@lucern/sdk 0.3.0-alpha.10 → 0.3.0-alpha.12

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (104) hide show
  1. package/README.md +1 -1
  2. package/dist/accessControl.d.ts +78 -0
  3. package/dist/accessControl.js +1118 -0
  4. package/dist/accessControl.js.map +1 -0
  5. package/dist/adminClient.js.map +1 -1
  6. package/dist/answersClient.js.map +1 -1
  7. package/dist/audiencesClient.js.map +1 -1
  8. package/dist/auditClient.js.map +1 -1
  9. package/dist/authContext.d.ts +1 -1
  10. package/dist/authContext.js.map +1 -1
  11. package/dist/beliefs/index.d.ts +1 -0
  12. package/dist/beliefs/index.js +799 -551
  13. package/dist/beliefs/index.js.map +1 -1
  14. package/dist/beliefsClient.js.map +1 -1
  15. package/dist/client.d.ts +27 -8
  16. package/dist/client.js +799 -551
  17. package/dist/client.js.map +1 -1
  18. package/dist/contextClient.js.map +1 -1
  19. package/dist/contracts/api-enums.contract.d.ts +1 -1
  20. package/dist/contracts/api-enums.contract.js +6 -1
  21. package/dist/contracts/api-enums.contract.js.map +1 -1
  22. package/dist/contracts/index.js +12 -1
  23. package/dist/contracts/index.js.map +1 -1
  24. package/dist/contracts/mcpTools.js +6 -0
  25. package/dist/contracts/mcpTools.js.map +1 -1
  26. package/dist/contradictions/index.d.ts +1 -0
  27. package/dist/contradictions/index.js +799 -551
  28. package/dist/contradictions/index.js.map +1 -1
  29. package/dist/coreClient.js.map +1 -1
  30. package/dist/decisions/index.d.ts +1 -0
  31. package/dist/decisions/index.js +799 -551
  32. package/dist/decisions/index.js.map +1 -1
  33. package/dist/decisionsClient.js.map +1 -1
  34. package/dist/edges/index.d.ts +1 -0
  35. package/dist/edges/index.js +799 -551
  36. package/dist/edges/index.js.map +1 -1
  37. package/dist/embeddingsClient.js.map +1 -1
  38. package/dist/eventingClient.js.map +1 -1
  39. package/dist/eventsCore.js.map +1 -1
  40. package/dist/evidence/index.d.ts +1 -0
  41. package/dist/evidence/index.js +799 -551
  42. package/dist/evidence/index.js.map +1 -1
  43. package/dist/evidenceClient.js.map +1 -1
  44. package/dist/functionSurface.js.map +1 -1
  45. package/dist/functionSurfaceClient.js.map +1 -1
  46. package/dist/gatewayFacades.d.ts +1 -0
  47. package/dist/gatewayFacades.js.map +1 -1
  48. package/dist/graphAnalysisClient.js.map +1 -1
  49. package/dist/graphClient.d.ts +1 -0
  50. package/dist/graphClient.js.map +1 -1
  51. package/dist/graphIntel.d.ts +1 -0
  52. package/dist/graphRecommendationsClient.js.map +1 -1
  53. package/dist/graphStateClassifierClient.js.map +1 -1
  54. package/dist/harnessClient.js.map +1 -1
  55. package/dist/identityClient.d.ts +1 -1
  56. package/dist/identityClient.js.map +1 -1
  57. package/dist/index.d.ts +2 -0
  58. package/dist/index.js +790 -490
  59. package/dist/index.js.map +1 -1
  60. package/dist/infisicalRuntime.d.ts +1 -0
  61. package/dist/infisicalRuntime.js +64 -32
  62. package/dist/infisicalRuntime.js.map +1 -1
  63. package/dist/jobsClient.js.map +1 -1
  64. package/dist/learningClient.js.map +1 -1
  65. package/dist/lenses/index.d.ts +1 -0
  66. package/dist/lenses/index.js +799 -551
  67. package/dist/lenses/index.js.map +1 -1
  68. package/dist/mcpClient.js +2 -1
  69. package/dist/mcpClient.js.map +1 -1
  70. package/dist/modelRuntimeClient.js.map +1 -1
  71. package/dist/nodes/index.d.ts +1 -0
  72. package/dist/nodes/index.js +799 -551
  73. package/dist/nodes/index.js.map +1 -1
  74. package/dist/ontologies/index.d.ts +1 -0
  75. package/dist/ontologies/index.js +799 -551
  76. package/dist/ontologies/index.js.map +1 -1
  77. package/dist/ontologyClient.js.map +1 -1
  78. package/dist/ontologyLinksClient.js.map +1 -1
  79. package/dist/orgGraphSearchClient.js.map +1 -1
  80. package/dist/packsClient.js.map +1 -1
  81. package/dist/policyClient.js.map +1 -1
  82. package/dist/questions/index.d.ts +1 -0
  83. package/dist/questions/index.js +799 -551
  84. package/dist/questions/index.js.map +1 -1
  85. package/dist/reportsClient.js.map +1 -1
  86. package/dist/schemaClient.js.map +1 -1
  87. package/dist/secrets.d.ts +1 -0
  88. package/dist/secrets.js +3 -0
  89. package/dist/secrets.js.map +1 -0
  90. package/dist/sourcesClient.js.map +1 -1
  91. package/dist/telemetryClient.js.map +1 -1
  92. package/dist/toolRegistryClient.js.map +1 -1
  93. package/dist/topics/index.d.ts +1 -0
  94. package/dist/topics/index.js +799 -551
  95. package/dist/topics/index.js.map +1 -1
  96. package/dist/topicsClient.js.map +1 -1
  97. package/dist/version.d.ts +1 -1
  98. package/dist/version.js +1 -1
  99. package/dist/version.js.map +1 -1
  100. package/dist/workflowClient.js.map +1 -1
  101. package/dist/worktrees/index.d.ts +1 -0
  102. package/dist/worktrees/index.js +799 -551
  103. package/dist/worktrees/index.js.map +1 -1
  104. package/package.json +5 -4
@@ -1054,6 +1054,574 @@ function createAdminClient(config = {}) {
1054
1054
  };
1055
1055
  }
1056
1056
 
1057
+ // src/boundaryClientSurface.ts
1058
+ function cleanOptionalString(value) {
1059
+ const normalized = value?.trim();
1060
+ return normalized ? normalized : void 0;
1061
+ }
1062
+ function isRecord3(value) {
1063
+ return Boolean(value) && typeof value === "object" && !Array.isArray(value);
1064
+ }
1065
+ function cleanRequiredString(value, label) {
1066
+ const normalized = cleanOptionalString(value);
1067
+ if (!normalized) {
1068
+ throw new Error(`${label} is required`);
1069
+ }
1070
+ return normalized;
1071
+ }
1072
+ function readTopicId(input) {
1073
+ return cleanOptionalString(input.topicId) ?? cleanOptionalString(input.projectId);
1074
+ }
1075
+ function requireTopicId(input) {
1076
+ const topicId = readTopicId(input);
1077
+ if (!topicId) {
1078
+ throw new Error("topicId is required");
1079
+ }
1080
+ return topicId;
1081
+ }
1082
+ function assertKnownKeys(input, allowed, operation) {
1083
+ const allowedSet = new Set(allowed);
1084
+ const unknownKeys = Object.keys(input).filter((key) => !allowedSet.has(key));
1085
+ if (unknownKeys.length > 0) {
1086
+ throw new Error(
1087
+ `${operation} received unsupported field(s): ${unknownKeys.join(", ")}`
1088
+ );
1089
+ }
1090
+ }
1091
+ function knownPayload(input, allowed, operation) {
1092
+ assertKnownKeys(input, allowed, operation);
1093
+ return { ...input };
1094
+ }
1095
+ function topicPayload(input, allowed, operation) {
1096
+ assertKnownKeys(input, allowed, operation);
1097
+ return {
1098
+ ...input,
1099
+ topicId: requireTopicId(input),
1100
+ projectId: void 0
1101
+ };
1102
+ }
1103
+ function listResultFromEnvelope(data, legacyKey) {
1104
+ const record = isRecord3(data) ? data : {};
1105
+ const legacyItems = record[legacyKey];
1106
+ return createListResult(
1107
+ Array.isArray(legacyItems) ? legacyItems : Array.isArray(data) ? data : [],
1108
+ legacyKey
1109
+ );
1110
+ }
1111
+
1112
+ // src/identityClient.ts
1113
+ function createIdentityWhoamiClient(config = {}) {
1114
+ const gateway = createGatewayRequestClient(config);
1115
+ return {
1116
+ async whoami() {
1117
+ return gateway.request({
1118
+ path: "/api/platform/v1/identity/whoami"
1119
+ });
1120
+ }
1121
+ };
1122
+ }
1123
+ var TENANT_IDENTITY_FIELDS = [
1124
+ "tenantId",
1125
+ "workspaceId",
1126
+ "principalId",
1127
+ "integrationKey",
1128
+ "secretRef",
1129
+ "policySubject",
1130
+ "policyAction",
1131
+ "policyResource",
1132
+ "decision",
1133
+ "config",
1134
+ "configKey",
1135
+ "configValue",
1136
+ "provider",
1137
+ "status",
1138
+ "metadata",
1139
+ "limit",
1140
+ "cursor"
1141
+ ];
1142
+ function tenantIdentityQuery(input) {
1143
+ return {
1144
+ tenantId: cleanRequiredString(input.tenantId, "tenantId"),
1145
+ workspaceId: input.workspaceId,
1146
+ principalId: input.principalId,
1147
+ limit: input.limit,
1148
+ cursor: input.cursor
1149
+ };
1150
+ }
1151
+ function tenantIdentityBody(input, operation) {
1152
+ return knownPayload(input, TENANT_IDENTITY_FIELDS, operation);
1153
+ }
1154
+ function createIdentityClient(config = {}) {
1155
+ const gateway = createGatewayRequestClient(config);
1156
+ const whoamiClient = createIdentityWhoamiClient(config);
1157
+ const requestPrincipalWrite = (method, input, idempotencyKey) => gateway.request({
1158
+ path: "/api/platform/v1/identity/principals",
1159
+ method,
1160
+ body: input,
1161
+ idempotencyKey: idempotencyKey ?? randomIdempotencyKey()
1162
+ });
1163
+ const updatePrincipal = (input, idempotencyKey) => requestPrincipalWrite("PATCH", input, idempotencyKey);
1164
+ const deleteKey = (keyId, input = {}, idempotencyKey) => gateway.request({
1165
+ path: `/api/platform/v1/identity/keys/${encodeURIComponent(keyId)}/revoke`,
1166
+ method: "POST",
1167
+ body: input,
1168
+ idempotencyKey: idempotencyKey ?? randomIdempotencyKey()
1169
+ });
1170
+ return {
1171
+ /**
1172
+ * Resolve the current authenticated identity summary.
1173
+ */
1174
+ async whoami() {
1175
+ return whoamiClient.whoami().then(
1176
+ (response) => mapGatewayData(response, (data) => ({
1177
+ principalId: data.principalId,
1178
+ principalType: data.principalType,
1179
+ tenantId: data.tenantId ?? null,
1180
+ workspaceId: data.workspaceId ?? null,
1181
+ scopes: Array.isArray(data.scopes) ? data.scopes : [],
1182
+ roles: Array.isArray(data.roles) ? data.roles : [],
1183
+ isPlatformAdmin: data.isPlatformAdmin === true,
1184
+ isTenantAdmin: data.isTenantAdmin === true,
1185
+ isWorkspaceAdmin: data.isWorkspaceAdmin === true,
1186
+ authMode: data.authMode,
1187
+ sessionId: data.sessionId,
1188
+ delegatedBy: data.delegatedBy,
1189
+ expiresAt: data.expiresAt
1190
+ }))
1191
+ );
1192
+ },
1193
+ /**
1194
+ * List principals in the current identity scope.
1195
+ */
1196
+ async listPrincipals(query5 = {}) {
1197
+ return gateway.request({
1198
+ path: `/api/platform/v1/identity/principals${toQueryString(query5)}`
1199
+ }).then(
1200
+ (response) => mapGatewayData(
1201
+ response,
1202
+ (data) => createListResult(
1203
+ Array.isArray(data) ? data : [],
1204
+ "principals"
1205
+ )
1206
+ )
1207
+ );
1208
+ },
1209
+ /**
1210
+ * Create a principal.
1211
+ */
1212
+ async createPrincipal(input, idempotencyKey) {
1213
+ return requestPrincipalWrite("POST", input, idempotencyKey);
1214
+ },
1215
+ /**
1216
+ * Update a principal.
1217
+ */
1218
+ updatePrincipal,
1219
+ /**
1220
+ * @deprecated Use createPrincipal or updatePrincipal.
1221
+ */
1222
+ upsertPrincipal: updatePrincipal,
1223
+ /**
1224
+ * List keys in the current identity scope.
1225
+ */
1226
+ async listKeys(query5 = {}) {
1227
+ return gateway.request({
1228
+ path: `/api/platform/v1/identity/keys${toQueryString(query5)}`
1229
+ }).then(
1230
+ (response) => mapGatewayData(
1231
+ response,
1232
+ (data) => createListResult(Array.isArray(data) ? data : [], "keys")
1233
+ )
1234
+ );
1235
+ },
1236
+ /**
1237
+ * Create an API key.
1238
+ */
1239
+ async createKey(input, idempotencyKey) {
1240
+ return gateway.request({
1241
+ path: "/api/platform/v1/identity/keys",
1242
+ method: "POST",
1243
+ body: input,
1244
+ idempotencyKey: idempotencyKey ?? randomIdempotencyKey()
1245
+ });
1246
+ },
1247
+ /**
1248
+ * Rotate an API key.
1249
+ */
1250
+ async rotateKey(keyId, input = {}, idempotencyKey) {
1251
+ return gateway.request({
1252
+ path: `/api/platform/v1/identity/keys/${encodeURIComponent(keyId)}/rotate`,
1253
+ method: "POST",
1254
+ body: input,
1255
+ idempotencyKey: idempotencyKey ?? randomIdempotencyKey()
1256
+ });
1257
+ },
1258
+ /**
1259
+ * Delete an API key by revoking it.
1260
+ */
1261
+ deleteKey,
1262
+ /**
1263
+ * @deprecated Use deleteKey.
1264
+ */
1265
+ revokeKey: deleteKey,
1266
+ /**
1267
+ * Search Clerk users by email or display attributes.
1268
+ */
1269
+ async searchClerkUsers(q) {
1270
+ return gateway.request({
1271
+ path: `/api/platform/v1/identity/clerk-users${toQueryString({ q })}`
1272
+ });
1273
+ },
1274
+ async getTenantConfig(input) {
1275
+ return gateway.request({
1276
+ path: `/api/platform/v1/identity/tenant-config${toQueryString(
1277
+ tenantIdentityQuery(input)
1278
+ )}`
1279
+ });
1280
+ },
1281
+ async updateTenantConfig(input, idempotencyKey) {
1282
+ cleanRequiredString(input.tenantId, "tenantId");
1283
+ return gateway.request({
1284
+ path: "/api/platform/v1/identity/tenant-config",
1285
+ method: "PATCH",
1286
+ body: tenantIdentityBody(
1287
+ input,
1288
+ "identity.updateTenantConfig"
1289
+ ),
1290
+ idempotencyKey: idempotencyKey ?? randomIdempotencyKey()
1291
+ });
1292
+ },
1293
+ async listIntegrations(input) {
1294
+ return gateway.request({
1295
+ path: `/api/platform/v1/identity/integrations${toQueryString(
1296
+ tenantIdentityQuery(input)
1297
+ )}`
1298
+ }).then(
1299
+ (response) => mapGatewayData(
1300
+ response,
1301
+ (data) => listResultFromEnvelope(
1302
+ data,
1303
+ "integrations"
1304
+ )
1305
+ )
1306
+ );
1307
+ },
1308
+ async upsertIntegration(input, idempotencyKey) {
1309
+ cleanRequiredString(input.tenantId, "tenantId");
1310
+ cleanRequiredString(input.integrationKey, "integrationKey");
1311
+ return gateway.request({
1312
+ path: "/api/platform/v1/identity/integrations",
1313
+ method: "PUT",
1314
+ body: tenantIdentityBody(
1315
+ input,
1316
+ "identity.upsertIntegration"
1317
+ ),
1318
+ idempotencyKey: idempotencyKey ?? randomIdempotencyKey()
1319
+ });
1320
+ },
1321
+ async listSecrets(input) {
1322
+ return gateway.request({
1323
+ path: `/api/platform/v1/identity/secrets${toQueryString(
1324
+ tenantIdentityQuery(input)
1325
+ )}`
1326
+ }).then(
1327
+ (response) => mapGatewayData(
1328
+ response,
1329
+ (data) => listResultFromEnvelope(
1330
+ data,
1331
+ "secrets"
1332
+ )
1333
+ )
1334
+ );
1335
+ },
1336
+ async putSecretReference(input, idempotencyKey) {
1337
+ cleanRequiredString(input.tenantId, "tenantId");
1338
+ cleanRequiredString(input.secretRef, "secretRef");
1339
+ return gateway.request({
1340
+ path: "/api/platform/v1/identity/secrets",
1341
+ method: "PUT",
1342
+ body: tenantIdentityBody(
1343
+ input,
1344
+ "identity.putSecretReference"
1345
+ ),
1346
+ idempotencyKey: idempotencyKey ?? randomIdempotencyKey()
1347
+ });
1348
+ },
1349
+ async evaluatePolicy(input, idempotencyKey) {
1350
+ cleanRequiredString(input.tenantId, "tenantId");
1351
+ cleanRequiredString(input.policySubject, "policySubject");
1352
+ cleanRequiredString(input.policyAction, "policyAction");
1353
+ cleanRequiredString(input.policyResource, "policyResource");
1354
+ return gateway.request({
1355
+ path: "/api/platform/v1/identity/policy/evaluate",
1356
+ method: "POST",
1357
+ body: tenantIdentityBody(
1358
+ input,
1359
+ "identity.evaluatePolicy"
1360
+ ),
1361
+ idempotencyKey: idempotencyKey ?? randomIdempotencyKey()
1362
+ });
1363
+ },
1364
+ async recordPolicyDecision(input, idempotencyKey) {
1365
+ cleanRequiredString(input.tenantId, "tenantId");
1366
+ cleanRequiredString(input.decision, "decision");
1367
+ return gateway.request({
1368
+ path: "/api/platform/v1/identity/policy/decisions",
1369
+ method: "POST",
1370
+ body: tenantIdentityBody(
1371
+ input,
1372
+ "identity.recordPolicyDecision"
1373
+ ),
1374
+ idempotencyKey: idempotencyKey ?? randomIdempotencyKey()
1375
+ });
1376
+ }
1377
+ };
1378
+ }
1379
+
1380
+ // src/accessControl.ts
1381
+ var LucernAccessControlError = class extends LucernSdkAuthContextError {
1382
+ policyDecision;
1383
+ constructor(reason, message, policyDecision) {
1384
+ super(reason, message);
1385
+ this.name = "LucernAccessControlError";
1386
+ this.policyDecision = policyDecision;
1387
+ }
1388
+ };
1389
+ function cleanString3(value) {
1390
+ const normalized = value?.trim();
1391
+ return normalized ? normalized : void 0;
1392
+ }
1393
+ function cleanStringList2(values) {
1394
+ if (!values) {
1395
+ return [];
1396
+ }
1397
+ return [
1398
+ ...new Set(
1399
+ values.map((value) => value.trim()).filter((value) => value.length > 0)
1400
+ )
1401
+ ];
1402
+ }
1403
+ function requireString2(value, reason, label) {
1404
+ const normalized = cleanString3(value);
1405
+ if (!normalized) {
1406
+ throw new LucernAccessControlError(
1407
+ reason,
1408
+ `Lucern SDK access control requires ${label}.`
1409
+ );
1410
+ }
1411
+ return normalized;
1412
+ }
1413
+ function normalizePrincipalType(principalType) {
1414
+ if (principalType === "agent") {
1415
+ return "agent";
1416
+ }
1417
+ if (principalType === "service") {
1418
+ return "service";
1419
+ }
1420
+ return "human";
1421
+ }
1422
+ function aliasKey(alias) {
1423
+ return `${alias.provider}:${alias.providerProjectId ?? ""}:${alias.externalSubjectId}`;
1424
+ }
1425
+ function normalizeAliases(input, canonicalClerkUserId) {
1426
+ const aliases = /* @__PURE__ */ new Map();
1427
+ for (const alias of input ?? []) {
1428
+ const externalSubjectId = cleanString3(alias.externalSubjectId);
1429
+ if (!externalSubjectId) {
1430
+ continue;
1431
+ }
1432
+ const normalized = {
1433
+ provider: cleanString3(alias.provider) ?? "clerk",
1434
+ providerProjectId: cleanString3(alias.providerProjectId),
1435
+ externalSubjectId,
1436
+ status: cleanString3(alias.status)
1437
+ };
1438
+ aliases.set(aliasKey(normalized), normalized);
1439
+ }
1440
+ if (canonicalClerkUserId) {
1441
+ const canonicalAlias = {
1442
+ provider: "clerk",
1443
+ externalSubjectId: canonicalClerkUserId,
1444
+ status: "active"
1445
+ };
1446
+ aliases.set(aliasKey(canonicalAlias), canonicalAlias);
1447
+ }
1448
+ return [...aliases.values()];
1449
+ }
1450
+ function isKnownClerkSubject(args) {
1451
+ if (args.clerkId === args.canonicalClerkUserId) {
1452
+ return true;
1453
+ }
1454
+ return args.aliases.some(
1455
+ (alias) => alias.provider === "clerk" && alias.externalSubjectId === args.clerkId
1456
+ );
1457
+ }
1458
+ function authContextToPrincipalInput(input) {
1459
+ const normalized = normalizeCanonicalLucernAuthContext(input);
1460
+ return {
1461
+ principalId: normalized.principalId,
1462
+ principalType: normalized.principalType,
1463
+ canonicalClerkUserId: normalized.clerkId,
1464
+ clerkId: normalized.clerkId,
1465
+ tenantId: normalized.tenantId,
1466
+ workspaceId: normalized.workspaceId,
1467
+ roles: normalized.roles,
1468
+ scopes: normalized.scopes
1469
+ };
1470
+ }
1471
+ function isAuthContextInput(input) {
1472
+ return "authMode" in input || "permit" in input || "delegationChain" in input;
1473
+ }
1474
+ function normalizeCanonicalPrincipalIdentity(input, options = {}) {
1475
+ const principalInput = isAuthContextInput(input) ? authContextToPrincipalInput(input) : input;
1476
+ const principalId = requireString2(
1477
+ principalInput.principalId,
1478
+ "principal_missing",
1479
+ "principalId"
1480
+ );
1481
+ const principalType = normalizePrincipalType(principalInput.principalType);
1482
+ const observedClerkId = cleanString3(options.observedClerkId);
1483
+ const canonicalClerkUserId = cleanString3(principalInput.canonicalClerkUserId) ?? cleanString3(principalInput.clerkId);
1484
+ if (principalType === "human" && !canonicalClerkUserId) {
1485
+ throw new LucernAccessControlError(
1486
+ "clerk_alias_missing",
1487
+ "Human principals require one canonical Clerk user id."
1488
+ );
1489
+ }
1490
+ const aliases = normalizeAliases(
1491
+ principalInput.clerkIdentityAliases,
1492
+ canonicalClerkUserId
1493
+ );
1494
+ if (observedClerkId && !isKnownClerkSubject({
1495
+ clerkId: observedClerkId,
1496
+ canonicalClerkUserId,
1497
+ aliases
1498
+ })) {
1499
+ throw new LucernAccessControlError(
1500
+ "clerk_alias_unrecognized",
1501
+ "Observed Clerk user id is not attached to the canonical Lucern principal."
1502
+ );
1503
+ }
1504
+ return {
1505
+ principalId,
1506
+ principalType,
1507
+ canonicalClerkUserId,
1508
+ clerkIdentityAliases: aliases,
1509
+ tenantId: cleanString3(principalInput.tenantId),
1510
+ workspaceId: cleanString3(principalInput.workspaceId),
1511
+ roles: cleanStringList2(principalInput.roles),
1512
+ scopes: cleanStringList2(principalInput.scopes)
1513
+ };
1514
+ }
1515
+ function formatPermitResource(resource) {
1516
+ if (typeof resource === "string") {
1517
+ return requireString2(resource, "policy_denied", "policyResource");
1518
+ }
1519
+ const type = requireString2(resource.type, "policy_denied", "resource.type");
1520
+ const key = requireString2(resource.key, "policy_denied", "resource.key");
1521
+ return key.startsWith(`${type}:`) ? key : `${type}:${key}`;
1522
+ }
1523
+ function resourceRequiresWorkspace(resource) {
1524
+ if (typeof resource === "string") {
1525
+ return !resource.startsWith("tenant:");
1526
+ }
1527
+ return resource.type !== "tenant";
1528
+ }
1529
+ function buildPolicyInput(identity, input) {
1530
+ const tenantId = requireString2(
1531
+ input.tenantId ?? identity.tenantId,
1532
+ "tenant_missing",
1533
+ "tenantId"
1534
+ );
1535
+ const workspaceId = cleanString3(input.workspaceId ?? identity.workspaceId);
1536
+ if (resourceRequiresWorkspace(input.resource) && !workspaceId) {
1537
+ throw new LucernAccessControlError(
1538
+ "workspace_missing",
1539
+ "Workspace-scoped Permit checks require workspaceId."
1540
+ );
1541
+ }
1542
+ return {
1543
+ tenantId,
1544
+ workspaceId,
1545
+ principalId: identity.principalId,
1546
+ policySubject: identity.principalId,
1547
+ policyAction: requireString2(input.action, "policy_denied", "policyAction"),
1548
+ policyResource: formatPermitResource(input.resource),
1549
+ metadata: input.context
1550
+ };
1551
+ }
1552
+ async function resolveConfiguredPrincipalInput(authContext) {
1553
+ if (typeof authContext === "function") {
1554
+ return await authContext();
1555
+ }
1556
+ return authContext;
1557
+ }
1558
+ function assertPermitAllowed(decision) {
1559
+ if (decision.decision !== "allow") {
1560
+ throw new LucernAccessControlError(
1561
+ decision.decision === "deny" ? "policy_denied" : "policy_unknown",
1562
+ `Permit denied ${decision.policyAction} on ${decision.policyResource}.`,
1563
+ decision
1564
+ );
1565
+ }
1566
+ }
1567
+ function createAccessControlClient(config = {}) {
1568
+ const identityClient = createIdentityClient(config);
1569
+ async function resolveIdentity(input, observedClerkId) {
1570
+ const identityInput = input ?? await resolveConfiguredPrincipalInput(config.authContext);
1571
+ if (!identityInput) {
1572
+ throw new LucernAccessControlError(
1573
+ "principal_missing",
1574
+ "Lucern SDK access control requires a canonical principal identity."
1575
+ );
1576
+ }
1577
+ return normalizeCanonicalPrincipalIdentity(identityInput, {
1578
+ observedClerkId
1579
+ });
1580
+ }
1581
+ async function checkAccess(input, idempotencyKey) {
1582
+ const identity = await resolveIdentity(input.identity, input.observedClerkId);
1583
+ const policyInput = buildPolicyInput(identity, input);
1584
+ try {
1585
+ const response = await identityClient.evaluatePolicy(
1586
+ policyInput,
1587
+ idempotencyKey
1588
+ );
1589
+ return {
1590
+ identity,
1591
+ policyInput,
1592
+ decision: response.data
1593
+ };
1594
+ } catch (error) {
1595
+ if (error instanceof LucernSdkAuthContextError) {
1596
+ throw error;
1597
+ }
1598
+ throw new LucernAccessControlError(
1599
+ "policy_unavailable",
1600
+ "Permit policy check failed closed before an allow decision was returned."
1601
+ );
1602
+ }
1603
+ }
1604
+ async function requireAccess(input, idempotencyKey) {
1605
+ const result = await checkAccess(input, idempotencyKey);
1606
+ assertPermitAllowed(result.decision);
1607
+ return result;
1608
+ }
1609
+ async function canAccess(input, idempotencyKey) {
1610
+ try {
1611
+ await requireAccess(input, idempotencyKey);
1612
+ return true;
1613
+ } catch {
1614
+ return false;
1615
+ }
1616
+ }
1617
+ return {
1618
+ normalizePrincipal: normalizeCanonicalPrincipalIdentity,
1619
+ checkAccess,
1620
+ requireAccess,
1621
+ canAccess
1622
+ };
1623
+ }
1624
+
1057
1625
  // src/answersClient.ts
1058
1626
  function createAnswersClient(config = {}) {
1059
1627
  const gateway = createGatewayRequestClient(config);
@@ -1221,7 +1789,7 @@ function authBaseUrl(config) {
1221
1789
  async function readJson(response) {
1222
1790
  try {
1223
1791
  const payload = await response.json();
1224
- return isRecord3(payload) ? payload : {};
1792
+ return isRecord4(payload) ? payload : {};
1225
1793
  } catch (error) {
1226
1794
  return unreadableJsonBodyFallback();
1227
1795
  }
@@ -1229,7 +1797,7 @@ async function readJson(response) {
1229
1797
  function unreadableJsonBodyFallback(_error) {
1230
1798
  return {};
1231
1799
  }
1232
- function isRecord3(value) {
1800
+ function isRecord4(value) {
1233
1801
  return value !== null && typeof value === "object" && !Array.isArray(value);
1234
1802
  }
1235
1803
  function readString(value) {
@@ -1272,7 +1840,7 @@ function assertDeviceTokenResponse(payload) {
1272
1840
  tenant_id: tenantId,
1273
1841
  workspace_id: readString(payload.workspace_id),
1274
1842
  principal_id: principalId,
1275
- user: isRecord3(payload.user) && typeof payload.user.id === "string" && typeof payload.user.principalId === "string" ? {
1843
+ user: isRecord4(payload.user) && typeof payload.user.id === "string" && typeof payload.user.principalId === "string" ? {
1276
1844
  id: payload.user.id,
1277
1845
  principalId: payload.user.principalId
1278
1846
  } : void 0
@@ -1618,61 +2186,6 @@ function createEvidenceClient(config = {}) {
1618
2186
  };
1619
2187
  }
1620
2188
 
1621
- // src/boundaryClientSurface.ts
1622
- function cleanOptionalString(value) {
1623
- const normalized = value?.trim();
1624
- return normalized ? normalized : void 0;
1625
- }
1626
- function isRecord4(value) {
1627
- return Boolean(value) && typeof value === "object" && !Array.isArray(value);
1628
- }
1629
- function cleanRequiredString(value, label) {
1630
- const normalized = cleanOptionalString(value);
1631
- if (!normalized) {
1632
- throw new Error(`${label} is required`);
1633
- }
1634
- return normalized;
1635
- }
1636
- function readTopicId(input) {
1637
- return cleanOptionalString(input.topicId) ?? cleanOptionalString(input.projectId);
1638
- }
1639
- function requireTopicId(input) {
1640
- const topicId = readTopicId(input);
1641
- if (!topicId) {
1642
- throw new Error("topicId is required");
1643
- }
1644
- return topicId;
1645
- }
1646
- function assertKnownKeys(input, allowed, operation) {
1647
- const allowedSet = new Set(allowed);
1648
- const unknownKeys = Object.keys(input).filter((key) => !allowedSet.has(key));
1649
- if (unknownKeys.length > 0) {
1650
- throw new Error(
1651
- `${operation} received unsupported field(s): ${unknownKeys.join(", ")}`
1652
- );
1653
- }
1654
- }
1655
- function knownPayload(input, allowed, operation) {
1656
- assertKnownKeys(input, allowed, operation);
1657
- return { ...input };
1658
- }
1659
- function topicPayload(input, allowed, operation) {
1660
- assertKnownKeys(input, allowed, operation);
1661
- return {
1662
- ...input,
1663
- topicId: requireTopicId(input),
1664
- projectId: void 0
1665
- };
1666
- }
1667
- function listResultFromEnvelope(data, legacyKey) {
1668
- const record = isRecord4(data) ? data : {};
1669
- const legacyItems = record[legacyKey];
1670
- return createListResult(
1671
- Array.isArray(legacyItems) ? legacyItems : Array.isArray(data) ? data : [],
1672
- legacyKey
1673
- );
1674
- }
1675
-
1676
2189
  // src/eventingClient.ts
1677
2190
  var EVENTING_FIELDS = [
1678
2191
  "tenantId",
@@ -2071,628 +2584,360 @@ function createOntologyClient(config = {}) {
2071
2584
  });
2072
2585
  },
2073
2586
  /**
2074
- * Bind an ontology definition to a topic.
2075
- */
2076
- async bind(input, idempotencyKey) {
2077
- return gateway.request({
2078
- path: `/api/platform/v1/ontologies/${encodeURIComponent(input.ontologyId)}/bind`,
2079
- method: "POST",
2080
- body: {
2081
- topicId: input.topicId
2082
- },
2083
- idempotencyKey: idempotencyKey ?? randomIdempotencyKey()
2084
- });
2085
- },
2086
- /**
2087
- * Create an ontology definition.
2088
- */
2089
- async createDefinition(input, idempotencyKey) {
2090
- return gateway.request({
2091
- path: "/api/platform/v1/ontologies",
2092
- method: "POST",
2093
- body: input,
2094
- idempotencyKey: idempotencyKey ?? randomIdempotencyKey()
2095
- });
2096
- },
2097
- /**
2098
- * Update an ontology definition.
2099
- */
2100
- async updateDefinition(id, input, idempotencyKey) {
2101
- return gateway.request({
2102
- path: `/api/platform/v1/ontologies/${encodeURIComponent(id)}`,
2103
- method: "PATCH",
2104
- body: input,
2105
- idempotencyKey: idempotencyKey ?? randomIdempotencyKey()
2106
- });
2107
- },
2108
- /**
2109
- * Archive an ontology definition.
2110
- */
2111
- async archiveDefinition(id, idempotencyKey) {
2112
- return gateway.request({
2113
- path: `/api/platform/v1/ontologies/${encodeURIComponent(id)}`,
2114
- method: "DELETE",
2115
- idempotencyKey: idempotencyKey ?? randomIdempotencyKey()
2116
- });
2117
- },
2118
- /**
2119
- * List versions for an ontology definition.
2120
- */
2121
- async listVersions(ontologyId, filters = {}) {
2122
- return gateway.request({
2123
- path: `/api/platform/v1/ontologies/${encodeURIComponent(ontologyId)}/versions${toQueryString(filters)}`
2124
- }).then(
2125
- (response) => mapGatewayData(
2126
- response,
2127
- (data) => createListResult(asListItems(data, "versions"), "versions")
2128
- )
2129
- );
2130
- },
2131
- /**
2132
- * Create an ontology version.
2133
- */
2134
- async createVersion(ontologyId, input, idempotencyKey) {
2135
- return gateway.request({
2136
- path: `/api/platform/v1/ontologies/${encodeURIComponent(ontologyId)}/versions`,
2137
- method: "POST",
2138
- body: input,
2139
- idempotencyKey: idempotencyKey ?? randomIdempotencyKey()
2140
- });
2141
- },
2142
- /**
2143
- * Publish an ontology version.
2144
- */
2145
- async publishVersion(ontologyId, versionId, idempotencyKey) {
2146
- return gateway.request({
2147
- path: `/api/platform/v1/ontologies/${encodeURIComponent(ontologyId)}/versions/${encodeURIComponent(versionId)}/publish`,
2148
- method: "POST",
2149
- idempotencyKey: idempotencyKey ?? randomIdempotencyKey()
2150
- });
2151
- },
2152
- /**
2153
- * Deprecate an ontology version.
2154
- */
2155
- async deprecateVersion(ontologyId, versionId, idempotencyKey) {
2156
- return gateway.request({
2157
- path: `/api/platform/v1/ontologies/${encodeURIComponent(ontologyId)}/versions/${encodeURIComponent(versionId)}/deprecate`,
2158
- method: "POST",
2159
- idempotencyKey: idempotencyKey ?? randomIdempotencyKey()
2160
- });
2161
- },
2162
- /**
2163
- * List topics directly bound to a specific ontology definition.
2164
- * Uses the topics gateway with ontologyId filter.
2165
- */
2166
- async listTopics(ontologyId) {
2167
- return gateway.request({
2168
- path: `/api/platform/v1/topics?ontologyId=${encodeURIComponent(ontologyId)}`
2169
- }).then(
2170
- (response) => mapGatewayData(
2171
- response,
2172
- (data) => createListResult(Array.isArray(data) ? data : [], "topics")
2173
- )
2174
- );
2175
- }
2176
- };
2177
- return Object.assign(client, {
2178
- listDefinitions: client.list,
2179
- getDefinition: client.get,
2180
- listTopicsByOntology: client.listTopics
2181
- });
2182
- }
2183
-
2184
- // src/graphClient.ts
2185
- function createGraphClient(config = {}) {
2186
- const gateway = createGatewayRequestClient(config);
2187
- const client = {
2188
- /**
2189
- * List graph nodes matching the provided filters.
2190
- */
2191
- async listNodes(query5) {
2192
- return gateway.request({
2193
- path: `/api/platform/v1/graph/nodes${toQueryString(
2194
- normalizeTopicQuery(query5)
2195
- )}`
2196
- }).then(
2197
- (response) => mapGatewayData(response, (data) => mapAliasedList(data, "nodes"))
2198
- );
2199
- },
2200
- /**
2201
- * Retrieve a single graph node by nodeId or globalId.
2202
- */
2203
- async getNode(query5) {
2204
- return gateway.request({
2205
- path: `/api/platform/v1/graph/nodes${toQueryString(query5)}`
2206
- }).then(
2207
- (response) => mapGatewayData(
2208
- response,
2209
- (data) => withSdkAliases(data)
2210
- )
2211
- );
2212
- },
2213
- /**
2214
- * Create a graph node.
2215
- */
2216
- async createNode(input, idempotencyKey) {
2217
- return gateway.request({
2218
- path: "/api/platform/v1/graph/nodes",
2219
- method: "POST",
2220
- body: normalizeNodeWriteInput(input),
2221
- idempotencyKey: idempotencyKey ?? randomIdempotencyKey()
2222
- }).then(
2223
- (response) => mapGatewayData(
2224
- response,
2225
- (data) => withSdkAliases(data)
2226
- )
2227
- );
2228
- },
2229
- /**
2230
- * Update a graph node.
2231
- */
2232
- async updateNode(input, idempotencyKey) {
2233
- return gateway.request({
2234
- path: "/api/platform/v1/graph/nodes",
2235
- method: "PUT",
2236
- body: normalizeNodeWriteInput(input),
2237
- idempotencyKey: idempotencyKey ?? randomIdempotencyKey()
2238
- }).then(
2239
- (response) => mapGatewayData(
2240
- response,
2241
- (data) => withSdkAliases(data)
2242
- )
2243
- );
2244
- },
2245
- /**
2246
- * Batch create graph nodes through the admin route surface.
2587
+ * Bind an ontology definition to a topic.
2247
2588
  */
2248
- async batchCreateNodes(input, idempotencyKey) {
2589
+ async bind(input, idempotencyKey) {
2249
2590
  return gateway.request({
2250
- path: "/api/platform/v1/graph/nodes/batch",
2591
+ path: `/api/platform/v1/ontologies/${encodeURIComponent(input.ontologyId)}/bind`,
2251
2592
  method: "POST",
2252
2593
  body: {
2253
- nodes: input.nodes.map((node) => normalizeNodeWriteInput(node))
2594
+ topicId: input.topicId
2254
2595
  },
2255
2596
  idempotencyKey: idempotencyKey ?? randomIdempotencyKey()
2256
2597
  });
2257
2598
  },
2258
2599
  /**
2259
- * Supersede an existing graph node with a new canonical version.
2600
+ * Create an ontology definition.
2260
2601
  */
2261
- async supersedeNode(input, idempotencyKey) {
2602
+ async createDefinition(input, idempotencyKey) {
2262
2603
  return gateway.request({
2263
- path: "/api/platform/v1/graph/nodes/supersede",
2604
+ path: "/api/platform/v1/ontologies",
2264
2605
  method: "POST",
2265
2606
  body: input,
2266
2607
  idempotencyKey: idempotencyKey ?? randomIdempotencyKey()
2267
2608
  });
2268
2609
  },
2269
2610
  /**
2270
- * Update a node's verification status.
2611
+ * Update an ontology definition.
2271
2612
  */
2272
- async verifyNode(input, idempotencyKey) {
2273
- const verificationStatus = normalizeNodeVerificationStatus(input.verificationStatus) ?? input.verificationStatus;
2613
+ async updateDefinition(id, input, idempotencyKey) {
2274
2614
  return gateway.request({
2275
- path: "/api/platform/v1/graph/nodes/verify",
2276
- method: "POST",
2277
- body: {
2278
- ...input,
2279
- verificationStatus
2280
- },
2615
+ path: `/api/platform/v1/ontologies/${encodeURIComponent(id)}`,
2616
+ method: "PATCH",
2617
+ body: input,
2281
2618
  idempotencyKey: idempotencyKey ?? randomIdempotencyKey()
2282
2619
  });
2283
2620
  },
2284
2621
  /**
2285
- * Permanently delete a node via the admin-only hard-delete route.
2622
+ * Archive an ontology definition.
2286
2623
  */
2287
- async hardDeleteNode(input, idempotencyKey) {
2624
+ async archiveDefinition(id, idempotencyKey) {
2288
2625
  return gateway.request({
2289
- path: "/api/platform/v1/graph/nodes/hard-delete",
2290
- method: "POST",
2291
- body: input,
2626
+ path: `/api/platform/v1/ontologies/${encodeURIComponent(id)}`,
2627
+ method: "DELETE",
2292
2628
  idempotencyKey: idempotencyKey ?? randomIdempotencyKey()
2293
2629
  });
2294
2630
  },
2295
2631
  /**
2296
- * List graph edges matching the provided filters.
2632
+ * List versions for an ontology definition.
2297
2633
  */
2298
- async listEdges(query5) {
2634
+ async listVersions(ontologyId, filters = {}) {
2299
2635
  return gateway.request({
2300
- path: `/api/platform/v1/graph/edges${toQueryString(
2301
- normalizeTopicQuery(query5)
2302
- )}`
2636
+ path: `/api/platform/v1/ontologies/${encodeURIComponent(ontologyId)}/versions${toQueryString(filters)}`
2303
2637
  }).then(
2304
2638
  (response) => mapGatewayData(
2305
2639
  response,
2306
- (data) => mapAliasedList(data, "edges")
2640
+ (data) => createListResult(asListItems(data, "versions"), "versions")
2307
2641
  )
2308
2642
  );
2309
2643
  },
2310
2644
  /**
2311
- * Create a graph edge.
2645
+ * Create an ontology version.
2312
2646
  */
2313
- async createEdge(input, idempotencyKey) {
2647
+ async createVersion(ontologyId, input, idempotencyKey) {
2314
2648
  return gateway.request({
2315
- path: "/api/platform/v1/graph/edges",
2649
+ path: `/api/platform/v1/ontologies/${encodeURIComponent(ontologyId)}/versions`,
2316
2650
  method: "POST",
2317
- body: normalizeTopicQuery(input),
2318
- idempotencyKey: idempotencyKey ?? randomIdempotencyKey()
2319
- });
2320
- },
2321
- /**
2322
- * Delete one or more edges matching the provided filter.
2323
- */
2324
- async deleteEdge(query5, idempotencyKey) {
2325
- return gateway.request({
2326
- path: `/api/platform/v1/graph/edges${toQueryString(query5)}`,
2327
- method: "DELETE",
2651
+ body: input,
2328
2652
  idempotencyKey: idempotencyKey ?? randomIdempotencyKey()
2329
2653
  });
2330
2654
  },
2331
2655
  /**
2332
- * Retrieve a graph neighborhood around a root node.
2333
- */
2334
- async neighborhood(query5) {
2335
- return gateway.request({
2336
- path: `/api/platform/v1/graph/neighborhood${toQueryString(query5)}`
2337
- });
2338
- },
2339
- /**
2340
- * Traverse the graph from a starting node.
2656
+ * Publish an ontology version.
2341
2657
  */
2342
- async traverse(query5) {
2658
+ async publishVersion(ontologyId, versionId, idempotencyKey) {
2343
2659
  return gateway.request({
2344
- path: "/api/platform/v1/graph/traverse",
2660
+ path: `/api/platform/v1/ontologies/${encodeURIComponent(ontologyId)}/versions/${encodeURIComponent(versionId)}/publish`,
2345
2661
  method: "POST",
2346
- body: normalizeTopicQuery(query5)
2347
- });
2348
- },
2349
- /**
2350
- * Analyze graph structure for a topic.
2351
- */
2352
- async analyze(query5 = {}) {
2353
- const normalized = normalizeTopicQuery(query5);
2354
- return gateway.request({
2355
- path: `/api/platform/v1/graph/analyze${toQueryString({
2356
- topicId: typeof normalized.topicId === "string" ? normalized.topicId : void 0,
2357
- metric: typeof normalized.metric === "string" ? normalized.metric : void 0,
2358
- limit: typeof normalized.limit === "number" ? normalized.limit : void 0
2359
- })}`
2360
- });
2361
- },
2362
- /**
2363
- * Detect confirmation-bias patterns for a topic graph.
2364
- */
2365
- async bias(query5 = {}) {
2366
- const normalized = normalizeTopicQuery(query5);
2367
- return gateway.request({
2368
- path: `/api/platform/v1/graph/bias${toQueryString({
2369
- topicId: typeof normalized.topicId === "string" ? normalized.topicId : void 0,
2370
- threshold: typeof normalized.threshold === "number" ? normalized.threshold : void 0,
2371
- limit: typeof normalized.limit === "number" ? normalized.limit : void 0
2372
- })}`
2373
- });
2374
- },
2375
- /**
2376
- * Find graph gaps for beliefs that still need testing.
2377
- */
2378
- async gaps(query5) {
2379
- const normalized = normalizeTopicQuery(query5);
2380
- return gateway.request({
2381
- path: `/api/platform/v1/graph/gaps${toQueryString({
2382
- topicId: typeof normalized.topicId === "string" ? normalized.topicId : void 0,
2383
- minConfidence: typeof normalized.minConfidence === "number" ? normalized.minConfidence : void 0
2384
- })}`
2662
+ idempotencyKey: idempotencyKey ?? randomIdempotencyKey()
2385
2663
  });
2386
2664
  },
2387
2665
  /**
2388
- * Search across graph resources within a topic.
2666
+ * Deprecate an ontology version.
2389
2667
  */
2390
- async search(query5) {
2668
+ async deprecateVersion(ontologyId, versionId, idempotencyKey) {
2391
2669
  return gateway.request({
2392
- path: "/api/platform/v1/search",
2670
+ path: `/api/platform/v1/ontologies/${encodeURIComponent(ontologyId)}/versions/${encodeURIComponent(versionId)}/deprecate`,
2393
2671
  method: "POST",
2394
- body: normalizeTopicQuery(query5)
2395
- });
2396
- },
2397
- /**
2398
- * Retrieve the shortest known path between two graph nodes.
2399
- */
2400
- async getPath(query5) {
2401
- return gateway.request({
2402
- path: `/api/platform/v1/graph/path${toQueryString(query5)}`
2672
+ idempotencyKey: idempotencyKey ?? randomIdempotencyKey()
2403
2673
  });
2404
2674
  },
2405
2675
  /**
2406
- * Retrieve graph analytics for the requested metric.
2676
+ * List topics directly bound to a specific ontology definition.
2677
+ * Uses the topics gateway with ontologyId filter.
2407
2678
  */
2408
- async getAnalytics(query5 = {}) {
2679
+ async listTopics(ontologyId) {
2409
2680
  return gateway.request({
2410
- path: `/api/platform/v1/graph/analytics${toQueryString(query5)}`
2411
- });
2681
+ path: `/api/platform/v1/topics?ontologyId=${encodeURIComponent(ontologyId)}`
2682
+ }).then(
2683
+ (response) => mapGatewayData(
2684
+ response,
2685
+ (data) => createListResult(Array.isArray(data) ? data : [], "topics")
2686
+ )
2687
+ );
2412
2688
  }
2413
2689
  };
2414
2690
  return Object.assign(client, {
2415
- queryNodes: client.listNodes,
2416
- queryEdges: client.listEdges,
2417
- getNeighborhood: client.neighborhood
2691
+ listDefinitions: client.list,
2692
+ getDefinition: client.get,
2693
+ listTopicsByOntology: client.listTopics
2418
2694
  });
2419
2695
  }
2420
2696
 
2421
- // src/identityClient.ts
2422
- function createIdentityWhoamiClient(config = {}) {
2697
+ // src/graphClient.ts
2698
+ function createGraphClient(config = {}) {
2423
2699
  const gateway = createGatewayRequestClient(config);
2424
- return {
2425
- async whoami() {
2700
+ const client = {
2701
+ /**
2702
+ * List graph nodes matching the provided filters.
2703
+ */
2704
+ async listNodes(query5) {
2426
2705
  return gateway.request({
2427
- path: "/api/platform/v1/identity/whoami"
2428
- });
2429
- }
2430
- };
2431
- }
2432
- var TENANT_IDENTITY_FIELDS = [
2433
- "tenantId",
2434
- "workspaceId",
2435
- "principalId",
2436
- "integrationKey",
2437
- "secretRef",
2438
- "policySubject",
2439
- "policyAction",
2440
- "policyResource",
2441
- "decision",
2442
- "config",
2443
- "configKey",
2444
- "configValue",
2445
- "provider",
2446
- "status",
2447
- "metadata",
2448
- "limit",
2449
- "cursor"
2450
- ];
2451
- function tenantIdentityQuery(input) {
2452
- return {
2453
- tenantId: cleanRequiredString(input.tenantId, "tenantId"),
2454
- workspaceId: input.workspaceId,
2455
- principalId: input.principalId,
2456
- limit: input.limit,
2457
- cursor: input.cursor
2458
- };
2459
- }
2460
- function tenantIdentityBody(input, operation) {
2461
- return knownPayload(input, TENANT_IDENTITY_FIELDS, operation);
2462
- }
2463
- function createIdentityClient(config = {}) {
2464
- const gateway = createGatewayRequestClient(config);
2465
- const whoamiClient = createIdentityWhoamiClient(config);
2466
- const requestPrincipalWrite = (method, input, idempotencyKey) => gateway.request({
2467
- path: "/api/platform/v1/identity/principals",
2468
- method,
2469
- body: input,
2470
- idempotencyKey: idempotencyKey ?? randomIdempotencyKey()
2471
- });
2472
- const updatePrincipal = (input, idempotencyKey) => requestPrincipalWrite("PATCH", input, idempotencyKey);
2473
- const deleteKey = (keyId, input = {}, idempotencyKey) => gateway.request({
2474
- path: `/api/platform/v1/identity/keys/${encodeURIComponent(keyId)}/revoke`,
2475
- method: "POST",
2476
- body: input,
2477
- idempotencyKey: idempotencyKey ?? randomIdempotencyKey()
2478
- });
2479
- return {
2706
+ path: `/api/platform/v1/graph/nodes${toQueryString(
2707
+ normalizeTopicQuery(query5)
2708
+ )}`
2709
+ }).then(
2710
+ (response) => mapGatewayData(response, (data) => mapAliasedList(data, "nodes"))
2711
+ );
2712
+ },
2480
2713
  /**
2481
- * Resolve the current authenticated identity summary.
2714
+ * Retrieve a single graph node by nodeId or globalId.
2482
2715
  */
2483
- async whoami() {
2484
- return whoamiClient.whoami().then(
2485
- (response) => mapGatewayData(response, (data) => ({
2486
- principalId: data.principalId,
2487
- principalType: data.principalType,
2488
- tenantId: data.tenantId ?? null,
2489
- workspaceId: data.workspaceId ?? null,
2490
- scopes: Array.isArray(data.scopes) ? data.scopes : [],
2491
- roles: Array.isArray(data.roles) ? data.roles : [],
2492
- isPlatformAdmin: data.isPlatformAdmin === true,
2493
- isTenantAdmin: data.isTenantAdmin === true,
2494
- isWorkspaceAdmin: data.isWorkspaceAdmin === true,
2495
- authMode: data.authMode,
2496
- sessionId: data.sessionId,
2497
- delegatedBy: data.delegatedBy,
2498
- expiresAt: data.expiresAt
2499
- }))
2716
+ async getNode(query5) {
2717
+ return gateway.request({
2718
+ path: `/api/platform/v1/graph/nodes${toQueryString(query5)}`
2719
+ }).then(
2720
+ (response) => mapGatewayData(
2721
+ response,
2722
+ (data) => withSdkAliases(data)
2723
+ )
2500
2724
  );
2501
2725
  },
2502
2726
  /**
2503
- * List principals in the current identity scope.
2727
+ * Create a graph node.
2504
2728
  */
2505
- async listPrincipals(query5 = {}) {
2729
+ async createNode(input, idempotencyKey) {
2506
2730
  return gateway.request({
2507
- path: `/api/platform/v1/identity/principals${toQueryString(query5)}`
2731
+ path: "/api/platform/v1/graph/nodes",
2732
+ method: "POST",
2733
+ body: normalizeNodeWriteInput(input),
2734
+ idempotencyKey: idempotencyKey ?? randomIdempotencyKey()
2508
2735
  }).then(
2509
2736
  (response) => mapGatewayData(
2510
2737
  response,
2511
- (data) => createListResult(
2512
- Array.isArray(data) ? data : [],
2513
- "principals"
2514
- )
2738
+ (data) => withSdkAliases(data)
2515
2739
  )
2516
2740
  );
2517
2741
  },
2518
2742
  /**
2519
- * Create a principal.
2520
- */
2521
- async createPrincipal(input, idempotencyKey) {
2522
- return requestPrincipalWrite("POST", input, idempotencyKey);
2523
- },
2524
- /**
2525
- * Update a principal.
2526
- */
2527
- updatePrincipal,
2528
- /**
2529
- * @deprecated Use createPrincipal or updatePrincipal.
2530
- */
2531
- upsertPrincipal: updatePrincipal,
2532
- /**
2533
- * List keys in the current identity scope.
2743
+ * Update a graph node.
2534
2744
  */
2535
- async listKeys(query5 = {}) {
2745
+ async updateNode(input, idempotencyKey) {
2536
2746
  return gateway.request({
2537
- path: `/api/platform/v1/identity/keys${toQueryString(query5)}`
2747
+ path: "/api/platform/v1/graph/nodes",
2748
+ method: "PUT",
2749
+ body: normalizeNodeWriteInput(input),
2750
+ idempotencyKey: idempotencyKey ?? randomIdempotencyKey()
2538
2751
  }).then(
2539
2752
  (response) => mapGatewayData(
2540
2753
  response,
2541
- (data) => createListResult(Array.isArray(data) ? data : [], "keys")
2754
+ (data) => withSdkAliases(data)
2542
2755
  )
2543
2756
  );
2544
2757
  },
2545
2758
  /**
2546
- * Create an API key.
2759
+ * Batch create graph nodes through the admin route surface.
2547
2760
  */
2548
- async createKey(input, idempotencyKey) {
2761
+ async batchCreateNodes(input, idempotencyKey) {
2549
2762
  return gateway.request({
2550
- path: "/api/platform/v1/identity/keys",
2763
+ path: "/api/platform/v1/graph/nodes/batch",
2551
2764
  method: "POST",
2552
- body: input,
2765
+ body: {
2766
+ nodes: input.nodes.map((node) => normalizeNodeWriteInput(node))
2767
+ },
2553
2768
  idempotencyKey: idempotencyKey ?? randomIdempotencyKey()
2554
2769
  });
2555
2770
  },
2556
2771
  /**
2557
- * Rotate an API key.
2772
+ * Supersede an existing graph node with a new canonical version.
2558
2773
  */
2559
- async rotateKey(keyId, input = {}, idempotencyKey) {
2774
+ async supersedeNode(input, idempotencyKey) {
2560
2775
  return gateway.request({
2561
- path: `/api/platform/v1/identity/keys/${encodeURIComponent(keyId)}/rotate`,
2776
+ path: "/api/platform/v1/graph/nodes/supersede",
2562
2777
  method: "POST",
2563
2778
  body: input,
2564
2779
  idempotencyKey: idempotencyKey ?? randomIdempotencyKey()
2565
2780
  });
2566
2781
  },
2567
2782
  /**
2568
- * Delete an API key by revoking it.
2569
- */
2570
- deleteKey,
2571
- /**
2572
- * @deprecated Use deleteKey.
2573
- */
2574
- revokeKey: deleteKey,
2575
- /**
2576
- * Search Clerk users by email or display attributes.
2783
+ * Update a node's verification status.
2577
2784
  */
2578
- async searchClerkUsers(q) {
2579
- return gateway.request({
2580
- path: `/api/platform/v1/identity/clerk-users${toQueryString({ q })}`
2581
- });
2582
- },
2583
- async getTenantConfig(input) {
2785
+ async verifyNode(input, idempotencyKey) {
2786
+ const verificationStatus = normalizeNodeVerificationStatus(input.verificationStatus) ?? input.verificationStatus;
2584
2787
  return gateway.request({
2585
- path: `/api/platform/v1/identity/tenant-config${toQueryString(
2586
- tenantIdentityQuery(input)
2587
- )}`
2788
+ path: "/api/platform/v1/graph/nodes/verify",
2789
+ method: "POST",
2790
+ body: {
2791
+ ...input,
2792
+ verificationStatus
2793
+ },
2794
+ idempotencyKey: idempotencyKey ?? randomIdempotencyKey()
2588
2795
  });
2589
2796
  },
2590
- async updateTenantConfig(input, idempotencyKey) {
2591
- cleanRequiredString(input.tenantId, "tenantId");
2797
+ /**
2798
+ * Permanently delete a node via the admin-only hard-delete route.
2799
+ */
2800
+ async hardDeleteNode(input, idempotencyKey) {
2592
2801
  return gateway.request({
2593
- path: "/api/platform/v1/identity/tenant-config",
2594
- method: "PATCH",
2595
- body: tenantIdentityBody(
2596
- input,
2597
- "identity.updateTenantConfig"
2598
- ),
2802
+ path: "/api/platform/v1/graph/nodes/hard-delete",
2803
+ method: "POST",
2804
+ body: input,
2599
2805
  idempotencyKey: idempotencyKey ?? randomIdempotencyKey()
2600
2806
  });
2601
2807
  },
2602
- async listIntegrations(input) {
2808
+ /**
2809
+ * List graph edges matching the provided filters.
2810
+ */
2811
+ async listEdges(query5) {
2603
2812
  return gateway.request({
2604
- path: `/api/platform/v1/identity/integrations${toQueryString(
2605
- tenantIdentityQuery(input)
2813
+ path: `/api/platform/v1/graph/edges${toQueryString(
2814
+ normalizeTopicQuery(query5)
2606
2815
  )}`
2607
2816
  }).then(
2608
2817
  (response) => mapGatewayData(
2609
2818
  response,
2610
- (data) => listResultFromEnvelope(
2611
- data,
2612
- "integrations"
2613
- )
2819
+ (data) => mapAliasedList(data, "edges")
2614
2820
  )
2615
2821
  );
2616
2822
  },
2617
- async upsertIntegration(input, idempotencyKey) {
2618
- cleanRequiredString(input.tenantId, "tenantId");
2619
- cleanRequiredString(input.integrationKey, "integrationKey");
2823
+ /**
2824
+ * Create a graph edge.
2825
+ */
2826
+ async createEdge(input, idempotencyKey) {
2620
2827
  return gateway.request({
2621
- path: "/api/platform/v1/identity/integrations",
2622
- method: "PUT",
2623
- body: tenantIdentityBody(
2624
- input,
2625
- "identity.upsertIntegration"
2626
- ),
2828
+ path: "/api/platform/v1/graph/edges",
2829
+ method: "POST",
2830
+ body: normalizeTopicQuery(input),
2627
2831
  idempotencyKey: idempotencyKey ?? randomIdempotencyKey()
2628
2832
  });
2629
2833
  },
2630
- async listSecrets(input) {
2834
+ /**
2835
+ * Delete one or more edges matching the provided filter.
2836
+ */
2837
+ async deleteEdge(query5, idempotencyKey) {
2631
2838
  return gateway.request({
2632
- path: `/api/platform/v1/identity/secrets${toQueryString(
2633
- tenantIdentityQuery(input)
2634
- )}`
2635
- }).then(
2636
- (response) => mapGatewayData(
2637
- response,
2638
- (data) => listResultFromEnvelope(
2639
- data,
2640
- "secrets"
2641
- )
2642
- )
2643
- );
2839
+ path: `/api/platform/v1/graph/edges${toQueryString(query5)}`,
2840
+ method: "DELETE",
2841
+ idempotencyKey: idempotencyKey ?? randomIdempotencyKey()
2842
+ });
2644
2843
  },
2645
- async putSecretReference(input, idempotencyKey) {
2646
- cleanRequiredString(input.tenantId, "tenantId");
2647
- cleanRequiredString(input.secretRef, "secretRef");
2844
+ /**
2845
+ * Retrieve a graph neighborhood around a root node.
2846
+ */
2847
+ async neighborhood(query5) {
2648
2848
  return gateway.request({
2649
- path: "/api/platform/v1/identity/secrets",
2650
- method: "PUT",
2651
- body: tenantIdentityBody(
2652
- input,
2653
- "identity.putSecretReference"
2654
- ),
2655
- idempotencyKey: idempotencyKey ?? randomIdempotencyKey()
2849
+ path: `/api/platform/v1/graph/neighborhood${toQueryString(query5)}`
2656
2850
  });
2657
2851
  },
2658
- async evaluatePolicy(input, idempotencyKey) {
2659
- cleanRequiredString(input.tenantId, "tenantId");
2660
- cleanRequiredString(input.policySubject, "policySubject");
2661
- cleanRequiredString(input.policyAction, "policyAction");
2662
- cleanRequiredString(input.policyResource, "policyResource");
2852
+ /**
2853
+ * Traverse the graph from a starting node.
2854
+ */
2855
+ async traverse(query5) {
2663
2856
  return gateway.request({
2664
- path: "/api/platform/v1/identity/policy/evaluate",
2857
+ path: "/api/platform/v1/graph/traverse",
2665
2858
  method: "POST",
2666
- body: tenantIdentityBody(
2667
- input,
2668
- "identity.evaluatePolicy"
2669
- ),
2670
- idempotencyKey: idempotencyKey ?? randomIdempotencyKey()
2859
+ body: normalizeTopicQuery(query5)
2671
2860
  });
2672
2861
  },
2673
- async recordPolicyDecision(input, idempotencyKey) {
2674
- cleanRequiredString(input.tenantId, "tenantId");
2675
- cleanRequiredString(input.decision, "decision");
2862
+ /**
2863
+ * Analyze graph structure for a topic.
2864
+ */
2865
+ async analyze(query5 = {}) {
2866
+ const normalized = normalizeTopicQuery(query5);
2676
2867
  return gateway.request({
2677
- path: "/api/platform/v1/identity/policy/decisions",
2868
+ path: `/api/platform/v1/graph/analyze${toQueryString({
2869
+ topicId: typeof normalized.topicId === "string" ? normalized.topicId : void 0,
2870
+ metric: typeof normalized.metric === "string" ? normalized.metric : void 0,
2871
+ limit: typeof normalized.limit === "number" ? normalized.limit : void 0
2872
+ })}`
2873
+ });
2874
+ },
2875
+ /**
2876
+ * Detect confirmation-bias patterns for a topic graph.
2877
+ */
2878
+ async bias(query5 = {}) {
2879
+ const normalized = normalizeTopicQuery(query5);
2880
+ return gateway.request({
2881
+ path: `/api/platform/v1/graph/bias${toQueryString({
2882
+ topicId: typeof normalized.topicId === "string" ? normalized.topicId : void 0,
2883
+ threshold: typeof normalized.threshold === "number" ? normalized.threshold : void 0,
2884
+ limit: typeof normalized.limit === "number" ? normalized.limit : void 0
2885
+ })}`
2886
+ });
2887
+ },
2888
+ /**
2889
+ * Find graph gaps for beliefs that still need testing.
2890
+ */
2891
+ async gaps(query5) {
2892
+ const normalized = normalizeTopicQuery(query5);
2893
+ return gateway.request({
2894
+ path: `/api/platform/v1/graph/gaps${toQueryString({
2895
+ topicId: typeof normalized.topicId === "string" ? normalized.topicId : void 0,
2896
+ minConfidence: typeof normalized.minConfidence === "number" ? normalized.minConfidence : void 0
2897
+ })}`
2898
+ });
2899
+ },
2900
+ /**
2901
+ * Search across graph resources within a topic.
2902
+ */
2903
+ async search(query5) {
2904
+ return gateway.request({
2905
+ path: "/api/platform/v1/search",
2678
2906
  method: "POST",
2679
- body: tenantIdentityBody(
2680
- input,
2681
- "identity.recordPolicyDecision"
2682
- ),
2683
- idempotencyKey: idempotencyKey ?? randomIdempotencyKey()
2907
+ body: normalizeTopicQuery(query5)
2908
+ });
2909
+ },
2910
+ /**
2911
+ * Retrieve the shortest known path between two graph nodes.
2912
+ */
2913
+ async getPath(query5) {
2914
+ return gateway.request({
2915
+ path: `/api/platform/v1/graph/path${toQueryString(query5)}`
2916
+ });
2917
+ },
2918
+ /**
2919
+ * Retrieve graph analytics for the requested metric.
2920
+ */
2921
+ async getAnalytics(query5 = {}) {
2922
+ return gateway.request({
2923
+ path: `/api/platform/v1/graph/analytics${toQueryString(query5)}`
2684
2924
  });
2685
2925
  }
2686
2926
  };
2927
+ return Object.assign(client, {
2928
+ queryNodes: client.listNodes,
2929
+ queryEdges: client.listEdges,
2930
+ getNeighborhood: client.neighborhood
2931
+ });
2687
2932
  }
2688
2933
 
2689
2934
  // src/topicsClient.ts
2690
- function cleanString3(value) {
2935
+ function cleanString4(value) {
2691
2936
  return typeof value === "string" && value.trim().length > 0 ? value.trim() : void 0;
2692
2937
  }
2693
2938
  function normalizeTopicRecord(value) {
2694
2939
  const record = asRecord(value);
2695
- const topicId = cleanString3(record.topicId) ?? cleanString3(record.id) ?? cleanString3(record._id);
2940
+ const topicId = cleanString4(record.topicId) ?? cleanString4(record.id) ?? cleanString4(record._id);
2696
2941
  return withTopicAlias({
2697
2942
  ...record,
2698
2943
  ...topicId ? { topicId } : {}
@@ -3905,7 +4150,7 @@ function createEmbeddingsClient(config = {}) {
3905
4150
  }
3906
4151
 
3907
4152
  // src/contextClient.ts
3908
- function cleanString4(value) {
4153
+ function cleanString5(value) {
3909
4154
  return typeof value === "string" && value.trim().length > 0 ? value.trim() : void 0;
3910
4155
  }
3911
4156
  function cleanNumber(value) {
@@ -3917,11 +4162,11 @@ function cleanBoolean(value) {
3917
4162
  function buildCompileContextRequest(topicIdOrInput = {}, input = {}) {
3918
4163
  const effectiveInput = typeof topicIdOrInput === "string" ? input : topicIdOrInput;
3919
4164
  const payload = {};
3920
- const topicId = typeof topicIdOrInput === "string" ? cleanString4(topicIdOrInput) : cleanString4(effectiveInput.topicId);
4165
+ const topicId = typeof topicIdOrInput === "string" ? cleanString5(topicIdOrInput) : cleanString5(effectiveInput.topicId);
3921
4166
  if (topicId) {
3922
4167
  payload.topicId = topicId;
3923
4168
  }
3924
- const query5 = cleanString4(effectiveInput.query);
4169
+ const query5 = cleanString5(effectiveInput.query);
3925
4170
  if (query5) {
3926
4171
  payload.query = query5;
3927
4172
  }
@@ -3929,7 +4174,7 @@ function buildCompileContextRequest(topicIdOrInput = {}, input = {}) {
3929
4174
  if (budget !== void 0) {
3930
4175
  payload.budget = budget;
3931
4176
  }
3932
- const ranking = cleanString4(effectiveInput.ranking) ?? cleanString4(effectiveInput.rankingProfile);
4177
+ const ranking = cleanString5(effectiveInput.ranking) ?? cleanString5(effectiveInput.rankingProfile);
3933
4178
  if (ranking) {
3934
4179
  payload.ranking = ranking;
3935
4180
  }
@@ -3945,7 +4190,7 @@ function buildCompileContextRequest(topicIdOrInput = {}, input = {}) {
3945
4190
  if (includeEntities !== void 0) {
3946
4191
  payload.includeEntities = includeEntities;
3947
4192
  }
3948
- const mode = cleanString4(effectiveInput.mode);
4193
+ const mode = cleanString5(effectiveInput.mode);
3949
4194
  if (mode) {
3950
4195
  payload.mode = mode;
3951
4196
  }
@@ -3953,11 +4198,11 @@ function buildCompileContextRequest(topicIdOrInput = {}, input = {}) {
3953
4198
  if (includeFailures !== void 0) {
3954
4199
  payload.includeFailures = includeFailures;
3955
4200
  }
3956
- const worktreeId = cleanString4(effectiveInput.worktreeId);
4201
+ const worktreeId = cleanString5(effectiveInput.worktreeId);
3957
4202
  if (worktreeId) {
3958
4203
  payload.worktreeId = worktreeId;
3959
4204
  }
3960
- const sessionId = cleanString4(effectiveInput.sessionId);
4205
+ const sessionId = cleanString5(effectiveInput.sessionId);
3961
4206
  if (sessionId) {
3962
4207
  payload.sessionId = sessionId;
3963
4208
  }
@@ -4843,7 +5088,8 @@ function createMcpClient(config = {}) {
4843
5088
  transportKind: input.transportKind,
4844
5089
  sessionId: input.sessionId,
4845
5090
  agentIdentity: input.agentIdentity,
4846
- workspaceId: input.workspaceId
5091
+ workspaceId: input.workspaceId,
5092
+ worktreeId: input.worktreeId
4847
5093
  };
4848
5094
  return gateway.request({
4849
5095
  path: `${MCP_GATEWAY_BOOTSTRAP_ENDPOINT}${toQueryString(scope)}`,
@@ -5675,7 +5921,7 @@ var ORG_GRAPH_SEARCH_FIELDS = [
5675
5921
  "cursor",
5676
5922
  "provenanceScope"
5677
5923
  ];
5678
- function cleanString5(value, label) {
5924
+ function cleanString6(value, label) {
5679
5925
  const normalized = value?.trim();
5680
5926
  if (!normalized) {
5681
5927
  throw new Error(`${label} is required`);
@@ -5697,9 +5943,9 @@ function searchBody(input) {
5697
5943
  "orgGraphSearch.search"
5698
5944
  );
5699
5945
  return {
5700
- tenantId: cleanString5(input.tenantId, "tenantId"),
5701
- workspaceId: cleanString5(input.workspaceId, "workspaceId"),
5702
- query: cleanString5(input.query, "query"),
5946
+ tenantId: cleanString6(input.tenantId, "tenantId"),
5947
+ workspaceId: cleanString6(input.workspaceId, "workspaceId"),
5948
+ query: cleanString6(input.query, "query"),
5703
5949
  nodeTypes: input.nodeTypes,
5704
5950
  minConfidence: input.minConfidence,
5705
5951
  limit: input.limit,
@@ -5709,8 +5955,8 @@ function searchBody(input) {
5709
5955
  }
5710
5956
  function listQuery2(input) {
5711
5957
  return {
5712
- tenantId: cleanString5(input.tenantId, "tenantId"),
5713
- workspaceId: cleanString5(input.workspaceId, "workspaceId"),
5958
+ tenantId: cleanString6(input.tenantId, "tenantId"),
5959
+ workspaceId: cleanString6(input.workspaceId, "workspaceId"),
5714
5960
  nodeTypes: input.nodeTypes?.join(","),
5715
5961
  minConfidence: input.minConfidence,
5716
5962
  limit: input.limit,
@@ -5744,8 +5990,8 @@ function createOrgGraphSearchClient(config = {}) {
5744
5990
  return gateway.request({
5745
5991
  path: `/api/platform/v1/org-graph-search/nodes/${nodePath}${toQueryString(
5746
5992
  {
5747
- tenantId: cleanString5(input.tenantId, "tenantId"),
5748
- workspaceId: cleanString5(input.workspaceId, "workspaceId"),
5993
+ tenantId: cleanString6(input.tenantId, "tenantId"),
5994
+ workspaceId: cleanString6(input.workspaceId, "workspaceId"),
5749
5995
  globalId: nodeId ? void 0 : globalId
5750
5996
  }
5751
5997
  )}`
@@ -6710,7 +6956,7 @@ function createToolRegistryClient(config = {}) {
6710
6956
  }
6711
6957
 
6712
6958
  // src/version.ts
6713
- var LUCERN_SDK_VERSION = "0.3.0-alpha.10";
6959
+ var LUCERN_SDK_VERSION = "0.3.0-alpha.12";
6714
6960
 
6715
6961
  // src/workflowClient.ts
6716
6962
  function normalizeLensQuery(value) {
@@ -7167,6 +7413,7 @@ function createLucernClient(config = {}) {
7167
7413
  const auditClient = createAuditClient(gatewayConfig);
7168
7414
  const authDeviceClient = createAuthDeviceClient(gatewayConfig);
7169
7415
  const adminClient = createAdminClient(gatewayConfig);
7416
+ const accessControlClient = createAccessControlClient(gatewayConfig);
7170
7417
  const answersClient = createAnswersClient(gatewayConfig);
7171
7418
  const contradictionsFacade = createContradictionsFacade(gatewayConfig);
7172
7419
  const edgesFacade = createEdgesFacade(gatewayConfig);
@@ -8851,6 +9098,7 @@ function createLucernClient(config = {}) {
8851
9098
  nodes: nodesNamespace,
8852
9099
  identity: {
8853
9100
  ...identityFacade,
9101
+ access: accessControlClient,
8854
9102
  evaluatePolicy: identityClient.evaluatePolicy,
8855
9103
  recordPolicyDecision: identityClient.recordPolicyDecision,
8856
9104
  putSecretReference: identityClient.putSecretReference,