes through the admin route surface.
2581
+ * Bind an ontology definition to a topic.
2241
2582
  */
2242
- async batchCreateNodes(input, idempotencyKey) {
2583
+ async bind(input, idempotencyKey) {
2243
2584
  return gateway.request({
2244
- path: "/api/platform/v1/graph/nodes/batch",
2585
+ path: `/api/platform/v1/ontologies/${encodeURIComponent(input.ontologyId)}/bind`,
2245
2586
  method: "POST",
2246
2587
  body: {
2247
- nodes: input.nodes.map((node) => normalizeNodeWriteInput(node))
2588
+ topicId: input.topicId
2248
2589
  },
2249
2590
  idempotencyKey: idempotencyKey ?? randomIdempotencyKey()
2250
2591
  });
2251
2592
  },
2252
2593
  /**
2253
- * Supersede an existing graph node with a new canonical version.
2594
+ * Create an ontology definition.
2254
2595
  */
2255
- async supersedeNode(input, idempotencyKey) {
2596
+ async createDefinition(input, idempotencyKey) {
2256
2597
  return gateway.request({
2257
- path: "/api/platform/v1/graph/nodes/supersede",
2598
+ path: "/api/platform/v1/ontologies",
2258
2599
  method: "POST",
2259
2600
  body: input,
2260
2601
  idempotencyKey: idempotencyKey ?? randomIdempotencyKey()
2261
2602
  });
2262
2603
  },
2263
2604
  /**
2264
- * Update a node's verification status.
2605
+ * Update an ontology definition.
2265
2606
  */
2266
- async verifyNode(input, idempotencyKey) {
2267
- const verificationStatus = normalizeNodeVerificationStatus(input.verificationStatus) ?? input.verificationStatus;
2607
+ async updateDefinition(id, input, idempotencyKey) {
2268
2608
  return gateway.request({
2269
- path: "/api/platform/v1/graph/nodes/verify",
2270
- method: "POST",
2271
- body: {
2272
- ...input,
2273
- verificationStatus
2274
- },
2609
+ path: `/api/platform/v1/ontologies/${encodeURIComponent(id)}`,
2610
+ method: "PATCH",
2611
+ body: input,
2275
2612
  idempotencyKey: idempotencyKey ?? randomIdempotencyKey()
2276
2613
  });
2277
2614
  },
2278
2615
  /**
2279
- * Permanently delete a node via the admin-only hard-delete route.
2616
+ * Archive an ontology definition.
2280
2617
  */
2281
- async hardDeleteNode(input, idempotencyKey) {
2618
+ async archiveDefinition(id, idempotencyKey) {
2282
2619
  return gateway.request({
2283
- path: "/api/platform/v1/graph/nodes/hard-delete",
2284
- method: "POST",
2285
- body: input,
2620
+ path: `/api/platform/v1/ontologies/${encodeURIComponent(id)}`,
2621
+ method: "DELETE",
2286
2622
  idempotencyKey: idempotencyKey ?? randomIdempotencyKey()
2287
2623
  });
2288
2624
  },
2289
2625
  /**
2290
- * List graph edges matching the provided filters.
2626
+ * List versions for an ontology definition.
2291
2627
  */
2292
- async listEdges(query5) {
2628
+ async listVersions(ontologyId, filters = {}) {
2293
2629
  return gateway.request({
2294
- path: `/api/platform/v1/graph/edges${toQueryString(
2295
- normalizeTopicQuery(query5)
2296
- )}`
2630
+ path: `/api/platform/v1/ontologies/${encodeURIComponent(ontologyId)}/versions${toQueryString(filters)}`
2297
2631
  }).then(
2298
2632
  (response) => mapGatewayData(
2299
2633
  response,
2300
- (data) => mapAliasedList(data, "edges")
2634
+ (data) => createListResult(asListItems(data, "versions"), "versions")
2301
2635
  )
2302
2636
  );
2303
2637
  },
2304
2638
  /**
2305
- * Create a graph edge.
2639
+ * Create an ontology version.
2306
2640
  */
2307
- async createEdge(input, idempotencyKey) {
2641
+ async createVersion(ontologyId, input, idempotencyKey) {
2308
2642
  return gateway.request({
2309
- path: "/api/platform/v1/graph/edges",
2643
+ path: `/api/platform/v1/ontologies/${encodeURIComponent(ontologyId)}/versions`,
2310
2644
  method: "POST",
2311
- body: normalizeTopicQuery(input),
2312
- idempotencyKey: idempotencyKey ?? randomIdempotencyKey()
2313
- });
2314
- },
2315
- /**
2316
- * Delete one or more edges matching the provided filter.
2317
- */
2318
- async deleteEdge(query5, idempotencyKey) {
2319
- return gateway.request({
2320
- path: `/api/platform/v1/graph/edges${toQueryString(query5)}`,
2321
- method: "DELETE",
2645
+ body: input,
2322
2646
  idempotencyKey: idempotencyKey ?? randomIdempotencyKey()
2323
2647
  });
2324
2648
  },
2325
2649
  /**
2326
- * Retrieve a graph neighborhood around a root node.
2327
- */
2328
- async neighborhood(query5) {
2329
- return gateway.request({
2330
- path: `/api/platform/v1/graph/neighborhood${toQueryString(query5)}`
2331
- });
2332
- },
2333
- /**
2334
- * Traverse the graph from a starting node.
2650
+ * Publish an ontology version.
2335
2651
  */
2336
- async traverse(query5) {
2652
+ async publishVersion(ontologyId, versionId, idempotencyKey) {
2337
2653
  return gateway.request({
2338
- path: "/api/platform/v1/graph/traverse",
2654
+ path: `/api/platform/v1/ontologies/${encodeURIComponent(ontologyId)}/versions/${encodeURIComponent(versionId)}/publish`,
2339
2655
  method: "POST",
2340
- body: normalizeTopicQuery(query5)
2341
- });
2342
- },
2343
- /**
2344
- * Analyze graph structure for a topic.
2345
- */
2346
- async analyze(query5 = {}) {
2347
- const normalized = normalizeTopicQuery(query5);
2348
- return gateway.request({
2349
- path: `/api/platform/v1/graph/analyze${toQueryString({
2350
- topicId: typeof normalized.topicId === "string" ? normalized.topicId : void 0,
2351
- metric: typeof normalized.metric === "string" ? normalized.metric : void 0,
2352
- limit: typeof normalized.limit === "number" ? normalized.limit : void 0
2353
- })}`
2354
- });
2355
- },
2356
- /**
2357
- * Detect confirmation-bias patterns for a topic graph.
2358
- */
2359
- async bias(query5 = {}) {
2360
- const normalized = normalizeTopicQuery(query5);
2361
- return gateway.request({
2362
- path: `/api/platform/v1/graph/bias${toQueryString({
2363
- topicId: typeof normalized.topicId === "string" ? normalized.topicId : void 0,
2364
- threshold: typeof normalized.threshold === "number" ? normalized.threshold : void 0,
2365
- limit: typeof normalized.limit === "number" ? normalized.limit : void 0
2366
- })}`
2367
- });
2368
- },
2369
- /**
2370
- * Find graph gaps for beliefs that still need testing.
2371
- */
2372
- async gaps(query5) {
2373
- const normalized = normalizeTopicQuery(query5);
2374
- return gateway.request({
2375
- path: `/api/platform/v1/graph/gaps${toQueryString({
2376
- topicId: typeof normalized.topicId === "string" ? normalized.topicId : void 0,
2377
- minConfidence: typeof normalized.minConfidence === "number" ? normalized.minConfidence : void 0
2378
- })}`
2656
+ idempotencyKey: idempotencyKey ?? randomIdempotencyKey()
2379
2657
  });
2380
2658
  },
2381
2659
  /**
2382
- * Search across graph resources within a topic.
2660
+ * Deprecate an ontology version.
2383
2661
  */
2384
- async search(query5) {
2662
+ async deprecateVersion(ontologyId, versionId, idempotencyKey) {
2385
2663
  return gateway.request({
2386
- path: "/api/platform/v1/search",
2664
+ path: `/api/platform/v1/ontologies/${encodeURIComponent(ontologyId)}/versions/${encodeURIComponent(versionId)}/deprecate`,
2387
2665
  method: "POST",
2388
- body: normalizeTopicQuery(query5)
2389
- });
2390
- },
2391
- /**
2392
- * Retrieve the shortest known path between two graph nodes.
2393
- */
2394
- async getPath(query5) {
2395
- return gateway.request({
2396
- path: `/api/platform/v1/graph/path${toQueryString(query5)}`
2666
+ idempotencyKey: idempotencyKey ?? randomIdempotencyKey()
2397
2667
  });
2398
2668
  },
2399
2669
  /**
2400
- * Retrieve graph analytics for the requested metric.
2670
+ * List topics directly bound to a specific ontology definition.
2671
+ * Uses the topics gateway with ontologyId filter.
2401
2672
  */
2402
- async getAnalytics(query5 = {}) {
2673
+ async listTopics(ontologyId) {
2403
2674
  return gateway.request({
2404
- path: `/api/platform/v1/graph/analytics${toQueryString(query5)}`
2405
- });
2675
+ path: `/api/platform/v1/topics?ontologyId=${encodeURIComponent(ontologyId)}`
2676
+ }).then(
2677
+ (response) => mapGatewayData(
2678
+ response,
2679
+ (data) => createListResult(Array.isArray(data) ? data : [], "topics")
2680
+ )
2681
+ );
2406
2682
  }
2407
2683
  };
2408
2684
  return Object.assign(client, {
2409
- queryNodes: client.listNodes,
2410
- queryEdges: client.listEdges,
2411
- getNeighborhood: client.neighborhood
2685
+ listDefinitions: client.list,
2686
+ getDefinition: client.get,
2687
+ listTopicsByOntology: client.listTopics
2412
2688
  });
2413
2689
  }
2414
2690
 
2415
- // src/identityClient.ts
2416
- function createIdentityWhoamiClient(config = {}) {
2691
+ // src/graphClient.ts
2692
+ function createGraphClient(config = {}) {
2417
2693
  const gateway = createGatewayRequestClient(config);
2418
- return {
2419
- async whoami() {
2694
+ const client = {
2695
+ /**
2696
+ * List graph nodes matching the provided filters.
2697
+ */
2698
+ async listNodes(query5) {
2420
2699
  return gateway.request({
2421
- path: "/api/platform/v1/identity/whoami"
2422
- });
2423
- }
2424
- };
2425
- }
2426
- var TENANT_IDENTITY_FIELDS = [
2427
- "tenantId",
2428
- "workspaceId",
2429
- "principalId",
2430
- "integrationKey",
2431
- "secretRef",
2432
- "policySubject",
2433
- "policyAction",
2434
- "policyResource",
2435
- "decision",
2436
- "config",
2437
- "configKey",
2438
- "configValue",
2439
- "provider",
2440
- "status",
2441
- "metadata",
2442
- "limit",
2443
- "cursor"
2444
- ];
2445
- function tenantIdentityQuery(input) {
2446
- return {
2447
- tenantId: cleanRequiredString(input.tenantId, "tenantId"),
2448
- workspaceId: input.workspaceId,
2449
- principalId: input.principalId,
2450
- limit: input.limit,
2451
- cursor: input.cursor
2452
- };
2453
- }
2454
- function tenantIdentityBody(input, operation) {
2455
- return knownPayload(input, TENANT_IDENTITY_FIELDS, operation);
2456
- }
2457
- function createIdentityClient(config = {}) {
2458
- const gateway = createGatewayRequestClient(config);
2459
- const whoamiClient = createIdentityWhoamiClient(config);
2460
- const requestPrincipalWrite = (method, input, idempotencyKey) => gateway.request({
2461
- path: "/api/platform/v1/identity/principals",
2462
- method,
2463
- body: input,
2464
- idempotencyKey: idempotencyKey ?? randomIdempotencyKey()
2465
- });
2466
- const updatePrincipal = (input, idempotencyKey) => requestPrincipalWrite("PATCH", input, idempotencyKey);
2467
- const deleteKey = (keyId, input = {}, idempotencyKey) => gateway.request({
2468
- path: `/api/platform/v1/identity/keys/${encodeURIComponent(keyId)}/revoke`,
2469
- method: "POST",
2470
- body: input,
2471
- idempotencyKey: idempotencyKey ?? randomIdempotencyKey()
2472
- });
2473
- return {
2700
+ path: `/api/platform/v1/graph/nodes${toQueryString(
2701
+ normalizeTopicQuery(query5)
2702
+ )}`
2703
+ }).then(
2704
+ (response) => mapGatewayData(response, (data) => mapAliasedList(data, "nodes"))
2705
+ );
2706
+ },
2474
2707
  /**
2475
- * Resolve the current authenticated identity summary.
2708
+ * Retrieve a single graph node by nodeId or globalId.
2476
2709
  */
2477
- async whoami() {
2478
- return whoamiClient.whoami().then(
2479
- (response) => mapGatewayData(response, (data) => ({
2480
- principalId: data.principalId,
2481
- principalType: data.principalType,
2482
- tenantId: data.tenantId ?? null,
2483
- workspaceId: data.workspaceId ?? null,
2484
- scopes: Array.isArray(data.scopes) ? data.scopes : [],
2485
- roles: Array.isArray(data.roles) ? data.roles : [],
2486
- isPlatformAdmin: data.isPlatformAdmin === true,
2487
- isTenantAdmin: data.isTenantAdmin === true,
2488
- isWorkspaceAdmin: data.isWorkspaceAdmin === true,
2489
- authMode: data.authMode,
2490
- sessionId: data.sessionId,
2491
- delegatedBy: data.delegatedBy,
2492
- expiresAt: data.expiresAt
2493
- }))
2710
+ async getNode(query5) {
2711
+ return gateway.request({
2712
+ path: `/api/platform/v1/graph/nodes${toQueryString(query5)}`
2713
+ }).then(
2714
+ (response) => mapGatewayData(
2715
+ response,
2716
+ (data) => withSdkAliases(data)
2717
+ )
2494
2718
  );
2495
2719
  },
2496
2720
  /**
2497
- * List principals in the current identity scope.
2721
+ * Create a graph node.
2498
2722
  */
2499
- async listPrincipals(query5 = {}) {
2723
+ async createNode(input, idempotencyKey) {
2500
2724
  return gateway.request({
2501
- path: `/api/platform/v1/identity/principals${toQueryString(query5)}`
2725
+ path: "/api/platform/v1/graph/nodes",
2726
+ method: "POST",
2727
+ body: normalizeNodeWriteInput(input),
2728
+ idempotencyKey: idempotencyKey ?? randomIdempotencyKey()
2502
2729
  }).then(
2503
2730
  (response) => mapGatewayData(
2504
2731
  response,
2505
- (data) => createListResult(
2506
- Array.isArray(data) ? data : [],
2507
- "principals"
2508
- )
2732
+ (data) => withSdkAliases(data)
2509
2733
  )
2510
2734
  );
2511
2735
  },
2512
2736
  /**
2513
- * Create a principal.
2514
- */
2515
- async createPrincipal(input, idempotencyKey) {
2516
- return requestPrincipalWrite("POST", input, idempotencyKey);
2517
- },
2518
- /**
2519
- * Update a principal.
2520
- */
2521
- updatePrincipal,
2522
- /**
2523
- * @deprecated Use createPrincipal or updatePrincipal.
2524
- */
2525
- upsertPrincipal: updatePrincipal,
2526
- /**
2527
- * List keys in the current identity scope.
2737
+ * Update a graph node.
2528
2738
  */
2529
- async listKeys(query5 = {}) {
2739
+ async updateNode(input, idempotencyKey) {
2530
2740
  return gateway.request({
2531
- path: `/api/platform/v1/identity/keys${toQueryString(query5)}`
2741
+ path: "/api/platform/v1/graph/nodes",
2742
+ method: "PUT",
2743
+ body: normalizeNodeWriteInput(input),
2744
+ idempotencyKey: idempotencyKey ?? randomIdempotencyKey()
2532
2745
  }).then(
2533
2746
  (response) => mapGatewayData(
2534
2747
  response,
2535
- (data) => createListResult(Array.isArray(data) ? data : [], "keys")
2748
+ (data) => withSdkAliases(data)
2536
2749
  )
2537
2750
  );
2538
2751
  },
2539
2752
  /**
2540
- * Create an API key.
2753
+ * Batch create graph nodes through the admin route surface.
2541
2754
  */
2542
- async createKey(input, idempotencyKey) {
2755
+ async batchCreateNodes(input, idempotencyKey) {
2543
2756
  return gateway.request({
2544
- path: "/api/platform/v1/identity/keys",
2757
+ path: "/api/platform/v1/graph/nodes/batch",
2545
2758
  method: "POST",
2546
- body: input,
2759
+ body: {
2760
+ nodes: input.nodes.map((node) => normalizeNodeWriteInput(node))
2761
+ },
2547
2762
  idempotencyKey: idempotencyKey ?? randomIdempotencyKey()
2548
2763
  });
2549
2764
  },
2550
2765
  /**
2551
- * Rotate an API key.
2766
+ * Supersede an existing graph node with a new canonical version.
2552
2767
  */
2553
- async rotateKey(keyId, input = {}, idempotencyKey) {
2768
+ async supersedeNode(input, idempotencyKey) {
2554
2769
  return gateway.request({
2555
- path: `/api/platform/v1/identity/keys/${encodeURIComponent(keyId)}/rotate`,
2770
+ path: "/api/platform/v1/graph/nodes/supersede",
2556
2771
  method: "POST",
2557
2772
  body: input,
2558
2773
  idempotencyKey: idempotencyKey ?? randomIdempotencyKey()
2559
2774
  });
2560
2775
  },
2561
2776
  /**
2562
- * Delete an API key by revoking it.
2563
- */
2564
- deleteKey,
2565
- /**
2566
- * @deprecated Use deleteKey.
2567
- */
2568
- revokeKey: deleteKey,
2569
- /**
2570
- * Search Clerk users by email or display attributes.
2777
+ * Update a node's verification status.
2571
2778
  */
2572
- async searchClerkUsers(q) {
2573
- return gateway.request({
2574
- path: `/api/platform/v1/identity/clerk-users${toQueryString({ q })}`
2575
- });
2576
- },
2577
- async getTenantConfig(input) {
2779
+ async verifyNode(input, idempotencyKey) {
2780
+ const verificationStatus = normalizeNodeVerificationStatus(input.verificationStatus) ?? input.verificationStatus;
2578
2781
  return gateway.request({
2579
- path: `/api/platform/v1/identity/tenant-config${toQueryString(
2580
- tenantIdentityQuery(input)
2581
- )}`
2782
+ path: "/api/platform/v1/graph/nodes/verify",
2783
+ method: "POST",
2784
+ body: {
2785
+ ...input,
2786
+ verificationStatus
2787
+ },
2788
+ idempotencyKey: idempotencyKey ?? randomIdempotencyKey()
2582
2789
  });
2583
2790
  },
2584
- async updateTenantConfig(input, idempotencyKey) {
2585
- cleanRequiredString(input.tenantId, "tenantId");
2791
+ /**
2792
+ * Permanently delete a node via the admin-only hard-delete route.
2793
+ */
2794
+ async hardDeleteNode(input, idempotencyKey) {
2586
2795
  return gateway.request({
2587
- path: "/api/platform/v1/identity/tenant-config",
2588
- method: "PATCH",
2589
- body: tenantIdentityBody(
2590
- input,
2591
- "identity.updateTenantConfig"
2592
- ),
2796
+ path: "/api/platform/v1/graph/nodes/hard-delete",
2797
+ method: "POST",
2798
+ body: input,
2593
2799
  idempotencyKey: idempotencyKey ?? randomIdempotencyKey()
2594
2800
  });
2595
2801
  },
2596
- async listIntegrations(input) {
2802
+ /**
2803
+ * List graph edges matching the provided filters.
2804
+ */
2805
+ async listEdges(query5) {
2597
2806
  return gateway.request({
2598
- path: `/api/platform/v1/identity/integrations${toQueryString(
2599
- tenantIdentityQuery(input)
2807
+ path: `/api/platform/v1/graph/edges${toQueryString(
2808
+ normalizeTopicQuery(query5)
2600
2809
  )}`
2601
2810
  }).then(
2602
2811
  (response) => mapGatewayData(
2603
2812
  response,
2604
- (data) => listResultFromEnvelope(
2605
- data,
2606
- "integrations"
2607
- )
2813
+ (data) => mapAliasedList(data, "edges")
2608
2814
  )
2609
2815
  );
2610
2816
  },
2611
- async upsertIntegration(input, idempotencyKey) {
2612
- cleanRequiredString(input.tenantId, "tenantId");
2613
- cleanRequiredString(input.integrationKey, "integrationKey");
2817
+ /**
2818
+ * Create a graph edge.
2819
+ */
2820
+ async createEdge(input, idempotencyKey) {
2614
2821
  return gateway.request({
2615
- path: "/api/platform/v1/identity/integrations",
2616
- method: "PUT",
2617
- body: tenantIdentityBody(
2618
- input,
2619
- "identity.upsertIntegration"
2620
- ),
2822
+ path: "/api/platform/v1/graph/edges",
2823
+ method: "POST",
2824
+ body: normalizeTopicQuery(input),
2621
2825
  idempotencyKey: idempotencyKey ?? randomIdempotencyKey()
2622
2826
  });
2623
2827
  },
2624
- async listSecrets(input) {
2828
+ /**
2829
+ * Delete one or more edges matching the provided filter.
2830
+ */
2831
+ async deleteEdge(query5, idempotencyKey) {
2625
2832
  return gateway.request({
2626
- path: `/api/platform/v1/identity/secrets${toQueryString(
2627
- tenantIdentityQuery(input)
2628
- )}`
2629
- }).then(
2630
- (response) => mapGatewayData(
2631
- response,
2632
- (data) => listResultFromEnvelope(
2633
- data,
2634
- "secrets"
2635
- )
2636
- )
2637
- );
2833
+ path: `/api/platform/v1/graph/edges${toQueryString(query5)}`,
2834
+ method: "DELETE",
2835
+ idempotencyKey: idempotencyKey ?? randomIdempotencyKey()
2836
+ });
2638
2837
  },
2639
- async putSecretReference(input, idempotencyKey) {
2640
- cleanRequiredString(input.tenantId, "tenantId");
2641
- cleanRequiredString(input.secretRef, "secretRef");
2838
+ /**
2839
+ * Retrieve a graph neighborhood around a root node.
2840
+ */
2841
+ async neighborhood(query5) {
2642
2842
  return gateway.request({
2643
- path: "/api/platform/v1/identity/secrets",
2644
- method: "PUT",
2645
- body: tenantIdentityBody(
2646
- input,
2647
- "identity.putSecretReference"
2648
- ),
2649
- idempotencyKey: idempotencyKey ?? randomIdempotencyKey()
2843
+ path: `/api/platform/v1/graph/neighborhood${toQueryString(query5)}`
2650
2844
  });
2651
2845
  },
2652
- async evaluatePolicy(input, idempotencyKey) {
2653
- cleanRequiredString(input.tenantId, "tenantId");
2654
- cleanRequiredString(input.policySubject, "policySubject");
2655
- cleanRequiredString(input.policyAction, "policyAction");
2656
- cleanRequiredString(input.policyResource, "policyResource");
2846
+ /**
2847
+ * Traverse the graph from a starting node.
2848
+ */
2849
+ async traverse(query5) {
2657
2850
  return gateway.request({
2658
- path: "/api/platform/v1/identity/policy/evaluate",
2851
+ path: "/api/platform/v1/graph/traverse",
2659
2852
  method: "POST",
2660
- body: tenantIdentityBody(
2661
- input,
2662
- "identity.evaluatePolicy"
2663
- ),
2664
- idempotencyKey: idempotencyKey ?? randomIdempotencyKey()
2853
+ body: normalizeTopicQuery(query5)
2665
2854
  });
2666
2855
  },
2667
- async recordPolicyDecision(input, idempotencyKey) {
2668
- cleanRequiredString(input.tenantId, "tenantId");
2669
- cleanRequiredString(input.decision, "decision");
2856
+ /**
2857
+ * Analyze graph structure for a topic.
2858
+ */
2859
+ async analyze(query5 = {}) {
2860
+ const normalized = normalizeTopicQuery(query5);
2670
2861
  return gateway.request({
2671
- path: "/api/platform/v1/identity/policy/decisions",
2862
+ path: `/api/platform/v1/graph/analyze${toQueryString({
2863
+ topicId: typeof normalized.topicId === "string" ? normalized.topicId : void 0,
2864
+ metric: typeof normalized.metric === "string" ? normalized.metric : void 0,
2865
+ limit: typeof normalized.limit === "number" ? normalized.limit : void 0
2866
+ })}`
2867
+ });
2868
+ },
2869
+ /**
2870
+ * Detect confirmation-bias patterns for a topic graph.
2871
+ */
2872
+ async bias(query5 = {}) {
2873
+ const normalized = normalizeTopicQuery(query5);
2874
+ return gateway.request({
2875
+ path: `/api/platform/v1/graph/bias${toQueryString({
2876
+ topicId: typeof normalized.topicId === "string" ? normalized.topicId : void 0,
2877
+ threshold: typeof normalized.threshold === "number" ? normalized.threshold : void 0,
2878
+ limit: typeof normalized.limit === "number" ? normalized.limit : void 0
2879
+ })}`
2880
+ });
2881
+ },
2882
+ /**
2883
+ * Find graph gaps for beliefs that still need testing.
2884
+ */
2885
+ async gaps(query5) {
2886
+ const normalized = normalizeTopicQuery(query5);
2887
+ return gateway.request({
2888
+ path: `/api/platform/v1/graph/gaps${toQueryString({
2889
+ topicId: typeof normalized.topicId === "string" ? normalized.topicId : void 0,
2890
+ minConfidence: typeof normalized.minConfidence === "number" ? normalized.minConfidence : void 0
2891
+ })}`
2892
+ });
2893
+ },
2894
+ /**
2895
+ * Search across graph resources within a topic.
2896
+ */
2897
+ async search(query5) {
2898
+ return gateway.request({
2899
+ path: "/api/platform/v1/search",
2672
2900
  method: "POST",
2673
- body: tenantIdentityBody(
2674
- input,
2675
- "identity.recordPolicyDecision"
2676
- ),
2677
- idempotencyKey: idempotencyKey ?? randomIdempotencyKey()
2901
+ body: normalizeTopicQuery(query5)
2902
+ });
2903
+ },
2904
+ /**
2905
+ * Retrieve the shortest known path between two graph nodes.
2906
+ */
2907
+ async getPath(query5) {
2908
+ return gateway.request({
2909
+ path: `/api/platform/v1/graph/path${toQueryString(query5)}`
2910
+ });
2911
+ },
2912
+ /**
2913
+ * Retrieve graph analytics for the requested metric.
2914
+ */
2915
+ async getAnalytics(query5 = {}) {
2916
+ return gateway.request({
2917
+ path: `/api/platform/v1/graph/analytics${toQueryString(query5)}`
2678
2918
  });
2679
2919
  }
2680
2920
  };
2921
+ return Object.assign(client, {
2922
+ queryNodes: client.listNodes,
2923
+ queryEdges: client.listEdges,
2924
+ getNeighborhood: client.neighborhood
2925
+ });
2681
2926
  }
2682
2927
 
2683
2928
  // src/topicsClient.ts
2684
- function cleanString3(value) {
2929
+ function cleanString4(value) {
2685
2930
  return typeof value === "string" && value.trim().length > 0 ? value.trim() : void 0;
2686
2931
  }
2687
2932
  function normalizeTopicRecord(value) {
2688
2933
  const record = asRecord(value);
2689
- const topicId = cleanString3(record.topicId) ?? cleanString3(record.id) ?? cleanString3(record._id);
2934
+ const topicId = cleanString4(record.topicId) ?? cleanString4(record.id) ?? cleanString4(record._id);
2690
2935
  return withTopicAlias({
2691
2936
  ...record,
2692
2937
  ...topicId ? { topicId } : {}
@@ -3899,7 +4144,7 @@ function createEmbeddingsClient(config = {}) {
3899
4144
  }
3900
4145
 
3901
4146
  // src/contextClient.ts
3902
- function cleanString4(value) {
4147
+ function cleanString5(value) {
3903
4148
  return typeof value === "string" && value.trim().length > 0 ? value.trim() : void 0;
3904
4149
  }
3905
4150
  function cleanNumber(value) {
@@ -3911,11 +4156,11 @@ function cleanBoolean(value) {
3911
4156
  function buildCompileContextRequest(topicIdOrInput = {}, input = {}) {
3912
4157
  const effectiveInput = typeof topicIdOrInput === "string" ? input : topicIdOrInput;
3913
4158
  const payload = {};
3914
- const topicId = typeof topicIdOrInput === "string" ? cleanString4(topicIdOrInput) : cleanString4(effectiveInput.topicId);
4159
+ const topicId = typeof topicIdOrInput === "string" ? cleanString5(topicIdOrInput) : cleanString5(effectiveInput.topicId);
3915
4160
  if (topicId) {
3916
4161
  payload.topicId = topicId;
3917
4162
  }
3918
- const query5 = cleanString4(effectiveInput.query);
4163
+ const query5 = cleanString5(effectiveInput.query);
3919
4164
  if (query5) {
3920
4165
  payload.query = query5;
3921
4166
  }
@@ -3923,7 +4168,7 @@ function buildCompileContextRequest(topicIdOrInput = {}, input = {}) {
3923
4168
  if (budget !== void 0) {
3924
4169
  payload.budget = budget;
3925
4170
  }
3926
- const ranking = cleanString4(effectiveInput.ranking) ?? cleanString4(effectiveInput.rankingProfile);
4171
+ const ranking = cleanString5(effectiveInput.ranking) ?? cleanString5(effectiveInput.rankingProfile);
3927
4172
  if (ranking) {
3928
4173
  payload.ranking = ranking;
3929
4174
  }
@@ -3939,7 +4184,7 @@ function buildCompileContextRequest(topicIdOrInput = {}, input = {}) {
3939
4184
  if (includeEntities !== void 0) {
3940
4185
  payload.includeEntities = includeEntities;
3941
4186
  }
3942
- const mode = cleanString4(effectiveInput.mode);
4187
+ const mode = cleanString5(effectiveInput.mode);
3943
4188
  if (mode) {
3944
4189
  payload.mode = mode;
3945
4190
  }
@@ -3947,11 +4192,11 @@ function buildCompileContextRequest(topicIdOrInput = {}, input = {}) {
3947
4192
  if (includeFailures !== void 0) {
3948
4193
  payload.includeFailures = includeFailures;
3949
4194
  }
3950
- const worktreeId = cleanString4(effectiveInput.worktreeId);
4195
+ const worktreeId = cleanString5(effectiveInput.worktreeId);
3951
4196
  if (worktreeId) {
3952
4197
  payload.worktreeId = worktreeId;
3953
4198
  }
3954
- const sessionId = cleanString4(effectiveInput.sessionId);
4199
+ const sessionId = cleanString5(effectiveInput.sessionId);
3955
4200
  if (sessionId) {
3956
4201
  payload.sessionId = sessionId;
3957
4202
  }
@@ -4837,7 +5082,8 @@ function createMcpClient(config = {}) {
4837
5082
  transportKind: input.transportKind,
4838
5083
  sessionId: input.sessionId,
4839
5084
  agentIdentity: input.agentIdentity,
4840
- workspaceId: input.workspaceId
5085
+ workspaceId: input.workspaceId,
5086
+ worktreeId: input.worktreeId
4841
5087
  };
4842
5088
  return gateway.request({
4843
5089
  path: `${MCP_GATEWAY_BOOTSTRAP_ENDPOINT}${toQueryString(scope)}`,
@@ -5669,7 +5915,7 @@ var ORG_GRAPH_SEARCH_FIELDS = [
5669
5915
  "cursor",
5670
5916
  "provenanceScope"
5671
5917
  ];
5672
- function cleanString5(value, label) {
5918
+ function cleanString6(value, label) {
5673
5919
  const normalized = value?.trim();
5674
5920
  if (!normalized) {
5675
5921
  throw new Error(`${label} is required`);
@@ -5691,9 +5937,9 @@ function searchBody(input) {
5691
5937
  "orgGraphSearch.search"
5692
5938
  );
5693
5939
  return {
5694
- tenantId: cleanString5(input.tenantId, "tenantId"),
5695
- workspaceId: cleanString5(input.workspaceId, "workspaceId"),
5696
- query: cleanString5(input.query, "query"),
5940
+ tenantId: cleanString6(input.tenantId, "tenantId"),
5941
+ workspaceId: cleanString6(input.workspaceId, "workspaceId"),
5942
+ query: cleanString6(input.query, "query"),
5697
5943
  nodeTypes: input.nodeTypes,
5698
5944
  minConfidence: input.minConfidence,
5699
5945
  limit: input.limit,
@@ -5703,8 +5949,8 @@ function searchBody(input) {
5703
5949
  }
5704
5950
  function listQuery2(input) {
5705
5951
  return {
5706
- tenantId: cleanString5(input.tenantId, "tenantId"),
5707
- workspaceId: cleanString5(input.workspaceId, "workspaceId"),
5952
+ tenantId: cleanString6(input.tenantId, "tenantId"),
5953
+ workspaceId: cleanString6(input.workspaceId, "workspaceId"),
5708
5954
  nodeTypes: input.nodeTypes?.join(","),
5709
5955
  minConfidence: input.minConfidence,
5710
5956
  limit: input.limit,
@@ -5738,8 +5984,8 @@ function createOrgGraphSearchClient(config = {}) {
5738
5984
  return gateway.request({
5739
5985
  path: `/api/platform/v1/org-graph-search/nodes/${nodePath}${toQueryString(
5740
5986
  {
5741
- tenantId: cleanString5(input.tenantId, "tenantId"),
5742
- workspaceId: cleanString5(input.workspaceId, "workspaceId"),
5987
+ tenantId: cleanString6(input.tenantId, "tenantId"),
5988
+ workspaceId: cleanString6(input.workspaceId, "workspaceId"),
5743
5989
  globalId: nodeId ? void 0 : globalId
5744
5990
  }
5745
5991
  )}`
@@ -6704,7 +6950,7 @@ function createToolRegistryClient(config = {}) {
6704
6950
  }
6705
6951
 
6706
6952
  // src/version.ts
6707
- var LUCERN_SDK_VERSION = "0.3.0-alpha.10";
6953
+ var LUCERN_SDK_VERSION = "0.3.0-alpha.11";
6708
6954
 
6709
6955
  // src/workflowClient.ts
6710
6956
  function normalizeLensQuery(value) {
@@ -7161,6 +7407,7 @@ function createLucernClient(config = {}) {
7161
7407
  const auditClient = createAuditClient(gatewayConfig);
7162
7408
  const authDeviceClient = createAuthDeviceClient(gatewayConfig);
7163
7409
  const adminClient = createAdminClient(gatewayConfig);
7410
+ const accessControlClient = createAccessControlClient(gatewayConfig);
7164
7411
  const answersClient = createAnswersClient(gatewayConfig);
7165
7412
  const contradictionsFacade = createContradictionsFacade(gatewayConfig);
7166
7413
  const edgesFacade = createEdgesFacade(gatewayConfig);
@@ -8845,6 +9092,7 @@ function createLucernClient(config = {}) {
8845
9092
  nodes: nodesNamespace,
8846
9093
  identity: {
8847
9094
  ...identityFacade,
9095
+ access: accessControlClient,
8848
9096
  evaluatePolicy: identityClient.evaluatePolicy,
8849
9097
  recordPolicyDecision: identityClient.recordPolicyDecision,
8850
9098
  putSecretReference: identityClient.putSecretReference,