@lucern/sdk 0.3.0-alpha.10 → 0.3.0-alpha.11

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (104) hide show
  1. package/README.md +1 -1
  2. package/dist/accessControl.d.ts +78 -0
  3. package/dist/accessControl.js +1118 -0
  4. package/dist/accessControl.js.map +1 -0
  5. package/dist/adminClient.js.map +1 -1
  6. package/dist/answersClient.js.map +1 -1
  7. package/dist/audiencesClient.js.map +1 -1
  8. package/dist/auditClient.js.map +1 -1
  9. package/dist/authContext.d.ts +1 -1
  10. package/dist/authContext.js.map +1 -1
  11. package/dist/beliefs/index.d.ts +1 -0
  12. package/dist/beliefs/index.js +799 -551
  13. package/dist/beliefs/index.js.map +1 -1
  14. package/dist/beliefsClient.js.map +1 -1
  15. package/dist/client.d.ts +27 -8
  16. package/dist/client.js +799 -551
  17. package/dist/client.js.map +1 -1
  18. package/dist/contextClient.js.map +1 -1
  19. package/dist/contracts/api-enums.contract.d.ts +1 -1
  20. package/dist/contracts/api-enums.contract.js +6 -1
  21. package/dist/contracts/api-enums.contract.js.map +1 -1
  22. package/dist/contracts/index.js +12 -1
  23. package/dist/contracts/index.js.map +1 -1
  24. package/dist/contracts/mcpTools.js +6 -0
  25. package/dist/contracts/mcpTools.js.map +1 -1
  26. package/dist/contradictions/index.d.ts +1 -0
  27. package/dist/contradictions/index.js +799 -551
  28. package/dist/contradictions/index.js.map +1 -1
  29. package/dist/coreClient.js.map +1 -1
  30. package/dist/decisions/index.d.ts +1 -0
  31. package/dist/decisions/index.js +799 -551
  32. package/dist/decisions/index.js.map +1 -1
  33. package/dist/decisionsClient.js.map +1 -1
  34. package/dist/edges/index.d.ts +1 -0
  35. package/dist/edges/index.js +799 -551
  36. package/dist/edges/index.js.map +1 -1
  37. package/dist/embeddingsClient.js.map +1 -1
  38. package/dist/eventingClient.js.map +1 -1
  39. package/dist/eventsCore.js.map +1 -1
  40. package/dist/evidence/index.d.ts +1 -0
  41. package/dist/evidence/index.js +799 -551
  42. package/dist/evidence/index.js.map +1 -1
  43. package/dist/evidenceClient.js.map +1 -1
  44. package/dist/functionSurface.js.map +1 -1
  45. package/dist/functionSurfaceClient.js.map +1 -1
  46. package/dist/gatewayFacades.d.ts +1 -0
  47. package/dist/gatewayFacades.js.map +1 -1
  48. package/dist/graphAnalysisClient.js.map +1 -1
  49. package/dist/graphClient.d.ts +1 -0
  50. package/dist/graphClient.js.map +1 -1
  51. package/dist/graphIntel.d.ts +1 -0
  52. package/dist/graphRecommendationsClient.js.map +1 -1
  53. package/dist/graphStateClassifierClient.js.map +1 -1
  54. package/dist/harnessClient.js.map +1 -1
  55. package/dist/identityClient.d.ts +1 -1
  56. package/dist/identityClient.js.map +1 -1
  57. package/dist/index.d.ts +2 -0
  58. package/dist/index.js +790 -490
  59. package/dist/index.js.map +1 -1
  60. package/dist/infisicalRuntime.d.ts +1 -0
  61. package/dist/infisicalRuntime.js +64 -32
  62. package/dist/infisicalRuntime.js.map +1 -1
  63. package/dist/jobsClient.js.map +1 -1
  64. package/dist/learningClient.js.map +1 -1
  65. package/dist/lenses/index.d.ts +1 -0
  66. package/dist/lenses/index.js +799 -551
  67. package/dist/lenses/index.js.map +1 -1
  68. package/dist/mcpClient.js +2 -1
  69. package/dist/mcpClient.js.map +1 -1
  70. package/dist/modelRuntimeClient.js.map +1 -1
  71. package/dist/nodes/index.d.ts +1 -0
  72. package/dist/nodes/index.js +799 -551
  73. package/dist/nodes/index.js.map +1 -1
  74. package/dist/ontologies/index.d.ts +1 -0
  75. package/dist/ontologies/index.js +799 -551
  76. package/dist/ontologies/index.js.map +1 -1
  77. package/dist/ontologyClient.js.map +1 -1
  78. package/dist/ontologyLinksClient.js.map +1 -1
  79. package/dist/orgGraphSearchClient.js.map +1 -1
  80. package/dist/packsClient.js.map +1 -1
  81. package/dist/policyClient.js.map +1 -1
  82. package/dist/questions/index.d.ts +1 -0
  83. package/dist/questions/index.js +799 -551
  84. package/dist/questions/index.js.map +1 -1
  85. package/dist/reportsClient.js.map +1 -1
  86. package/dist/schemaClient.js.map +1 -1
  87. package/dist/secrets.d.ts +1 -0
  88. package/dist/secrets.js +3 -0
  89. package/dist/secrets.js.map +1 -0
  90. package/dist/sourcesClient.js.map +1 -1
  91. package/dist/telemetryClient.js.map +1 -1
  92. package/dist/toolRegistryClient.js.map +1 -1
  93. package/dist/topics/index.d.ts +1 -0
  94. package/dist/topics/index.js +799 -551
  95. package/dist/topics/index.js.map +1 -1
  96. package/dist/topicsClient.js.map +1 -1
  97. package/dist/version.d.ts +1 -1
  98. package/dist/version.js +1 -1
  99. package/dist/version.js.map +1 -1
  100. package/dist/workflowClient.js.map +1 -1
  101. package/dist/worktrees/index.d.ts +1 -0
  102. package/dist/worktrees/index.js +799 -551
  103. package/dist/worktrees/index.js.map +1 -1
  104. package/package.json +5 -4
@@ -1052,6 +1052,574 @@ function createAdminClient(config = {}) {
1052
1052
  };
1053
1053
  }
1054
1054
 
1055
+ // src/boundaryClientSurface.ts
1056
+ function cleanOptionalString(value) {
1057
+ const normalized = value?.trim();
1058
+ return normalized ? normalized : void 0;
1059
+ }
1060
+ function isRecord3(value) {
1061
+ return Boolean(value) && typeof value === "object" && !Array.isArray(value);
1062
+ }
1063
+ function cleanRequiredString(value, label) {
1064
+ const normalized = cleanOptionalString(value);
1065
+ if (!normalized) {
1066
+ throw new Error(`${label} is required`);
1067
+ }
1068
+ return normalized;
1069
+ }
1070
+ function readTopicId(input) {
1071
+ return cleanOptionalString(input.topicId) ?? cleanOptionalString(input.projectId);
1072
+ }
1073
+ function requireTopicId(input) {
1074
+ const topicId = readTopicId(input);
1075
+ if (!topicId) {
1076
+ throw new Error("topicId is required");
1077
+ }
1078
+ return topicId;
1079
+ }
1080
+ function assertKnownKeys(input, allowed, operation) {
1081
+ const allowedSet = new Set(allowed);
1082
+ const unknownKeys = Object.keys(input).filter((key) => !allowedSet.has(key));
1083
+ if (unknownKeys.length > 0) {
1084
+ throw new Error(
1085
+ `${operation} received unsupported field(s): ${unknownKeys.join(", ")}`
1086
+ );
1087
+ }
1088
+ }
1089
+ function knownPayload(input, allowed, operation) {
1090
+ assertKnownKeys(input, allowed, operation);
1091
+ return { ...input };
1092
+ }
1093
+ function topicPayload(input, allowed, operation) {
1094
+ assertKnownKeys(input, allowed, operation);
1095
+ return {
1096
+ ...input,
1097
+ topicId: requireTopicId(input),
1098
+ projectId: void 0
1099
+ };
1100
+ }
1101
+ function listResultFromEnvelope(data, legacyKey) {
1102
+ const record = isRecord3(data) ? data : {};
1103
+ const legacyItems = record[legacyKey];
1104
+ return createListResult(
1105
+ Array.isArray(legacyItems) ? legacyItems : Array.isArray(data) ? data : [],
1106
+ legacyKey
1107
+ );
1108
+ }
1109
+
1110
+ // src/identityClient.ts
1111
+ function createIdentityWhoamiClient(config = {}) {
1112
+ const gateway = createGatewayRequestClient(config);
1113
+ return {
1114
+ async whoami() {
1115
+ return gateway.request({
1116
+ path: "/api/platform/v1/identity/whoami"
1117
+ });
1118
+ }
1119
+ };
1120
+ }
1121
+ var TENANT_IDENTITY_FIELDS = [
1122
+ "tenantId",
1123
+ "workspaceId",
1124
+ "principalId",
1125
+ "integrationKey",
1126
+ "secretRef",
1127
+ "policySubject",
1128
+ "policyAction",
1129
+ "policyResource",
1130
+ "decision",
1131
+ "config",
1132
+ "configKey",
1133
+ "configValue",
1134
+ "provider",
1135
+ "status",
1136
+ "metadata",
1137
+ "limit",
1138
+ "cursor"
1139
+ ];
1140
+ function tenantIdentityQuery(input) {
1141
+ return {
1142
+ tenantId: cleanRequiredString(input.tenantId, "tenantId"),
1143
+ workspaceId: input.workspaceId,
1144
+ principalId: input.principalId,
1145
+ limit: input.limit,
1146
+ cursor: input.cursor
1147
+ };
1148
+ }
1149
+ function tenantIdentityBody(input, operation) {
1150
+ return knownPayload(input, TENANT_IDENTITY_FIELDS, operation);
1151
+ }
1152
+ function createIdentityClient(config = {}) {
1153
+ const gateway = createGatewayRequestClient(config);
1154
+ const whoamiClient = createIdentityWhoamiClient(config);
1155
+ const requestPrincipalWrite = (method, input, idempotencyKey) => gateway.request({
1156
+ path: "/api/platform/v1/identity/principals",
1157
+ method,
1158
+ body: input,
1159
+ idempotencyKey: idempotencyKey ?? randomIdempotencyKey()
1160
+ });
1161
+ const updatePrincipal = (input, idempotencyKey) => requestPrincipalWrite("PATCH", input, idempotencyKey);
1162
+ const deleteKey = (keyId, input = {}, idempotencyKey) => gateway.request({
1163
+ path: `/api/platform/v1/identity/keys/${encodeURIComponent(keyId)}/revoke`,
1164
+ method: "POST",
1165
+ body: input,
1166
+ idempotencyKey: idempotencyKey ?? randomIdempotencyKey()
1167
+ });
1168
+ return {
1169
+ /**
1170
+ * Resolve the current authenticated identity summary.
1171
+ */
1172
+ async whoami() {
1173
+ return whoamiClient.whoami().then(
1174
+ (response) => mapGatewayData(response, (data) => ({
1175
+ principalId: data.principalId,
1176
+ principalType: data.principalType,
1177
+ tenantId: data.tenantId ?? null,
1178
+ workspaceId: data.workspaceId ?? null,
1179
+ scopes: Array.isArray(data.scopes) ? data.scopes : [],
1180
+ roles: Array.isArray(data.roles) ? data.roles : [],
1181
+ isPlatformAdmin: data.isPlatformAdmin === true,
1182
+ isTenantAdmin: data.isTenantAdmin === true,
1183
+ isWorkspaceAdmin: data.isWorkspaceAdmin === true,
1184
+ authMode: data.authMode,
1185
+ sessionId: data.sessionId,
1186
+ delegatedBy: data.delegatedBy,
1187
+ expiresAt: data.expiresAt
1188
+ }))
1189
+ );
1190
+ },
1191
+ /**
1192
+ * List principals in the current identity scope.
1193
+ */
1194
+ async listPrincipals(query5 = {}) {
1195
+ return gateway.request({
1196
+ path: `/api/platform/v1/identity/principals${toQueryString(query5)}`
1197
+ }).then(
1198
+ (response) => mapGatewayData(
1199
+ response,
1200
+ (data) => createListResult(
1201
+ Array.isArray(data) ? data : [],
1202
+ "principals"
1203
+ )
1204
+ )
1205
+ );
1206
+ },
1207
+ /**
1208
+ * Create a principal.
1209
+ */
1210
+ async createPrincipal(input, idempotencyKey) {
1211
+ return requestPrincipalWrite("POST", input, idempotencyKey);
1212
+ },
1213
+ /**
1214
+ * Update a principal.
1215
+ */
1216
+ updatePrincipal,
1217
+ /**
1218
+ * @deprecated Use createPrincipal or updatePrincipal.
1219
+ */
1220
+ upsertPrincipal: updatePrincipal,
1221
+ /**
1222
+ * List keys in the current identity scope.
1223
+ */
1224
+ async listKeys(query5 = {}) {
1225
+ return gateway.request({
1226
+ path: `/api/platform/v1/identity/keys${toQueryString(query5)}`
1227
+ }).then(
1228
+ (response) => mapGatewayData(
1229
+ response,
1230
+ (data) => createListResult(Array.isArray(data) ? data : [], "keys")
1231
+ )
1232
+ );
1233
+ },
1234
+ /**
1235
+ * Create an API key.
1236
+ */
1237
+ async createKey(input, idempotencyKey) {
1238
+ return gateway.request({
1239
+ path: "/api/platform/v1/identity/keys",
1240
+ method: "POST",
1241
+ body: input,
1242
+ idempotencyKey: idempotencyKey ?? randomIdempotencyKey()
1243
+ });
1244
+ },
1245
+ /**
1246
+ * Rotate an API key.
1247
+ */
1248
+ async rotateKey(keyId, input = {}, idempotencyKey) {
1249
+ return gateway.request({
1250
+ path: `/api/platform/v1/identity/keys/${encodeURIComponent(keyId)}/rotate`,
1251
+ method: "POST",
1252
+ body: input,
1253
+ idempotencyKey: idempotencyKey ?? randomIdempotencyKey()
1254
+ });
1255
+ },
1256
+ /**
1257
+ * Delete an API key by revoking it.
1258
+ */
1259
+ deleteKey,
1260
+ /**
1261
+ * @deprecated Use deleteKey.
1262
+ */
1263
+ revokeKey: deleteKey,
1264
+ /**
1265
+ * Search Clerk users by email or display attributes.
1266
+ */
1267
+ async searchClerkUsers(q) {
1268
+ return gateway.request({
1269
+ path: `/api/platform/v1/identity/clerk-users${toQueryString({ q })}`
1270
+ });
1271
+ },
1272
+ async getTenantConfig(input) {
1273
+ return gateway.request({
1274
+ path: `/api/platform/v1/identity/tenant-config${toQueryString(
1275
+ tenantIdentityQuery(input)
1276
+ )}`
1277
+ });
1278
+ },
1279
+ async updateTenantConfig(input, idempotencyKey) {
1280
+ cleanRequiredString(input.tenantId, "tenantId");
1281
+ return gateway.request({
1282
+ path: "/api/platform/v1/identity/tenant-config",
1283
+ method: "PATCH",
1284
+ body: tenantIdentityBody(
1285
+ input,
1286
+ "identity.updateTenantConfig"
1287
+ ),
1288
+ idempotencyKey: idempotencyKey ?? randomIdempotencyKey()
1289
+ });
1290
+ },
1291
+ async listIntegrations(input) {
1292
+ return gateway.request({
1293
+ path: `/api/platform/v1/identity/integrations${toQueryString(
1294
+ tenantIdentityQuery(input)
1295
+ )}`
1296
+ }).then(
1297
+ (response) => mapGatewayData(
1298
+ response,
1299
+ (data) => listResultFromEnvelope(
1300
+ data,
1301
+ "integrations"
1302
+ )
1303
+ )
1304
+ );
1305
+ },
1306
+ async upsertIntegration(input, idempotencyKey) {
1307
+ cleanRequiredString(input.tenantId, "tenantId");
1308
+ cleanRequiredString(input.integrationKey, "integrationKey");
1309
+ return gateway.request({
1310
+ path: "/api/platform/v1/identity/integrations",
1311
+ method: "PUT",
1312
+ body: tenantIdentityBody(
1313
+ input,
1314
+ "identity.upsertIntegration"
1315
+ ),
1316
+ idempotencyKey: idempotencyKey ?? randomIdempotencyKey()
1317
+ });
1318
+ },
1319
+ async listSecrets(input) {
1320
+ return gateway.request({
1321
+ path: `/api/platform/v1/identity/secrets${toQueryString(
1322
+ tenantIdentityQuery(input)
1323
+ )}`
1324
+ }).then(
1325
+ (response) => mapGatewayData(
1326
+ response,
1327
+ (data) => listResultFromEnvelope(
1328
+ data,
1329
+ "secrets"
1330
+ )
1331
+ )
1332
+ );
1333
+ },
1334
+ async putSecretReference(input, idempotencyKey) {
1335
+ cleanRequiredString(input.tenantId, "tenantId");
1336
+ cleanRequiredString(input.secretRef, "secretRef");
1337
+ return gateway.request({
1338
+ path: "/api/platform/v1/identity/secrets",
1339
+ method: "PUT",
1340
+ body: tenantIdentityBody(
1341
+ input,
1342
+ "identity.putSecretReference"
1343
+ ),
1344
+ idempotencyKey: idempotencyKey ?? randomIdempotencyKey()
1345
+ });
1346
+ },
1347
+ async evaluatePolicy(input, idempotencyKey) {
1348
+ cleanRequiredString(input.tenantId, "tenantId");
1349
+ cleanRequiredString(input.policySubject, "policySubject");
1350
+ cleanRequiredString(input.policyAction, "policyAction");
1351
+ cleanRequiredString(input.policyResource, "policyResource");
1352
+ return gateway.request({
1353
+ path: "/api/platform/v1/identity/policy/evaluate",
1354
+ method: "POST",
1355
+ body: tenantIdentityBody(
1356
+ input,
1357
+ "identity.evaluatePolicy"
1358
+ ),
1359
+ idempotencyKey: idempotencyKey ?? randomIdempotencyKey()
1360
+ });
1361
+ },
1362
+ async recordPolicyDecision(input, idempotencyKey) {
1363
+ cleanRequiredString(input.tenantId, "tenantId");
1364
+ cleanRequiredString(input.decision, "decision");
1365
+ return gateway.request({
1366
+ path: "/api/platform/v1/identity/policy/decisions",
1367
+ method: "POST",
1368
+ body: tenantIdentityBody(
1369
+ input,
1370
+ "identity.recordPolicyDecision"
1371
+ ),
1372
+ idempotencyKey: idempotencyKey ?? randomIdempotencyKey()
1373
+ });
1374
+ }
1375
+ };
1376
+ }
1377
+
1378
+ // src/accessControl.ts
1379
+ var LucernAccessControlError = class extends LucernSdkAuthContextError {
1380
+ policyDecision;
1381
+ constructor(reason, message, policyDecision) {
1382
+ super(reason, message);
1383
+ this.name = "LucernAccessControlError";
1384
+ this.policyDecision = policyDecision;
1385
+ }
1386
+ };
1387
+ function cleanString3(value) {
1388
+ const normalized = value?.trim();
1389
+ return normalized ? normalized : void 0;
1390
+ }
1391
+ function cleanStringList2(values) {
1392
+ if (!values) {
1393
+ return [];
1394
+ }
1395
+ return [
1396
+ ...new Set(
1397
+ values.map((value) => value.trim()).filter((value) => value.length > 0)
1398
+ )
1399
+ ];
1400
+ }
1401
+ function requireString2(value, reason, label) {
1402
+ const normalized = cleanString3(value);
1403
+ if (!normalized) {
1404
+ throw new LucernAccessControlError(
1405
+ reason,
1406
+ `Lucern SDK access control requires ${label}.`
1407
+ );
1408
+ }
1409
+ return normalized;
1410
+ }
1411
+ function normalizePrincipalType(principalType) {
1412
+ if (principalType === "agent") {
1413
+ return "agent";
1414
+ }
1415
+ if (principalType === "service") {
1416
+ return "service";
1417
+ }
1418
+ return "human";
1419
+ }
1420
+ function aliasKey(alias) {
1421
+ return `${alias.provider}:${alias.providerProjectId ?? ""}:${alias.externalSubjectId}`;
1422
+ }
1423
+ function normalizeAliases(input, canonicalClerkUserId) {
1424
+ const aliases = /* @__PURE__ */ new Map();
1425
+ for (const alias of input ?? []) {
1426
+ const externalSubjectId = cleanString3(alias.externalSubjectId);
1427
+ if (!externalSubjectId) {
1428
+ continue;
1429
+ }
1430
+ const normalized = {
1431
+ provider: cleanString3(alias.provider) ?? "clerk",
1432
+ providerProjectId: cleanString3(alias.providerProjectId),
1433
+ externalSubjectId,
1434
+ status: cleanString3(alias.status)
1435
+ };
1436
+ aliases.set(aliasKey(normalized), normalized);
1437
+ }
1438
+ if (canonicalClerkUserId) {
1439
+ const canonicalAlias = {
1440
+ provider: "clerk",
1441
+ externalSubjectId: canonicalClerkUserId,
1442
+ status: "active"
1443
+ };
1444
+ aliases.set(aliasKey(canonicalAlias), canonicalAlias);
1445
+ }
1446
+ return [...aliases.values()];
1447
+ }
1448
+ function isKnownClerkSubject(args) {
1449
+ if (args.clerkId === args.canonicalClerkUserId) {
1450
+ return true;
1451
+ }
1452
+ return args.aliases.some(
1453
+ (alias) => alias.provider === "clerk" && alias.externalSubjectId === args.clerkId
1454
+ );
1455
+ }
1456
+ function authContextToPrincipalInput(input) {
1457
+ const normalized = normalizeCanonicalLucernAuthContext(input);
1458
+ return {
1459
+ principalId: normalized.principalId,
1460
+ principalType: normalized.principalType,
1461
+ canonicalClerkUserId: normalized.clerkId,
1462
+ clerkId: normalized.clerkId,
1463
+ tenantId: normalized.tenantId,
1464
+ workspaceId: normalized.workspaceId,
1465
+ roles: normalized.roles,
1466
+ scopes: normalized.scopes
1467
+ };
1468
+ }
1469
+ function isAuthContextInput(input) {
1470
+ return "authMode" in input || "permit" in input || "delegationChain" in input;
1471
+ }
1472
+ function normalizeCanonicalPrincipalIdentity(input, options = {}) {
1473
+ const principalInput = isAuthContextInput(input) ? authContextToPrincipalInput(input) : input;
1474
+ const principalId = requireString2(
1475
+ principalInput.principalId,
1476
+ "principal_missing",
1477
+ "principalId"
1478
+ );
1479
+ const principalType = normalizePrincipalType(principalInput.principalType);
1480
+ const observedClerkId = cleanString3(options.observedClerkId);
1481
+ const canonicalClerkUserId = cleanString3(principalInput.canonicalClerkUserId) ?? cleanString3(principalInput.clerkId);
1482
+ if (principalType === "human" && !canonicalClerkUserId) {
1483
+ throw new LucernAccessControlError(
1484
+ "clerk_alias_missing",
1485
+ "Human principals require one canonical Clerk user id."
1486
+ );
1487
+ }
1488
+ const aliases = normalizeAliases(
1489
+ principalInput.clerkIdentityAliases,
1490
+ canonicalClerkUserId
1491
+ );
1492
+ if (observedClerkId && !isKnownClerkSubject({
1493
+ clerkId: observedClerkId,
1494
+ canonicalClerkUserId,
1495
+ aliases
1496
+ })) {
1497
+ throw new LucernAccessControlError(
1498
+ "clerk_alias_unrecognized",
1499
+ "Observed Clerk user id is not attached to the canonical Lucern principal."
1500
+ );
1501
+ }
1502
+ return {
1503
+ principalId,
1504
+ principalType,
1505
+ canonicalClerkUserId,
1506
+ clerkIdentityAliases: aliases,
1507
+ tenantId: cleanString3(principalInput.tenantId),
1508
+ workspaceId: cleanString3(principalInput.workspaceId),
1509
+ roles: cleanStringList2(principalInput.roles),
1510
+ scopes: cleanStringList2(principalInput.scopes)
1511
+ };
1512
+ }
1513
+ function formatPermitResource(resource) {
1514
+ if (typeof resource === "string") {
1515
+ return requireString2(resource, "policy_denied", "policyResource");
1516
+ }
1517
+ const type = requireString2(resource.type, "policy_denied", "resource.type");
1518
+ const key = requireString2(resource.key, "policy_denied", "resource.key");
1519
+ return key.startsWith(`${type}:`) ? key : `${type}:${key}`;
1520
+ }
1521
+ function resourceRequiresWorkspace(resource) {
1522
+ if (typeof resource === "string") {
1523
+ return !resource.startsWith("tenant:");
1524
+ }
1525
+ return resource.type !== "tenant";
1526
+ }
1527
+ function buildPolicyInput(identity, input) {
1528
+ const tenantId = requireString2(
1529
+ input.tenantId ?? identity.tenantId,
1530
+ "tenant_missing",
1531
+ "tenantId"
1532
+ );
1533
+ const workspaceId = cleanString3(input.workspaceId ?? identity.workspaceId);
1534
+ if (resourceRequiresWorkspace(input.resource) && !workspaceId) {
1535
+ throw new LucernAccessControlError(
1536
+ "workspace_missing",
1537
+ "Workspace-scoped Permit checks require workspaceId."
1538
+ );
1539
+ }
1540
+ return {
1541
+ tenantId,
1542
+ workspaceId,
1543
+ principalId: identity.principalId,
1544
+ policySubject: identity.principalId,
1545
+ policyAction: requireString2(input.action, "policy_denied", "policyAction"),
1546
+ policyResource: formatPermitResource(input.resource),
1547
+ metadata: input.context
1548
+ };
1549
+ }
1550
+ async function resolveConfiguredPrincipalInput(authContext) {
1551
+ if (typeof authContext === "function") {
1552
+ return await authContext();
1553
+ }
1554
+ return authContext;
1555
+ }
1556
+ function assertPermitAllowed(decision) {
1557
+ if (decision.decision !== "allow") {
1558
+ throw new LucernAccessControlError(
1559
+ decision.decision === "deny" ? "policy_denied" : "policy_unknown",
1560
+ `Permit denied ${decision.policyAction} on ${decision.policyResource}.`,
1561
+ decision
1562
+ );
1563
+ }
1564
+ }
1565
+ function createAccessControlClient(config = {}) {
1566
+ const identityClient = createIdentityClient(config);
1567
+ async function resolveIdentity(input, observedClerkId) {
1568
+ const identityInput = input ?? await resolveConfiguredPrincipalInput(config.authContext);
1569
+ if (!identityInput) {
1570
+ throw new LucernAccessControlError(
1571
+ "principal_missing",
1572
+ "Lucern SDK access control requires a canonical principal identity."
1573
+ );
1574
+ }
1575
+ return normalizeCanonicalPrincipalIdentity(identityInput, {
1576
+ observedClerkId
1577
+ });
1578
+ }
1579
+ async function checkAccess(input, idempotencyKey) {
1580
+ const identity = await resolveIdentity(input.identity, input.observedClerkId);
1581
+ const policyInput = buildPolicyInput(identity, input);
1582
+ try {
1583
+ const response = await identityClient.evaluatePolicy(
1584
+ policyInput,
1585
+ idempotencyKey
1586
+ );
1587
+ return {
1588
+ identity,
1589
+ policyInput,
1590
+ decision: response.data
1591
+ };
1592
+ } catch (error) {
1593
+ if (error instanceof LucernSdkAuthContextError) {
1594
+ throw error;
1595
+ }
1596
+ throw new LucernAccessControlError(
1597
+ "policy_unavailable",
1598
+ "Permit policy check failed closed before an allow decision was returned."
1599
+ );
1600
+ }
1601
+ }
1602
+ async function requireAccess(input, idempotencyKey) {
1603
+ const result = await checkAccess(input, idempotencyKey);
1604
+ assertPermitAllowed(result.decision);
1605
+ return result;
1606
+ }
1607
+ async function canAccess(input, idempotencyKey) {
1608
+ try {
1609
+ await requireAccess(input, idempotencyKey);
1610
+ return true;
1611
+ } catch {
1612
+ return false;
1613
+ }
1614
+ }
1615
+ return {
1616
+ normalizePrincipal: normalizeCanonicalPrincipalIdentity,
1617
+ checkAccess,
1618
+ requireAccess,
1619
+ canAccess
1620
+ };
1621
+ }
1622
+
1055
1623
  // src/answersClient.ts
1056
1624
  function createAnswersClient(config = {}) {
1057
1625
  const gateway = createGatewayRequestClient(config);
@@ -1219,7 +1787,7 @@ function authBaseUrl(config) {
1219
1787
  async function readJson(response) {
1220
1788
  try {
1221
1789
  const payload = await response.json();
1222
- return isRecord3(payload) ? payload : {};
1790
+ return isRecord4(payload) ? payload : {};
1223
1791
  } catch (error) {
1224
1792
  return unreadableJsonBodyFallback();
1225
1793
  }
@@ -1227,7 +1795,7 @@ async function readJson(response) {
1227
1795
  function unreadableJsonBodyFallback(_error) {
1228
1796
  return {};
1229
1797
  }
1230
- function isRecord3(value) {
1798
+ function isRecord4(value) {
1231
1799
  return value !== null && typeof value === "object" && !Array.isArray(value);
1232
1800
  }
1233
1801
  function readString(value) {
@@ -1270,7 +1838,7 @@ function assertDeviceTokenResponse(payload) {
1270
1838
  tenant_id: tenantId,
1271
1839
  workspace_id: readString(payload.workspace_id),
1272
1840
  principal_id: principalId,
1273
- user: isRecord3(payload.user) && typeof payload.user.id === "string" && typeof payload.user.principalId === "string" ? {
1841
+ user: isRecord4(payload.user) && typeof payload.user.id === "string" && typeof payload.user.principalId === "string" ? {
1274
1842
  id: payload.user.id,
1275
1843
  principalId: payload.user.principalId
1276
1844
  } : void 0
@@ -1616,61 +2184,6 @@ function createEvidenceClient(config = {}) {
1616
2184
  };
1617
2185
  }
1618
2186
 
1619
- // src/boundaryClientSurface.ts
1620
- function cleanOptionalString(value) {
1621
- const normalized = value?.trim();
1622
- return normalized ? normalized : void 0;
1623
- }
1624
- function isRecord4(value) {
1625
- return Boolean(value) && typeof value === "object" && !Array.isArray(value);
1626
- }
1627
- function cleanRequiredString(value, label) {
1628
- const normalized = cleanOptionalString(value);
1629
- if (!normalized) {
1630
- throw new Error(`${label} is required`);
1631
- }
1632
- return normalized;
1633
- }
1634
- function readTopicId(input) {
1635
- return cleanOptionalString(input.topicId) ?? cleanOptionalString(input.projectId);
1636
- }
1637
- function requireTopicId(input) {
1638
- const topicId = readTopicId(input);
1639
- if (!topicId) {
1640
- throw new Error("topicId is required");
1641
- }
1642
- return topicId;
1643
- }
1644
- function assertKnownKeys(input, allowed, operation) {
1645
- const allowedSet = new Set(allowed);
1646
- const unknownKeys = Object.keys(input).filter((key) => !allowedSet.has(key));
1647
- if (unknownKeys.length > 0) {
1648
- throw new Error(
1649
- `${operation} received unsupported field(s): ${unknownKeys.join(", ")}`
1650
- );
1651
- }
1652
- }
1653
- function knownPayload(input, allowed, operation) {
1654
- assertKnownKeys(input, allowed, operation);
1655
- return { ...input };
1656
- }
1657
- function topicPayload(input, allowed, operation) {
1658
- assertKnownKeys(input, allowed, operation);
1659
- return {
1660
- ...input,
1661
- topicId: requireTopicId(input),
1662
- projectId: void 0
1663
- };
1664
- }
1665
- function listResultFromEnvelope(data, legacyKey) {
1666
- const record = isRecord4(data) ? data : {};
1667
- const legacyItems = record[legacyKey];
1668
- return createListResult(
1669
- Array.isArray(legacyItems) ? legacyItems : Array.isArray(data) ? data : [],
1670
- legacyKey
1671
- );
1672
- }
1673
-
1674
2187
  // src/eventingClient.ts
1675
2188
  var EVENTING_FIELDS = [
1676
2189
  "tenantId",
@@ -2069,628 +2582,360 @@ function createOntologyClient(config = {}) {
2069
2582
  });
2070
2583
  },
2071
2584
  /**
2072
- * Bind an ontology definition to a topic.
2073
- */
2074
- async bind(input, idempotencyKey) {
2075
- return gateway.request({
2076
- path: `/api/platform/v1/ontologies/${encodeURIComponent(input.ontologyId)}/bind`,
2077
- method: "POST",
2078
- body: {
2079
- topicId: input.topicId
2080
- },
2081
- idempotencyKey: idempotencyKey ?? randomIdempotencyKey()
2082
- });
2083
- },
2084
- /**
2085
- * Create an ontology definition.
2086
- */
2087
- async createDefinition(input, idempotencyKey) {
2088
- return gateway.request({
2089
- path: "/api/platform/v1/ontologies",
2090
- method: "POST",
2091
- body: input,
2092
- idempotencyKey: idempotencyKey ?? randomIdempotencyKey()
2093
- });
2094
- },
2095
- /**
2096
- * Update an ontology definition.
2097
- */
2098
- async updateDefinition(id, input, idempotencyKey) {
2099
- return gateway.request({
2100
- path: `/api/platform/v1/ontologies/${encodeURIComponent(id)}`,
2101
- method: "PATCH",
2102
- body: input,
2103
- idempotencyKey: idempotencyKey ?? randomIdempotencyKey()
2104
- });
2105
- },
2106
- /**
2107
- * Archive an ontology definition.
2108
- */
2109
- async archiveDefinition(id, idempotencyKey) {
2110
- return gateway.request({
2111
- path: `/api/platform/v1/ontologies/${encodeURIComponent(id)}`,
2112
- method: "DELETE",
2113
- idempotencyKey: idempotencyKey ?? randomIdempotencyKey()
2114
- });
2115
- },
2116
- /**
2117
- * List versions for an ontology definition.
2118
- */
2119
- async listVersions(ontologyId, filters = {}) {
2120
- return gateway.request({
2121
- path: `/api/platform/v1/ontologies/${encodeURIComponent(ontologyId)}/versions${toQueryString(filters)}`
2122
- }).then(
2123
- (response) => mapGatewayData(
2124
- response,
2125
- (data) => createListResult(asListItems(data, "versions"), "versions")
2126
- )
2127
- );
2128
- },
2129
- /**
2130
- * Create an ontology version.
2131
- */
2132
- async createVersion(ontologyId, input, idempotencyKey) {
2133
- return gateway.request({
2134
- path: `/api/platform/v1/ontologies/${encodeURIComponent(ontologyId)}/versions`,
2135
- method: "POST",
2136
- body: input,
2137
- idempotencyKey: idempotencyKey ?? randomIdempotencyKey()
2138
- });
2139
- },
2140
- /**
2141
- * Publish an ontology version.
2142
- */
2143
- async publishVersion(ontologyId, versionId, idempotencyKey) {
2144
- return gateway.request({
2145
- path: `/api/platform/v1/ontologies/${encodeURIComponent(ontologyId)}/versions/${encodeURIComponent(versionId)}/publish`,
2146
- method: "POST",
2147
- idempotencyKey: idempotencyKey ?? randomIdempotencyKey()
2148
- });
2149
- },
2150
- /**
2151
- * Deprecate an ontology version.
2152
- */
2153
- async deprecateVersion(ontologyId, versionId, idempotencyKey) {
2154
- return gateway.request({
2155
- path: `/api/platform/v1/ontologies/${encodeURIComponent(ontologyId)}/versions/${encodeURIComponent(versionId)}/deprecate`,
2156
- method: "POST",
2157
- idempotencyKey: idempotencyKey ?? randomIdempotencyKey()
2158
- });
2159
- },
2160
- /**
2161
- * List topics directly bound to a specific ontology definition.
2162
- * Uses the topics gateway with ontologyId filter.
2163
- */
2164
- async listTopics(ontologyId) {
2165
- return gateway.request({
2166
- path: `/api/platform/v1/topics?ontologyId=${encodeURIComponent(ontologyId)}`
2167
- }).then(
2168
- (response) => mapGatewayData(
2169
- response,
2170
- (data) => createListResult(Array.isArray(data) ? data : [], "topics")
2171
- )
2172
- );
2173
- }
2174
- };
2175
- return Object.assign(client, {
2176
- listDefinitions: client.list,
2177
- getDefinition: client.get,
2178
- listTopicsByOntology: client.listTopics
2179
- });
2180
- }
2181
-
2182
- // src/graphClient.ts
2183
- function createGraphClient(config = {}) {
2184
- const gateway = createGatewayRequestClient(config);
2185
- const client = {
2186
- /**
2187
- * List graph nodes matching the provided filters.
2188
- */
2189
- async listNodes(query5) {
2190
- return gateway.request({
2191
- path: `/api/platform/v1/graph/nodes${toQueryString(
2192
- normalizeTopicQuery(query5)
2193
- )}`
2194
- }).then(
2195
- (response) => mapGatewayData(response, (data) => mapAliasedList(data, "nodes"))
2196
- );
2197
- },
2198
- /**
2199
- * Retrieve a single graph node by nodeId or globalId.
2200
- */
2201
- async getNode(query5) {
2202
- return gateway.request({
2203
- path: `/api/platform/v1/graph/nodes${toQueryString(query5)}`
2204
- }).then(
2205
- (response) => mapGatewayData(
2206
- response,
2207
- (data) => withSdkAliases(data)
2208
- )
2209
- );
2210
- },
2211
- /**
2212
- * Create a graph node.
2213
- */
2214
- async createNode(input, idempotencyKey) {
2215
- return gateway.request({
2216
- path: "/api/platform/v1/graph/nodes",
2217
- method: "POST",
2218
- body: normalizeNodeWriteInput(input),
2219
- idempotencyKey: idempotencyKey ?? randomIdempotencyKey()
2220
- }).then(
2221
- (response) => mapGatewayData(
2222
- response,
2223
- (data) => withSdkAliases(data)
2224
- )
2225
- );
2226
- },
2227
- /**
2228
- * Update a graph node.
2229
- */
2230
- async updateNode(input, idempotencyKey) {
2231
- return gateway.request({
2232
- path: "/api/platform/v1/graph/nodes",
2233
- method: "PUT",
2234
- body: normalizeNodeWriteInput(input),
2235
- idempotencyKey: idempotencyKey ?? randomIdempotencyKey()
2236
- }).then(
2237
- (response) => mapGatewayData(
2238
- response,
2239
- (data) => withSdkAliases(data)
2240
- )
2241
- );
2242
- },
2243
- /**
2244
- * Batch create graph nodes through the admin route surface.
2585
+ * Bind an ontology definition to a topic.
2245
2586
  */
2246
- async batchCreateNodes(input, idempotencyKey) {
2587
+ async bind(input, idempotencyKey) {
2247
2588
  return gateway.request({
2248
- path: "/api/platform/v1/graph/nodes/batch",
2589
+ path: `/api/platform/v1/ontologies/${encodeURIComponent(input.ontologyId)}/bind`,
2249
2590
  method: "POST",
2250
2591
  body: {
2251
- nodes: input.nodes.map((node) => normalizeNodeWriteInput(node))
2592
+ topicId: input.topicId
2252
2593
  },
2253
2594
  idempotencyKey: idempotencyKey ?? randomIdempotencyKey()
2254
2595
  });
2255
2596
  },
2256
2597
  /**
2257
- * Supersede an existing graph node with a new canonical version.
2598
+ * Create an ontology definition.
2258
2599
  */
2259
- async supersedeNode(input, idempotencyKey) {
2600
+ async createDefinition(input, idempotencyKey) {
2260
2601
  return gateway.request({
2261
- path: "/api/platform/v1/graph/nodes/supersede",
2602
+ path: "/api/platform/v1/ontologies",
2262
2603
  method: "POST",
2263
2604
  body: input,
2264
2605
  idempotencyKey: idempotencyKey ?? randomIdempotencyKey()
2265
2606
  });
2266
2607
  },
2267
2608
  /**
2268
- * Update a node's verification status.
2609
+ * Update an ontology definition.
2269
2610
  */
2270
- async verifyNode(input, idempotencyKey) {
2271
- const verificationStatus = normalizeNodeVerificationStatus(input.verificationStatus) ?? input.verificationStatus;
2611
+ async updateDefinition(id, input, idempotencyKey) {
2272
2612
  return gateway.request({
2273
- path: "/api/platform/v1/graph/nodes/verify",
2274
- method: "POST",
2275
- body: {
2276
- ...input,
2277
- verificationStatus
2278
- },
2613
+ path: `/api/platform/v1/ontologies/${encodeURIComponent(id)}`,
2614
+ method: "PATCH",
2615
+ body: input,
2279
2616
  idempotencyKey: idempotencyKey ?? randomIdempotencyKey()
2280
2617
  });
2281
2618
  },
2282
2619
  /**
2283
- * Permanently delete a node via the admin-only hard-delete route.
2620
+ * Archive an ontology definition.
2284
2621
  */
2285
- async hardDeleteNode(input, idempotencyKey) {
2622
+ async archiveDefinition(id, idempotencyKey) {
2286
2623
  return gateway.request({
2287
- path: "/api/platform/v1/graph/nodes/hard-delete",
2288
- method: "POST",
2289
- body: input,
2624
+ path: `/api/platform/v1/ontologies/${encodeURIComponent(id)}`,
2625
+ method: "DELETE",
2290
2626
  idempotencyKey: idempotencyKey ?? randomIdempotencyKey()
2291
2627
  });
2292
2628
  },
2293
2629
  /**
2294
- * List graph edges matching the provided filters.
2630
+ * List versions for an ontology definition.
2295
2631
  */
2296
- async listEdges(query5) {
2632
+ async listVersions(ontologyId, filters = {}) {
2297
2633
  return gateway.request({
2298
- path: `/api/platform/v1/graph/edges${toQueryString(
2299
- normalizeTopicQuery(query5)
2300
- )}`
2634
+ path: `/api/platform/v1/ontologies/${encodeURIComponent(ontologyId)}/versions${toQueryString(filters)}`
2301
2635
  }).then(
2302
2636
  (response) => mapGatewayData(
2303
2637
  response,
2304
- (data) => mapAliasedList(data, "edges")
2638
+ (data) => createListResult(asListItems(data, "versions"), "versions")
2305
2639
  )
2306
2640
  );
2307
2641
  },
2308
2642
  /**
2309
- * Create a graph edge.
2643
+ * Create an ontology version.
2310
2644
  */
2311
- async createEdge(input, idempotencyKey) {
2645
+ async createVersion(ontologyId, input, idempotencyKey) {
2312
2646
  return gateway.request({
2313
- path: "/api/platform/v1/graph/edges",
2647
+ path: `/api/platform/v1/ontologies/${encodeURIComponent(ontologyId)}/versions`,
2314
2648
  method: "POST",
2315
- body: normalizeTopicQuery(input),
2316
- idempotencyKey: idempotencyKey ?? randomIdempotencyKey()
2317
- });
2318
- },
2319
- /**
2320
- * Delete one or more edges matching the provided filter.
2321
- */
2322
- async deleteEdge(query5, idempotencyKey) {
2323
- return gateway.request({
2324
- path: `/api/platform/v1/graph/edges${toQueryString(query5)}`,
2325
- method: "DELETE",
2649
+ body: input,
2326
2650
  idempotencyKey: idempotencyKey ?? randomIdempotencyKey()
2327
2651
  });
2328
2652
  },
2329
2653
  /**
2330
- * Retrieve a graph neighborhood around a root node.
2331
- */
2332
- async neighborhood(query5) {
2333
- return gateway.request({
2334
- path: `/api/platform/v1/graph/neighborhood${toQueryString(query5)}`
2335
- });
2336
- },
2337
- /**
2338
- * Traverse the graph from a starting node.
2654
+ * Publish an ontology version.
2339
2655
  */
2340
- async traverse(query5) {
2656
+ async publishVersion(ontologyId, versionId, idempotencyKey) {
2341
2657
  return gateway.request({
2342
- path: "/api/platform/v1/graph/traverse",
2658
+ path: `/api/platform/v1/ontologies/${encodeURIComponent(ontologyId)}/versions/${encodeURIComponent(versionId)}/publish`,
2343
2659
  method: "POST",
2344
- body: normalizeTopicQuery(query5)
2345
- });
2346
- },
2347
- /**
2348
- * Analyze graph structure for a topic.
2349
- */
2350
- async analyze(query5 = {}) {
2351
- const normalized = normalizeTopicQuery(query5);
2352
- return gateway.request({
2353
- path: `/api/platform/v1/graph/analyze${toQueryString({
2354
- topicId: typeof normalized.topicId === "string" ? normalized.topicId : void 0,
2355
- metric: typeof normalized.metric === "string" ? normalized.metric : void 0,
2356
- limit: typeof normalized.limit === "number" ? normalized.limit : void 0
2357
- })}`
2358
- });
2359
- },
2360
- /**
2361
- * Detect confirmation-bias patterns for a topic graph.
2362
- */
2363
- async bias(query5 = {}) {
2364
- const normalized = normalizeTopicQuery(query5);
2365
- return gateway.request({
2366
- path: `/api/platform/v1/graph/bias${toQueryString({
2367
- topicId: typeof normalized.topicId === "string" ? normalized.topicId : void 0,
2368
- threshold: typeof normalized.threshold === "number" ? normalized.threshold : void 0,
2369
- limit: typeof normalized.limit === "number" ? normalized.limit : void 0
2370
- })}`
2371
- });
2372
- },
2373
- /**
2374
- * Find graph gaps for beliefs that still need testing.
2375
- */
2376
- async gaps(query5) {
2377
- const normalized = normalizeTopicQuery(query5);
2378
- return gateway.request({
2379
- path: `/api/platform/v1/graph/gaps${toQueryString({
2380
- topicId: typeof normalized.topicId === "string" ? normalized.topicId : void 0,
2381
- minConfidence: typeof normalized.minConfidence === "number" ? normalized.minConfidence : void 0
2382
- })}`
2660
+ idempotencyKey: idempotencyKey ?? randomIdempotencyKey()
2383
2661
  });
2384
2662
  },
2385
2663
  /**
2386
- * Search across graph resources within a topic.
2664
+ * Deprecate an ontology version.
2387
2665
  */
2388
- async search(query5) {
2666
+ async deprecateVersion(ontologyId, versionId, idempotencyKey) {
2389
2667
  return gateway.request({
2390
- path: "/api/platform/v1/search",
2668
+ path: `/api/platform/v1/ontologies/${encodeURIComponent(ontologyId)}/versions/${encodeURIComponent(versionId)}/deprecate`,
2391
2669
  method: "POST",
2392
- body: normalizeTopicQuery(query5)
2393
- });
2394
- },
2395
- /**
2396
- * Retrieve the shortest known path between two graph nodes.
2397
- */
2398
- async getPath(query5) {
2399
- return gateway.request({
2400
- path: `/api/platform/v1/graph/path${toQueryString(query5)}`
2670
+ idempotencyKey: idempotencyKey ?? randomIdempotencyKey()
2401
2671
  });
2402
2672
  },
2403
2673
  /**
2404
- * Retrieve graph analytics for the requested metric.
2674
+ * List topics directly bound to a specific ontology definition.
2675
+ * Uses the topics gateway with ontologyId filter.
2405
2676
  */
2406
- async getAnalytics(query5 = {}) {
2677
+ async listTopics(ontologyId) {
2407
2678
  return gateway.request({
2408
- path: `/api/platform/v1/graph/analytics${toQueryString(query5)}`
2409
- });
2679
+ path: `/api/platform/v1/topics?ontologyId=${encodeURIComponent(ontologyId)}`
2680
+ }).then(
2681
+ (response) => mapGatewayData(
2682
+ response,
2683
+ (data) => createListResult(Array.isArray(data) ? data : [], "topics")
2684
+ )
2685
+ );
2410
2686
  }
2411
2687
  };
2412
2688
  return Object.assign(client, {
2413
- queryNodes: client.listNodes,
2414
- queryEdges: client.listEdges,
2415
- getNeighborhood: client.neighborhood
2689
+ listDefinitions: client.list,
2690
+ getDefinition: client.get,
2691
+ listTopicsByOntology: client.listTopics
2416
2692
  });
2417
2693
  }
2418
2694
 
2419
- // src/identityClient.ts
2420
- function createIdentityWhoamiClient(config = {}) {
2695
+ // src/graphClient.ts
2696
+ function createGraphClient(config = {}) {
2421
2697
  const gateway = createGatewayRequestClient(config);
2422
- return {
2423
- async whoami() {
2698
+ const client = {
2699
+ /**
2700
+ * List graph nodes matching the provided filters.
2701
+ */
2702
+ async listNodes(query5) {
2424
2703
  return gateway.request({
2425
- path: "/api/platform/v1/identity/whoami"
2426
- });
2427
- }
2428
- };
2429
- }
2430
- var TENANT_IDENTITY_FIELDS = [
2431
- "tenantId",
2432
- "workspaceId",
2433
- "principalId",
2434
- "integrationKey",
2435
- "secretRef",
2436
- "policySubject",
2437
- "policyAction",
2438
- "policyResource",
2439
- "decision",
2440
- "config",
2441
- "configKey",
2442
- "configValue",
2443
- "provider",
2444
- "status",
2445
- "metadata",
2446
- "limit",
2447
- "cursor"
2448
- ];
2449
- function tenantIdentityQuery(input) {
2450
- return {
2451
- tenantId: cleanRequiredString(input.tenantId, "tenantId"),
2452
- workspaceId: input.workspaceId,
2453
- principalId: input.principalId,
2454
- limit: input.limit,
2455
- cursor: input.cursor
2456
- };
2457
- }
2458
- function tenantIdentityBody(input, operation) {
2459
- return knownPayload(input, TENANT_IDENTITY_FIELDS, operation);
2460
- }
2461
- function createIdentityClient(config = {}) {
2462
- const gateway = createGatewayRequestClient(config);
2463
- const whoamiClient = createIdentityWhoamiClient(config);
2464
- const requestPrincipalWrite = (method, input, idempotencyKey) => gateway.request({
2465
- path: "/api/platform/v1/identity/principals",
2466
- method,
2467
- body: input,
2468
- idempotencyKey: idempotencyKey ?? randomIdempotencyKey()
2469
- });
2470
- const updatePrincipal = (input, idempotencyKey) => requestPrincipalWrite("PATCH", input, idempotencyKey);
2471
- const deleteKey = (keyId, input = {}, idempotencyKey) => gateway.request({
2472
- path: `/api/platform/v1/identity/keys/${encodeURIComponent(keyId)}/revoke`,
2473
- method: "POST",
2474
- body: input,
2475
- idempotencyKey: idempotencyKey ?? randomIdempotencyKey()
2476
- });
2477
- return {
2704
+ path: `/api/platform/v1/graph/nodes${toQueryString(
2705
+ normalizeTopicQuery(query5)
2706
+ )}`
2707
+ }).then(
2708
+ (response) => mapGatewayData(response, (data) => mapAliasedList(data, "nodes"))
2709
+ );
2710
+ },
2478
2711
  /**
2479
- * Resolve the current authenticated identity summary.
2712
+ * Retrieve a single graph node by nodeId or globalId.
2480
2713
  */
2481
- async whoami() {
2482
- return whoamiClient.whoami().then(
2483
- (response) => mapGatewayData(response, (data) => ({
2484
- principalId: data.principalId,
2485
- principalType: data.principalType,
2486
- tenantId: data.tenantId ?? null,
2487
- workspaceId: data.workspaceId ?? null,
2488
- scopes: Array.isArray(data.scopes) ? data.scopes : [],
2489
- roles: Array.isArray(data.roles) ? data.roles : [],
2490
- isPlatformAdmin: data.isPlatformAdmin === true,
2491
- isTenantAdmin: data.isTenantAdmin === true,
2492
- isWorkspaceAdmin: data.isWorkspaceAdmin === true,
2493
- authMode: data.authMode,
2494
- sessionId: data.sessionId,
2495
- delegatedBy: data.delegatedBy,
2496
- expiresAt: data.expiresAt
2497
- }))
2714
+ async getNode(query5) {
2715
+ return gateway.request({
2716
+ path: `/api/platform/v1/graph/nodes${toQueryString(query5)}`
2717
+ }).then(
2718
+ (response) => mapGatewayData(
2719
+ response,
2720
+ (data) => withSdkAliases(data)
2721
+ )
2498
2722
  );
2499
2723
  },
2500
2724
  /**
2501
- * List principals in the current identity scope.
2725
+ * Create a graph node.
2502
2726
  */
2503
- async listPrincipals(query5 = {}) {
2727
+ async createNode(input, idempotencyKey) {
2504
2728
  return gateway.request({
2505
- path: `/api/platform/v1/identity/principals${toQueryString(query5)}`
2729
+ path: "/api/platform/v1/graph/nodes",
2730
+ method: "POST",
2731
+ body: normalizeNodeWriteInput(input),
2732
+ idempotencyKey: idempotencyKey ?? randomIdempotencyKey()
2506
2733
  }).then(
2507
2734
  (response) => mapGatewayData(
2508
2735
  response,
2509
- (data) => createListResult(
2510
- Array.isArray(data) ? data : [],
2511
- "principals"
2512
- )
2736
+ (data) => withSdkAliases(data)
2513
2737
  )
2514
2738
  );
2515
2739
  },
2516
2740
  /**
2517
- * Create a principal.
2518
- */
2519
- async createPrincipal(input, idempotencyKey) {
2520
- return requestPrincipalWrite("POST", input, idempotencyKey);
2521
- },
2522
- /**
2523
- * Update a principal.
2524
- */
2525
- updatePrincipal,
2526
- /**
2527
- * @deprecated Use createPrincipal or updatePrincipal.
2528
- */
2529
- upsertPrincipal: updatePrincipal,
2530
- /**
2531
- * List keys in the current identity scope.
2741
+ * Update a graph node.
2532
2742
  */
2533
- async listKeys(query5 = {}) {
2743
+ async updateNode(input, idempotencyKey) {
2534
2744
  return gateway.request({
2535
- path: `/api/platform/v1/identity/keys${toQueryString(query5)}`
2745
+ path: "/api/platform/v1/graph/nodes",
2746
+ method: "PUT",
2747
+ body: normalizeNodeWriteInput(input),
2748
+ idempotencyKey: idempotencyKey ?? randomIdempotencyKey()
2536
2749
  }).then(
2537
2750
  (response) => mapGatewayData(
2538
2751
  response,
2539
- (data) => createListResult(Array.isArray(data) ? data : [], "keys")
2752
+ (data) => withSdkAliases(data)
2540
2753
  )
2541
2754
  );
2542
2755
  },
2543
2756
  /**
2544
- * Create an API key.
2757
+ * Batch create graph nodes through the admin route surface.
2545
2758
  */
2546
- async createKey(input, idempotencyKey) {
2759
+ async batchCreateNodes(input, idempotencyKey) {
2547
2760
  return gateway.request({
2548
- path: "/api/platform/v1/identity/keys",
2761
+ path: "/api/platform/v1/graph/nodes/batch",
2549
2762
  method: "POST",
2550
- body: input,
2763
+ body: {
2764
+ nodes: input.nodes.map((node) => normalizeNodeWriteInput(node))
2765
+ },
2551
2766
  idempotencyKey: idempotencyKey ?? randomIdempotencyKey()
2552
2767
  });
2553
2768
  },
2554
2769
  /**
2555
- * Rotate an API key.
2770
+ * Supersede an existing graph node with a new canonical version.
2556
2771
  */
2557
- async rotateKey(keyId, input = {}, idempotencyKey) {
2772
+ async supersedeNode(input, idempotencyKey) {
2558
2773
  return gateway.request({
2559
- path: `/api/platform/v1/identity/keys/${encodeURIComponent(keyId)}/rotate`,
2774
+ path: "/api/platform/v1/graph/nodes/supersede",
2560
2775
  method: "POST",
2561
2776
  body: input,
2562
2777
  idempotencyKey: idempotencyKey ?? randomIdempotencyKey()
2563
2778
  });
2564
2779
  },
2565
2780
  /**
2566
- * Delete an API key by revoking it.
2567
- */
2568
- deleteKey,
2569
- /**
2570
- * @deprecated Use deleteKey.
2571
- */
2572
- revokeKey: deleteKey,
2573
- /**
2574
- * Search Clerk users by email or display attributes.
2781
+ * Update a node's verification status.
2575
2782
  */
2576
- async searchClerkUsers(q) {
2577
- return gateway.request({
2578
- path: `/api/platform/v1/identity/clerk-users${toQueryString({ q })}`
2579
- });
2580
- },
2581
- async getTenantConfig(input) {
2783
+ async verifyNode(input, idempotencyKey) {
2784
+ const verificationStatus = normalizeNodeVerificationStatus(input.verificationStatus) ?? input.verificationStatus;
2582
2785
  return gateway.request({
2583
- path: `/api/platform/v1/identity/tenant-config${toQueryString(
2584
- tenantIdentityQuery(input)
2585
- )}`
2786
+ path: "/api/platform/v1/graph/nodes/verify",
2787
+ method: "POST",
2788
+ body: {
2789
+ ...input,
2790
+ verificationStatus
2791
+ },
2792
+ idempotencyKey: idempotencyKey ?? randomIdempotencyKey()
2586
2793
  });
2587
2794
  },
2588
- async updateTenantConfig(input, idempotencyKey) {
2589
- cleanRequiredString(input.tenantId, "tenantId");
2795
+ /**
2796
+ * Permanently delete a node via the admin-only hard-delete route.
2797
+ */
2798
+ async hardDeleteNode(input, idempotencyKey) {
2590
2799
  return gateway.request({
2591
- path: "/api/platform/v1/identity/tenant-config",
2592
- method: "PATCH",
2593
- body: tenantIdentityBody(
2594
- input,
2595
- "identity.updateTenantConfig"
2596
- ),
2800
+ path: "/api/platform/v1/graph/nodes/hard-delete",
2801
+ method: "POST",
2802
+ body: input,
2597
2803
  idempotencyKey: idempotencyKey ?? randomIdempotencyKey()
2598
2804
  });
2599
2805
  },
2600
- async listIntegrations(input) {
2806
+ /**
2807
+ * List graph edges matching the provided filters.
2808
+ */
2809
+ async listEdges(query5) {
2601
2810
  return gateway.request({
2602
- path: `/api/platform/v1/identity/integrations${toQueryString(
2603
- tenantIdentityQuery(input)
2811
+ path: `/api/platform/v1/graph/edges${toQueryString(
2812
+ normalizeTopicQuery(query5)
2604
2813
  )}`
2605
2814
  }).then(
2606
2815
  (response) => mapGatewayData(
2607
2816
  response,
2608
- (data) => listResultFromEnvelope(
2609
- data,
2610
- "integrations"
2611
- )
2817
+ (data) => mapAliasedList(data, "edges")
2612
2818
  )
2613
2819
  );
2614
2820
  },
2615
- async upsertIntegration(input, idempotencyKey) {
2616
- cleanRequiredString(input.tenantId, "tenantId");
2617
- cleanRequiredString(input.integrationKey, "integrationKey");
2821
+ /**
2822
+ * Create a graph edge.
2823
+ */
2824
+ async createEdge(input, idempotencyKey) {
2618
2825
  return gateway.request({
2619
- path: "/api/platform/v1/identity/integrations",
2620
- method: "PUT",
2621
- body: tenantIdentityBody(
2622
- input,
2623
- "identity.upsertIntegration"
2624
- ),
2826
+ path: "/api/platform/v1/graph/edges",
2827
+ method: "POST",
2828
+ body: normalizeTopicQuery(input),
2625
2829
  idempotencyKey: idempotencyKey ?? randomIdempotencyKey()
2626
2830
  });
2627
2831
  },
2628
- async listSecrets(input) {
2832
+ /**
2833
+ * Delete one or more edges matching the provided filter.
2834
+ */
2835
+ async deleteEdge(query5, idempotencyKey) {
2629
2836
  return gateway.request({
2630
- path: `/api/platform/v1/identity/secrets${toQueryString(
2631
- tenantIdentityQuery(input)
2632
- )}`
2633
- }).then(
2634
- (response) => mapGatewayData(
2635
- response,
2636
- (data) => listResultFromEnvelope(
2637
- data,
2638
- "secrets"
2639
- )
2640
- )
2641
- );
2837
+ path: `/api/platform/v1/graph/edges${toQueryString(query5)}`,
2838
+ method: "DELETE",
2839
+ idempotencyKey: idempotencyKey ?? randomIdempotencyKey()
2840
+ });
2642
2841
  },
2643
- async putSecretReference(input, idempotencyKey) {
2644
- cleanRequiredString(input.tenantId, "tenantId");
2645
- cleanRequiredString(input.secretRef, "secretRef");
2842
+ /**
2843
+ * Retrieve a graph neighborhood around a root node.
2844
+ */
2845
+ async neighborhood(query5) {
2646
2846
  return gateway.request({
2647
- path: "/api/platform/v1/identity/secrets",
2648
- method: "PUT",
2649
- body: tenantIdentityBody(
2650
- input,
2651
- "identity.putSecretReference"
2652
- ),
2653
- idempotencyKey: idempotencyKey ?? randomIdempotencyKey()
2847
+ path: `/api/platform/v1/graph/neighborhood${toQueryString(query5)}`
2654
2848
  });
2655
2849
  },
2656
- async evaluatePolicy(input, idempotencyKey) {
2657
- cleanRequiredString(input.tenantId, "tenantId");
2658
- cleanRequiredString(input.policySubject, "policySubject");
2659
- cleanRequiredString(input.policyAction, "policyAction");
2660
- cleanRequiredString(input.policyResource, "policyResource");
2850
+ /**
2851
+ * Traverse the graph from a starting node.
2852
+ */
2853
+ async traverse(query5) {
2661
2854
  return gateway.request({
2662
- path: "/api/platform/v1/identity/policy/evaluate",
2855
+ path: "/api/platform/v1/graph/traverse",
2663
2856
  method: "POST",
2664
- body: tenantIdentityBody(
2665
- input,
2666
- "identity.evaluatePolicy"
2667
- ),
2668
- idempotencyKey: idempotencyKey ?? randomIdempotencyKey()
2857
+ body: normalizeTopicQuery(query5)
2669
2858
  });
2670
2859
  },
2671
- async recordPolicyDecision(input, idempotencyKey) {
2672
- cleanRequiredString(input.tenantId, "tenantId");
2673
- cleanRequiredString(input.decision, "decision");
2860
+ /**
2861
+ * Analyze graph structure for a topic.
2862
+ */
2863
+ async analyze(query5 = {}) {
2864
+ const normalized = normalizeTopicQuery(query5);
2674
2865
  return gateway.request({
2675
- path: "/api/platform/v1/identity/policy/decisions",
2866
+ path: `/api/platform/v1/graph/analyze${toQueryString({
2867
+ topicId: typeof normalized.topicId === "string" ? normalized.topicId : void 0,
2868
+ metric: typeof normalized.metric === "string" ? normalized.metric : void 0,
2869
+ limit: typeof normalized.limit === "number" ? normalized.limit : void 0
2870
+ })}`
2871
+ });
2872
+ },
2873
+ /**
2874
+ * Detect confirmation-bias patterns for a topic graph.
2875
+ */
2876
+ async bias(query5 = {}) {
2877
+ const normalized = normalizeTopicQuery(query5);
2878
+ return gateway.request({
2879
+ path: `/api/platform/v1/graph/bias${toQueryString({
2880
+ topicId: typeof normalized.topicId === "string" ? normalized.topicId : void 0,
2881
+ threshold: typeof normalized.threshold === "number" ? normalized.threshold : void 0,
2882
+ limit: typeof normalized.limit === "number" ? normalized.limit : void 0
2883
+ })}`
2884
+ });
2885
+ },
2886
+ /**
2887
+ * Find graph gaps for beliefs that still need testing.
2888
+ */
2889
+ async gaps(query5) {
2890
+ const normalized = normalizeTopicQuery(query5);
2891
+ return gateway.request({
2892
+ path: `/api/platform/v1/graph/gaps${toQueryString({
2893
+ topicId: typeof normalized.topicId === "string" ? normalized.topicId : void 0,
2894
+ minConfidence: typeof normalized.minConfidence === "number" ? normalized.minConfidence : void 0
2895
+ })}`
2896
+ });
2897
+ },
2898
+ /**
2899
+ * Search across graph resources within a topic.
2900
+ */
2901
+ async search(query5) {
2902
+ return gateway.request({
2903
+ path: "/api/platform/v1/search",
2676
2904
  method: "POST",
2677
- body: tenantIdentityBody(
2678
- input,
2679
- "identity.recordPolicyDecision"
2680
- ),
2681
- idempotencyKey: idempotencyKey ?? randomIdempotencyKey()
2905
+ body: normalizeTopicQuery(query5)
2906
+ });
2907
+ },
2908
+ /**
2909
+ * Retrieve the shortest known path between two graph nodes.
2910
+ */
2911
+ async getPath(query5) {
2912
+ return gateway.request({
2913
+ path: `/api/platform/v1/graph/path${toQueryString(query5)}`
2914
+ });
2915
+ },
2916
+ /**
2917
+ * Retrieve graph analytics for the requested metric.
2918
+ */
2919
+ async getAnalytics(query5 = {}) {
2920
+ return gateway.request({
2921
+ path: `/api/platform/v1/graph/analytics${toQueryString(query5)}`
2682
2922
  });
2683
2923
  }
2684
2924
  };
2925
+ return Object.assign(client, {
2926
+ queryNodes: client.listNodes,
2927
+ queryEdges: client.listEdges,
2928
+ getNeighborhood: client.neighborhood
2929
+ });
2685
2930
  }
2686
2931
 
2687
2932
  // src/topicsClient.ts
2688
- function cleanString3(value) {
2933
+ function cleanString4(value) {
2689
2934
  return typeof value === "string" && value.trim().length > 0 ? value.trim() : void 0;
2690
2935
  }
2691
2936
  function normalizeTopicRecord(value) {
2692
2937
  const record = asRecord(value);
2693
- const topicId = cleanString3(record.topicId) ?? cleanString3(record.id) ?? cleanString3(record._id);
2938
+ const topicId = cleanString4(record.topicId) ?? cleanString4(record.id) ?? cleanString4(record._id);
2694
2939
  return withTopicAlias({
2695
2940
  ...record,
2696
2941
  ...topicId ? { topicId } : {}
@@ -3903,7 +4148,7 @@ function createEmbeddingsClient(config = {}) {
3903
4148
  }
3904
4149
 
3905
4150
  // src/contextClient.ts
3906
- function cleanString4(value) {
4151
+ function cleanString5(value) {
3907
4152
  return typeof value === "string" && value.trim().length > 0 ? value.trim() : void 0;
3908
4153
  }
3909
4154
  function cleanNumber(value) {
@@ -3915,11 +4160,11 @@ function cleanBoolean(value) {
3915
4160
  function buildCompileContextRequest(topicIdOrInput = {}, input = {}) {
3916
4161
  const effectiveInput = typeof topicIdOrInput === "string" ? input : topicIdOrInput;
3917
4162
  const payload = {};
3918
- const topicId = typeof topicIdOrInput === "string" ? cleanString4(topicIdOrInput) : cleanString4(effectiveInput.topicId);
4163
+ const topicId = typeof topicIdOrInput === "string" ? cleanString5(topicIdOrInput) : cleanString5(effectiveInput.topicId);
3919
4164
  if (topicId) {
3920
4165
  payload.topicId = topicId;
3921
4166
  }
3922
- const query5 = cleanString4(effectiveInput.query);
4167
+ const query5 = cleanString5(effectiveInput.query);
3923
4168
  if (query5) {
3924
4169
  payload.query = query5;
3925
4170
  }
@@ -3927,7 +4172,7 @@ function buildCompileContextRequest(topicIdOrInput = {}, input = {}) {
3927
4172
  if (budget !== void 0) {
3928
4173
  payload.budget = budget;
3929
4174
  }
3930
- const ranking = cleanString4(effectiveInput.ranking) ?? cleanString4(effectiveInput.rankingProfile);
4175
+ const ranking = cleanString5(effectiveInput.ranking) ?? cleanString5(effectiveInput.rankingProfile);
3931
4176
  if (ranking) {
3932
4177
  payload.ranking = ranking;
3933
4178
  }
@@ -3943,7 +4188,7 @@ function buildCompileContextRequest(topicIdOrInput = {}, input = {}) {
3943
4188
  if (includeEntities !== void 0) {
3944
4189
  payload.includeEntities = includeEntities;
3945
4190
  }
3946
- const mode = cleanString4(effectiveInput.mode);
4191
+ const mode = cleanString5(effectiveInput.mode);
3947
4192
  if (mode) {
3948
4193
  payload.mode = mode;
3949
4194
  }
@@ -3951,11 +4196,11 @@ function buildCompileContextRequest(topicIdOrInput = {}, input = {}) {
3951
4196
  if (includeFailures !== void 0) {
3952
4197
  payload.includeFailures = includeFailures;
3953
4198
  }
3954
- const worktreeId = cleanString4(effectiveInput.worktreeId);
4199
+ const worktreeId = cleanString5(effectiveInput.worktreeId);
3955
4200
  if (worktreeId) {
3956
4201
  payload.worktreeId = worktreeId;
3957
4202
  }
3958
- const sessionId = cleanString4(effectiveInput.sessionId);
4203
+ const sessionId = cleanString5(effectiveInput.sessionId);
3959
4204
  if (sessionId) {
3960
4205
  payload.sessionId = sessionId;
3961
4206
  }
@@ -4841,7 +5086,8 @@ function createMcpClient(config = {}) {
4841
5086
  transportKind: input.transportKind,
4842
5087
  sessionId: input.sessionId,
4843
5088
  agentIdentity: input.agentIdentity,
4844
- workspaceId: input.workspaceId
5089
+ workspaceId: input.workspaceId,
5090
+ worktreeId: input.worktreeId
4845
5091
  };
4846
5092
  return gateway.request({
4847
5093
  path: `${MCP_GATEWAY_BOOTSTRAP_ENDPOINT}${toQueryString(scope)}`,
@@ -5673,7 +5919,7 @@ var ORG_GRAPH_SEARCH_FIELDS = [
5673
5919
  "cursor",
5674
5920
  "provenanceScope"
5675
5921
  ];
5676
- function cleanString5(value, label) {
5922
+ function cleanString6(value, label) {
5677
5923
  const normalized = value?.trim();
5678
5924
  if (!normalized) {
5679
5925
  throw new Error(`${label} is required`);
@@ -5695,9 +5941,9 @@ function searchBody(input) {
5695
5941
  "orgGraphSearch.search"
5696
5942
  );
5697
5943
  return {
5698
- tenantId: cleanString5(input.tenantId, "tenantId"),
5699
- workspaceId: cleanString5(input.workspaceId, "workspaceId"),
5700
- query: cleanString5(input.query, "query"),
5944
+ tenantId: cleanString6(input.tenantId, "tenantId"),
5945
+ workspaceId: cleanString6(input.workspaceId, "workspaceId"),
5946
+ query: cleanString6(input.query, "query"),
5701
5947
  nodeTypes: input.nodeTypes,
5702
5948
  minConfidence: input.minConfidence,
5703
5949
  limit: input.limit,
@@ -5707,8 +5953,8 @@ function searchBody(input) {
5707
5953
  }
5708
5954
  function listQuery2(input) {
5709
5955
  return {
5710
- tenantId: cleanString5(input.tenantId, "tenantId"),
5711
- workspaceId: cleanString5(input.workspaceId, "workspaceId"),
5956
+ tenantId: cleanString6(input.tenantId, "tenantId"),
5957
+ workspaceId: cleanString6(input.workspaceId, "workspaceId"),
5712
5958
  nodeTypes: input.nodeTypes?.join(","),
5713
5959
  minConfidence: input.minConfidence,
5714
5960
  limit: input.limit,
@@ -5742,8 +5988,8 @@ function createOrgGraphSearchClient(config = {}) {
5742
5988
  return gateway.request({
5743
5989
  path: `/api/platform/v1/org-graph-search/nodes/${nodePath}${toQueryString(
5744
5990
  {
5745
- tenantId: cleanString5(input.tenantId, "tenantId"),
5746
- workspaceId: cleanString5(input.workspaceId, "workspaceId"),
5991
+ tenantId: cleanString6(input.tenantId, "tenantId"),
5992
+ workspaceId: cleanString6(input.workspaceId, "workspaceId"),
5747
5993
  globalId: nodeId ? void 0 : globalId
5748
5994
  }
5749
5995
  )}`
@@ -6708,7 +6954,7 @@ function createToolRegistryClient(config = {}) {
6708
6954
  }
6709
6955
 
6710
6956
  // src/version.ts
6711
- var LUCERN_SDK_VERSION = "0.3.0-alpha.10";
6957
+ var LUCERN_SDK_VERSION = "0.3.0-alpha.11";
6712
6958
 
6713
6959
  // src/workflowClient.ts
6714
6960
  function normalizeLensQuery(value) {
@@ -7165,6 +7411,7 @@ function createLucernClient(config = {}) {
7165
7411
  const auditClient = createAuditClient(gatewayConfig);
7166
7412
  const authDeviceClient = createAuthDeviceClient(gatewayConfig);
7167
7413
  const adminClient = createAdminClient(gatewayConfig);
7414
+ const accessControlClient = createAccessControlClient(gatewayConfig);
7168
7415
  const answersClient = createAnswersClient(gatewayConfig);
7169
7416
  const contradictionsFacade = createContradictionsFacade(gatewayConfig);
7170
7417
  const edgesFacade = createEdgesFacade(gatewayConfig);
@@ -8849,6 +9096,7 @@ function createLucernClient(config = {}) {
8849
9096
  nodes: nodesNamespace,
8850
9097
  identity: {
8851
9098
  ...identityFacade,
9099
+ access: accessControlClient,
8852
9100
  evaluatePolicy: identityClient.evaluatePolicy,
8853
9101
  recordPolicyDecision: identityClient.recordPolicyDecision,
8854
9102
  putSecretReference: identityClient.putSecretReference,