@lucern/sdk 0.3.0-alpha.11 → 0.3.0-alpha.13
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +51 -0
- package/dist/accessControl.d.ts +1 -0
- package/dist/accessControl.js +156 -22
- package/dist/accessControl.js.map +1 -1
- package/dist/adminClient.js.map +1 -1
- package/dist/answersClient.js.map +1 -1
- package/dist/audiencesClient.js.map +1 -1
- package/dist/auditClient.js.map +1 -1
- package/dist/authContext.d.ts +1 -1
- package/dist/authContext.js.map +1 -1
- package/dist/beliefs/index.d.ts +1 -0
- package/dist/beliefs/index.js +206 -40
- package/dist/beliefs/index.js.map +1 -1
- package/dist/beliefsClient.js.map +1 -1
- package/dist/client.d.ts +79 -31
- package/dist/client.js +206 -40
- package/dist/client.js.map +1 -1
- package/dist/contextClient.js.map +1 -1
- package/dist/contracts/auth-session.contract.d.ts +1 -1
- package/dist/contracts/auth-session.contract.js +13 -1
- package/dist/contracts/auth-session.contract.js.map +1 -1
- package/dist/contracts/index.js +13 -1
- package/dist/contracts/index.js.map +1 -1
- package/dist/contradictions/index.d.ts +1 -0
- package/dist/contradictions/index.js +206 -40
- package/dist/contradictions/index.js.map +1 -1
- package/dist/control-plane.d.ts +69 -0
- package/dist/control-plane.js +656 -0
- package/dist/control-plane.js.map +1 -0
- package/dist/coreClient.js.map +1 -1
- package/dist/decisions/index.d.ts +1 -0
- package/dist/decisions/index.js +206 -40
- package/dist/decisions/index.js.map +1 -1
- package/dist/decisionsClient.js.map +1 -1
- package/dist/edges/index.d.ts +1 -0
- package/dist/edges/index.js +206 -40
- package/dist/edges/index.js.map +1 -1
- package/dist/embeddingsClient.js.map +1 -1
- package/dist/eventingClient.js.map +1 -1
- package/dist/eventsCore.js.map +1 -1
- package/dist/evidence/index.d.ts +1 -0
- package/dist/evidence/index.js +206 -40
- package/dist/evidence/index.js.map +1 -1
- package/dist/evidenceClient.js.map +1 -1
- package/dist/functionSurface.d.ts +2 -1
- package/dist/functionSurface.js +5 -0
- package/dist/functionSurface.js.map +1 -1
- package/dist/functionSurfaceClient.js +5 -0
- package/dist/functionSurfaceClient.js.map +1 -1
- package/dist/gatewayFacades.d.ts +26 -2
- package/dist/gatewayFacades.js +135 -7
- package/dist/gatewayFacades.js.map +1 -1
- package/dist/graphAnalysisClient.js.map +1 -1
- package/dist/graphClient.js.map +1 -1
- package/dist/graphRecommendationsClient.js.map +1 -1
- package/dist/graphStateClassifierClient.js.map +1 -1
- package/dist/harnessClient.js.map +1 -1
- package/dist/identityClient.d.ts +19 -1
- package/dist/identityClient.js +133 -5
- package/dist/identityClient.js.map +1 -1
- package/dist/index.d.ts +1 -0
- package/dist/index.js +232 -49
- package/dist/index.js.map +1 -1
- package/dist/jobsClient.js.map +1 -1
- package/dist/learningClient.js.map +1 -1
- package/dist/lenses/index.d.ts +1 -0
- package/dist/lenses/index.js +206 -40
- package/dist/lenses/index.js.map +1 -1
- package/dist/mcpClient.js.map +1 -1
- package/dist/modelRuntimeClient.js.map +1 -1
- package/dist/nodes/index.d.ts +1 -0
- package/dist/nodes/index.js +206 -40
- package/dist/nodes/index.js.map +1 -1
- package/dist/ontologies/index.d.ts +1 -0
- package/dist/ontologies/index.js +206 -40
- package/dist/ontologies/index.js.map +1 -1
- package/dist/ontologyClient.js.map +1 -1
- package/dist/ontologyLinksClient.js.map +1 -1
- package/dist/orgGraphSearchClient.js.map +1 -1
- package/dist/packsClient.js.map +1 -1
- package/dist/policyClient.js.map +1 -1
- package/dist/questions/index.d.ts +1 -0
- package/dist/questions/index.js +206 -40
- package/dist/questions/index.js.map +1 -1
- package/dist/reportsClient.js.map +1 -1
- package/dist/schemaClient.js.map +1 -1
- package/dist/sourcesClient.js.map +1 -1
- package/dist/telemetryClient.js.map +1 -1
- package/dist/toolRegistryClient.js.map +1 -1
- package/dist/topics/index.d.ts +1 -0
- package/dist/topics/index.js +206 -40
- package/dist/topics/index.js.map +1 -1
- package/dist/topicsClient.js.map +1 -1
- package/dist/types.d.ts +12 -0
- package/dist/version.d.ts +1 -1
- package/dist/version.js +1 -1
- package/dist/version.js.map +1 -1
- package/dist/workflowClient.js.map +1 -1
- package/dist/worktrees/index.d.ts +1 -0
- package/dist/worktrees/index.js +206 -40
- package/dist/worktrees/index.js.map +1 -1
- package/package.json +9 -5
package/dist/gatewayFacades.d.ts
CHANGED
|
@@ -486,28 +486,52 @@ declare function createGraphFacade(config?: GatewayClientConfig): {
|
|
|
486
486
|
declare function createIdentityFacade(config?: GatewayClientConfig): {
|
|
487
487
|
whoami(): Promise<PlatformGatewaySuccess<{
|
|
488
488
|
principalId: string;
|
|
489
|
-
principalType: "human" | "service" | "agent" | "
|
|
489
|
+
principalType: "human" | "service" | "agent" | "group" | "external_viewer" | "user";
|
|
490
|
+
clerkId: string | undefined;
|
|
490
491
|
tenantId: string | null;
|
|
491
492
|
workspaceId: string | null;
|
|
492
493
|
scopes: string[];
|
|
493
494
|
roles: string[];
|
|
495
|
+
groupIds: string[];
|
|
496
|
+
permittedToolNames: string[];
|
|
497
|
+
permittedPackKeys: string[];
|
|
498
|
+
principalStatus: string | undefined;
|
|
499
|
+
tenantStatus: string | undefined;
|
|
500
|
+
workspaceStatus: string | undefined;
|
|
494
501
|
isPlatformAdmin: boolean;
|
|
495
502
|
isTenantAdmin: boolean;
|
|
496
503
|
isWorkspaceAdmin: boolean;
|
|
504
|
+
permit: {
|
|
505
|
+
subject: string;
|
|
506
|
+
tenant: string;
|
|
507
|
+
workspace?: string;
|
|
508
|
+
} | undefined;
|
|
497
509
|
authMode: string | undefined;
|
|
498
510
|
sessionId: string | undefined;
|
|
499
511
|
delegatedBy: string | undefined;
|
|
500
512
|
expiresAt: number | undefined;
|
|
501
513
|
}> & {
|
|
502
514
|
principalId: string;
|
|
503
|
-
principalType: "human" | "service" | "agent" | "
|
|
515
|
+
principalType: "human" | "service" | "agent" | "group" | "external_viewer" | "user";
|
|
516
|
+
clerkId: string | undefined;
|
|
504
517
|
tenantId: string | null;
|
|
505
518
|
workspaceId: string | null;
|
|
506
519
|
scopes: string[];
|
|
507
520
|
roles: string[];
|
|
521
|
+
groupIds: string[];
|
|
522
|
+
permittedToolNames: string[];
|
|
523
|
+
permittedPackKeys: string[];
|
|
524
|
+
principalStatus: string | undefined;
|
|
525
|
+
tenantStatus: string | undefined;
|
|
526
|
+
workspaceStatus: string | undefined;
|
|
508
527
|
isPlatformAdmin: boolean;
|
|
509
528
|
isTenantAdmin: boolean;
|
|
510
529
|
isWorkspaceAdmin: boolean;
|
|
530
|
+
permit: {
|
|
531
|
+
subject: string;
|
|
532
|
+
tenant: string;
|
|
533
|
+
workspace?: string;
|
|
534
|
+
} | undefined;
|
|
511
535
|
authMode: string | undefined;
|
|
512
536
|
sessionId: string | undefined;
|
|
513
537
|
delegatedBy: string | undefined;
|
package/dist/gatewayFacades.js
CHANGED
|
@@ -29,14 +29,14 @@ function requireString(value, reason, label) {
|
|
|
29
29
|
}
|
|
30
30
|
return normalized;
|
|
31
31
|
}
|
|
32
|
-
function requirePrincipalType(
|
|
33
|
-
if (!
|
|
32
|
+
function requirePrincipalType(principalType2) {
|
|
33
|
+
if (!principalType2) {
|
|
34
34
|
throw new LucernSdkAuthContextError(
|
|
35
35
|
"principal_missing",
|
|
36
36
|
"Canonical Lucern SDK auth context is missing principalType."
|
|
37
37
|
);
|
|
38
38
|
}
|
|
39
|
-
return
|
|
39
|
+
return principalType2;
|
|
40
40
|
}
|
|
41
41
|
function requireAuthMode(authMode) {
|
|
42
42
|
if (!authMode) {
|
|
@@ -82,7 +82,7 @@ function normalizeCanonicalLucernAuthContext(input) {
|
|
|
82
82
|
);
|
|
83
83
|
const roles = cleanStringList(input.roles);
|
|
84
84
|
const scopes = cleanStringList(input.scopes);
|
|
85
|
-
const
|
|
85
|
+
const principalType2 = requirePrincipalType(input.principalType);
|
|
86
86
|
const authMode = requireAuthMode(input.authMode);
|
|
87
87
|
const roleBasedInteractiveAuth = authMode === "interactive_user" && roles.length > 0;
|
|
88
88
|
if (roles.length === 0 || scopes.length === 0 && !roleBasedInteractiveAuth) {
|
|
@@ -111,7 +111,7 @@ function normalizeCanonicalLucernAuthContext(input) {
|
|
|
111
111
|
principalId,
|
|
112
112
|
tenantId,
|
|
113
113
|
workspaceId,
|
|
114
|
-
principalType,
|
|
114
|
+
principalType: principalType2,
|
|
115
115
|
authMode,
|
|
116
116
|
roles,
|
|
117
117
|
scopes,
|
|
@@ -1073,6 +1073,109 @@ function listResultFromEnvelope(data, legacyKey) {
|
|
|
1073
1073
|
);
|
|
1074
1074
|
}
|
|
1075
1075
|
|
|
1076
|
+
// src/control-plane.ts
|
|
1077
|
+
var LucernControlPlaneIdentityError = class extends Error {
|
|
1078
|
+
reason;
|
|
1079
|
+
principalStatus;
|
|
1080
|
+
tenantStatus;
|
|
1081
|
+
workspaceStatus;
|
|
1082
|
+
details;
|
|
1083
|
+
constructor(failure) {
|
|
1084
|
+
super(failure.message);
|
|
1085
|
+
this.name = "LucernControlPlaneIdentityError";
|
|
1086
|
+
this.reason = failure.reason;
|
|
1087
|
+
this.principalStatus = failure.principalStatus;
|
|
1088
|
+
this.tenantStatus = failure.tenantStatus;
|
|
1089
|
+
this.workspaceStatus = failure.workspaceStatus;
|
|
1090
|
+
this.details = failure.details;
|
|
1091
|
+
}
|
|
1092
|
+
};
|
|
1093
|
+
function cleanString3(value) {
|
|
1094
|
+
return typeof value === "string" && value.trim().length > 0 ? value.trim() : void 0;
|
|
1095
|
+
}
|
|
1096
|
+
function stringList(value) {
|
|
1097
|
+
if (!Array.isArray(value)) {
|
|
1098
|
+
return [];
|
|
1099
|
+
}
|
|
1100
|
+
return [
|
|
1101
|
+
...new Set(
|
|
1102
|
+
value.filter((entry) => typeof entry === "string").map((entry) => entry.trim()).filter(Boolean)
|
|
1103
|
+
)
|
|
1104
|
+
];
|
|
1105
|
+
}
|
|
1106
|
+
function principalType(value) {
|
|
1107
|
+
switch (value) {
|
|
1108
|
+
case "service":
|
|
1109
|
+
case "service_principal":
|
|
1110
|
+
return "service";
|
|
1111
|
+
case "agent":
|
|
1112
|
+
return "agent";
|
|
1113
|
+
case "group":
|
|
1114
|
+
return "group";
|
|
1115
|
+
case "external_viewer":
|
|
1116
|
+
case "external_stakeholder":
|
|
1117
|
+
return "external_viewer";
|
|
1118
|
+
default:
|
|
1119
|
+
return "human";
|
|
1120
|
+
}
|
|
1121
|
+
}
|
|
1122
|
+
function adminFlags(roles) {
|
|
1123
|
+
const normalized = roles.map((role) => role.toLowerCase());
|
|
1124
|
+
const isPlatformAdmin = normalized.includes("platform_admin");
|
|
1125
|
+
const isTenantAdmin = isPlatformAdmin || normalized.includes("tenant_admin");
|
|
1126
|
+
const isWorkspaceAdmin = isTenantAdmin || normalized.includes("workspace_admin") || normalized.includes("workspace_owner");
|
|
1127
|
+
return { isPlatformAdmin, isTenantAdmin, isWorkspaceAdmin };
|
|
1128
|
+
}
|
|
1129
|
+
function normalizeResolvedInteractivePrincipal(payload) {
|
|
1130
|
+
if ("ok" in payload && payload.ok === false) {
|
|
1131
|
+
throw new LucernControlPlaneIdentityError(payload);
|
|
1132
|
+
}
|
|
1133
|
+
const principalId = cleanString3(payload.principalId);
|
|
1134
|
+
const clerkId = cleanString3(payload.clerkId);
|
|
1135
|
+
const tenantId = cleanString3(payload.tenantId);
|
|
1136
|
+
if (!principalId || !clerkId || !tenantId) {
|
|
1137
|
+
throw new LucernControlPlaneIdentityError({
|
|
1138
|
+
ok: false,
|
|
1139
|
+
reason: "resolver_unavailable",
|
|
1140
|
+
message: "Control-plane principal resolver returned an incomplete principal context.",
|
|
1141
|
+
principalStatus: payload.principalStatus ?? "missing",
|
|
1142
|
+
tenantStatus: payload.tenantStatus,
|
|
1143
|
+
workspaceStatus: payload.workspaceStatus
|
|
1144
|
+
});
|
|
1145
|
+
}
|
|
1146
|
+
const roles = stringList(payload.roles);
|
|
1147
|
+
const scopes = stringList(payload.scopes);
|
|
1148
|
+
const workspaceId = cleanString3(payload.workspaceId) ?? null;
|
|
1149
|
+
const flags = adminFlags(roles);
|
|
1150
|
+
return {
|
|
1151
|
+
principalId,
|
|
1152
|
+
principalType: principalType(payload.principalType),
|
|
1153
|
+
clerkId,
|
|
1154
|
+
tenantId,
|
|
1155
|
+
workspaceId,
|
|
1156
|
+
roles,
|
|
1157
|
+
scopes,
|
|
1158
|
+
groupIds: stringList(payload.groupIds),
|
|
1159
|
+
permittedToolNames: stringList(payload.permittedToolNames),
|
|
1160
|
+
permittedPackKeys: stringList(payload.permittedPackKeys),
|
|
1161
|
+
principalStatus: cleanString3(payload.principalStatus) ?? "active",
|
|
1162
|
+
tenantStatus: cleanString3(payload.tenantStatus) ?? "active",
|
|
1163
|
+
workspaceStatus: cleanString3(payload.workspaceStatus) ?? (workspaceId ? "active" : "none"),
|
|
1164
|
+
isPlatformAdmin: typeof payload.isPlatformAdmin === "boolean" ? payload.isPlatformAdmin : flags.isPlatformAdmin,
|
|
1165
|
+
isTenantAdmin: typeof payload.isTenantAdmin === "boolean" ? payload.isTenantAdmin : flags.isTenantAdmin,
|
|
1166
|
+
isWorkspaceAdmin: typeof payload.isWorkspaceAdmin === "boolean" ? payload.isWorkspaceAdmin : flags.isWorkspaceAdmin,
|
|
1167
|
+
permit: {
|
|
1168
|
+
subject: cleanString3(payload.permit?.subject) ?? principalId,
|
|
1169
|
+
tenant: cleanString3(payload.permit?.tenant) ?? tenantId,
|
|
1170
|
+
...workspaceId ? { workspace: cleanString3(payload.permit?.workspace) ?? workspaceId } : {}
|
|
1171
|
+
},
|
|
1172
|
+
authMode: "interactive_user",
|
|
1173
|
+
sessionId: payload.sessionId,
|
|
1174
|
+
delegatedBy: payload.delegatedBy,
|
|
1175
|
+
expiresAt: payload.expiresAt
|
|
1176
|
+
};
|
|
1177
|
+
}
|
|
1178
|
+
|
|
1076
1179
|
// src/identityClient.ts
|
|
1077
1180
|
function createIdentityWhoamiClient(config = {}) {
|
|
1078
1181
|
const gateway = createGatewayRequestClient(config);
|
|
@@ -1140,13 +1243,25 @@ function createIdentityClient(config = {}) {
|
|
|
1140
1243
|
(response) => mapGatewayData(response, (data) => ({
|
|
1141
1244
|
principalId: data.principalId,
|
|
1142
1245
|
principalType: data.principalType,
|
|
1246
|
+
clerkId: data.clerkId,
|
|
1143
1247
|
tenantId: data.tenantId ?? null,
|
|
1144
1248
|
workspaceId: data.workspaceId ?? null,
|
|
1145
1249
|
scopes: Array.isArray(data.scopes) ? data.scopes : [],
|
|
1146
1250
|
roles: Array.isArray(data.roles) ? data.roles : [],
|
|
1251
|
+
groupIds: Array.isArray(data.groupIds) ? data.groupIds : [],
|
|
1252
|
+
permittedToolNames: Array.isArray(data.permittedToolNames) ? data.permittedToolNames : [],
|
|
1253
|
+
permittedPackKeys: Array.isArray(data.permittedPackKeys) ? data.permittedPackKeys : [],
|
|
1254
|
+
principalStatus: data.principalStatus,
|
|
1255
|
+
tenantStatus: data.tenantStatus,
|
|
1256
|
+
workspaceStatus: data.workspaceStatus,
|
|
1147
1257
|
isPlatformAdmin: data.isPlatformAdmin === true,
|
|
1148
1258
|
isTenantAdmin: data.isTenantAdmin === true,
|
|
1149
1259
|
isWorkspaceAdmin: data.isWorkspaceAdmin === true,
|
|
1260
|
+
permit: data.permit ?? (data.tenantId ? {
|
|
1261
|
+
subject: data.principalId,
|
|
1262
|
+
tenant: data.tenantId,
|
|
1263
|
+
...data.workspaceId ? { workspace: data.workspaceId } : {}
|
|
1264
|
+
} : void 0),
|
|
1150
1265
|
authMode: data.authMode,
|
|
1151
1266
|
sessionId: data.sessionId,
|
|
1152
1267
|
delegatedBy: data.delegatedBy,
|
|
@@ -1154,6 +1269,19 @@ function createIdentityClient(config = {}) {
|
|
|
1154
1269
|
}))
|
|
1155
1270
|
);
|
|
1156
1271
|
},
|
|
1272
|
+
/**
|
|
1273
|
+
* Resolve a Clerk subject through the tenant control-plane Permit projection.
|
|
1274
|
+
* @deprecated Prefer lucern.controlPlane.identity.resolveInteractivePrincipal().
|
|
1275
|
+
*/
|
|
1276
|
+
async resolveInteractivePrincipal(input) {
|
|
1277
|
+
return gateway.request({
|
|
1278
|
+
path: "/api/platform/v1/control-plane/identity/resolve-interactive-principal",
|
|
1279
|
+
method: "POST",
|
|
1280
|
+
body: input
|
|
1281
|
+
}).then(
|
|
1282
|
+
(response) => mapGatewayData(response, normalizeResolvedInteractivePrincipal)
|
|
1283
|
+
);
|
|
1284
|
+
},
|
|
1157
1285
|
/**
|
|
1158
1286
|
* List principals in the current identity scope.
|
|
1159
1287
|
*/
|
|
@@ -1342,12 +1470,12 @@ function createIdentityClient(config = {}) {
|
|
|
1342
1470
|
}
|
|
1343
1471
|
|
|
1344
1472
|
// src/topicsClient.ts
|
|
1345
|
-
function
|
|
1473
|
+
function cleanString4(value) {
|
|
1346
1474
|
return typeof value === "string" && value.trim().length > 0 ? value.trim() : void 0;
|
|
1347
1475
|
}
|
|
1348
1476
|
function normalizeTopicRecord(value) {
|
|
1349
1477
|
const record = asRecord(value);
|
|
1350
|
-
const topicId =
|
|
1478
|
+
const topicId = cleanString4(record.topicId) ?? cleanString4(record.id) ?? cleanString4(record._id);
|
|
1351
1479
|
return withTopicAlias({
|
|
1352
1480
|
...record,
|
|
1353
1481
|
...topicId ? { topicId } : {}
|