@lucern/sdk 0.3.0-alpha.12 → 0.3.0-alpha.13

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (102) hide show
  1. package/README.md +51 -0
  2. package/dist/accessControl.d.ts +1 -0
  3. package/dist/accessControl.js +156 -22
  4. package/dist/accessControl.js.map +1 -1
  5. package/dist/adminClient.js.map +1 -1
  6. package/dist/answersClient.js.map +1 -1
  7. package/dist/audiencesClient.js.map +1 -1
  8. package/dist/auditClient.js.map +1 -1
  9. package/dist/authContext.d.ts +1 -1
  10. package/dist/authContext.js.map +1 -1
  11. package/dist/beliefs/index.d.ts +1 -0
  12. package/dist/beliefs/index.js +206 -40
  13. package/dist/beliefs/index.js.map +1 -1
  14. package/dist/beliefsClient.js.map +1 -1
  15. package/dist/client.d.ts +79 -31
  16. package/dist/client.js +206 -40
  17. package/dist/client.js.map +1 -1
  18. package/dist/contextClient.js.map +1 -1
  19. package/dist/contracts/auth-session.contract.d.ts +1 -1
  20. package/dist/contracts/auth-session.contract.js +13 -1
  21. package/dist/contracts/auth-session.contract.js.map +1 -1
  22. package/dist/contracts/index.js +13 -1
  23. package/dist/contracts/index.js.map +1 -1
  24. package/dist/contradictions/index.d.ts +1 -0
  25. package/dist/contradictions/index.js +206 -40
  26. package/dist/contradictions/index.js.map +1 -1
  27. package/dist/control-plane.d.ts +69 -0
  28. package/dist/control-plane.js +656 -0
  29. package/dist/control-plane.js.map +1 -0
  30. package/dist/coreClient.js.map +1 -1
  31. package/dist/decisions/index.d.ts +1 -0
  32. package/dist/decisions/index.js +206 -40
  33. package/dist/decisions/index.js.map +1 -1
  34. package/dist/decisionsClient.js.map +1 -1
  35. package/dist/edges/index.d.ts +1 -0
  36. package/dist/edges/index.js +206 -40
  37. package/dist/edges/index.js.map +1 -1
  38. package/dist/embeddingsClient.js.map +1 -1
  39. package/dist/eventingClient.js.map +1 -1
  40. package/dist/eventsCore.js.map +1 -1
  41. package/dist/evidence/index.d.ts +1 -0
  42. package/dist/evidence/index.js +206 -40
  43. package/dist/evidence/index.js.map +1 -1
  44. package/dist/evidenceClient.js.map +1 -1
  45. package/dist/functionSurface.d.ts +2 -1
  46. package/dist/functionSurface.js +5 -0
  47. package/dist/functionSurface.js.map +1 -1
  48. package/dist/functionSurfaceClient.js +5 -0
  49. package/dist/functionSurfaceClient.js.map +1 -1
  50. package/dist/gatewayFacades.d.ts +26 -2
  51. package/dist/gatewayFacades.js +135 -7
  52. package/dist/gatewayFacades.js.map +1 -1
  53. package/dist/graphAnalysisClient.js.map +1 -1
  54. package/dist/graphClient.js.map +1 -1
  55. package/dist/graphRecommendationsClient.js.map +1 -1
  56. package/dist/graphStateClassifierClient.js.map +1 -1
  57. package/dist/harnessClient.js.map +1 -1
  58. package/dist/identityClient.d.ts +19 -1
  59. package/dist/identityClient.js +133 -5
  60. package/dist/identityClient.js.map +1 -1
  61. package/dist/index.d.ts +1 -0
  62. package/dist/index.js +232 -49
  63. package/dist/index.js.map +1 -1
  64. package/dist/jobsClient.js.map +1 -1
  65. package/dist/learningClient.js.map +1 -1
  66. package/dist/lenses/index.d.ts +1 -0
  67. package/dist/lenses/index.js +206 -40
  68. package/dist/lenses/index.js.map +1 -1
  69. package/dist/mcpClient.js.map +1 -1
  70. package/dist/modelRuntimeClient.js.map +1 -1
  71. package/dist/nodes/index.d.ts +1 -0
  72. package/dist/nodes/index.js +206 -40
  73. package/dist/nodes/index.js.map +1 -1
  74. package/dist/ontologies/index.d.ts +1 -0
  75. package/dist/ontologies/index.js +206 -40
  76. package/dist/ontologies/index.js.map +1 -1
  77. package/dist/ontologyClient.js.map +1 -1
  78. package/dist/ontologyLinksClient.js.map +1 -1
  79. package/dist/orgGraphSearchClient.js.map +1 -1
  80. package/dist/packsClient.js.map +1 -1
  81. package/dist/policyClient.js.map +1 -1
  82. package/dist/questions/index.d.ts +1 -0
  83. package/dist/questions/index.js +206 -40
  84. package/dist/questions/index.js.map +1 -1
  85. package/dist/reportsClient.js.map +1 -1
  86. package/dist/schemaClient.js.map +1 -1
  87. package/dist/sourcesClient.js.map +1 -1
  88. package/dist/telemetryClient.js.map +1 -1
  89. package/dist/toolRegistryClient.js.map +1 -1
  90. package/dist/topics/index.d.ts +1 -0
  91. package/dist/topics/index.js +206 -40
  92. package/dist/topics/index.js.map +1 -1
  93. package/dist/topicsClient.js.map +1 -1
  94. package/dist/types.d.ts +12 -0
  95. package/dist/version.d.ts +1 -1
  96. package/dist/version.js +1 -1
  97. package/dist/version.js.map +1 -1
  98. package/dist/workflowClient.js.map +1 -1
  99. package/dist/worktrees/index.d.ts +1 -0
  100. package/dist/worktrees/index.js +206 -40
  101. package/dist/worktrees/index.js.map +1 -1
  102. package/package.json +9 -5
@@ -486,28 +486,52 @@ declare function createGraphFacade(config?: GatewayClientConfig): {
486
486
  declare function createIdentityFacade(config?: GatewayClientConfig): {
487
487
  whoami(): Promise<PlatformGatewaySuccess<{
488
488
  principalId: string;
489
- principalType: "human" | "service" | "agent" | "user" | "group" | "external_viewer";
489
+ principalType: "human" | "service" | "agent" | "group" | "external_viewer" | "user";
490
+ clerkId: string | undefined;
490
491
  tenantId: string | null;
491
492
  workspaceId: string | null;
492
493
  scopes: string[];
493
494
  roles: string[];
495
+ groupIds: string[];
496
+ permittedToolNames: string[];
497
+ permittedPackKeys: string[];
498
+ principalStatus: string | undefined;
499
+ tenantStatus: string | undefined;
500
+ workspaceStatus: string | undefined;
494
501
  isPlatformAdmin: boolean;
495
502
  isTenantAdmin: boolean;
496
503
  isWorkspaceAdmin: boolean;
504
+ permit: {
505
+ subject: string;
506
+ tenant: string;
507
+ workspace?: string;
508
+ } | undefined;
497
509
  authMode: string | undefined;
498
510
  sessionId: string | undefined;
499
511
  delegatedBy: string | undefined;
500
512
  expiresAt: number | undefined;
501
513
  }> & {
502
514
  principalId: string;
503
- principalType: "human" | "service" | "agent" | "user" | "group" | "external_viewer";
515
+ principalType: "human" | "service" | "agent" | "group" | "external_viewer" | "user";
516
+ clerkId: string | undefined;
504
517
  tenantId: string | null;
505
518
  workspaceId: string | null;
506
519
  scopes: string[];
507
520
  roles: string[];
521
+ groupIds: string[];
522
+ permittedToolNames: string[];
523
+ permittedPackKeys: string[];
524
+ principalStatus: string | undefined;
525
+ tenantStatus: string | undefined;
526
+ workspaceStatus: string | undefined;
508
527
  isPlatformAdmin: boolean;
509
528
  isTenantAdmin: boolean;
510
529
  isWorkspaceAdmin: boolean;
530
+ permit: {
531
+ subject: string;
532
+ tenant: string;
533
+ workspace?: string;
534
+ } | undefined;
511
535
  authMode: string | undefined;
512
536
  sessionId: string | undefined;
513
537
  delegatedBy: string | undefined;
@@ -29,14 +29,14 @@ function requireString(value, reason, label) {
29
29
  }
30
30
  return normalized;
31
31
  }
32
- function requirePrincipalType(principalType) {
33
- if (!principalType) {
32
+ function requirePrincipalType(principalType2) {
33
+ if (!principalType2) {
34
34
  throw new LucernSdkAuthContextError(
35
35
  "principal_missing",
36
36
  "Canonical Lucern SDK auth context is missing principalType."
37
37
  );
38
38
  }
39
- return principalType;
39
+ return principalType2;
40
40
  }
41
41
  function requireAuthMode(authMode) {
42
42
  if (!authMode) {
@@ -82,7 +82,7 @@ function normalizeCanonicalLucernAuthContext(input) {
82
82
  );
83
83
  const roles = cleanStringList(input.roles);
84
84
  const scopes = cleanStringList(input.scopes);
85
- const principalType = requirePrincipalType(input.principalType);
85
+ const principalType2 = requirePrincipalType(input.principalType);
86
86
  const authMode = requireAuthMode(input.authMode);
87
87
  const roleBasedInteractiveAuth = authMode === "interactive_user" && roles.length > 0;
88
88
  if (roles.length === 0 || scopes.length === 0 && !roleBasedInteractiveAuth) {
@@ -111,7 +111,7 @@ function normalizeCanonicalLucernAuthContext(input) {
111
111
  principalId,
112
112
  tenantId,
113
113
  workspaceId,
114
- principalType,
114
+ principalType: principalType2,
115
115
  authMode,
116
116
  roles,
117
117
  scopes,
@@ -1073,6 +1073,109 @@ function listResultFromEnvelope(data, legacyKey) {
1073
1073
  );
1074
1074
  }
1075
1075
 
1076
+ // src/control-plane.ts
1077
+ var LucernControlPlaneIdentityError = class extends Error {
1078
+ reason;
1079
+ principalStatus;
1080
+ tenantStatus;
1081
+ workspaceStatus;
1082
+ details;
1083
+ constructor(failure) {
1084
+ super(failure.message);
1085
+ this.name = "LucernControlPlaneIdentityError";
1086
+ this.reason = failure.reason;
1087
+ this.principalStatus = failure.principalStatus;
1088
+ this.tenantStatus = failure.tenantStatus;
1089
+ this.workspaceStatus = failure.workspaceStatus;
1090
+ this.details = failure.details;
1091
+ }
1092
+ };
1093
+ function cleanString3(value) {
1094
+ return typeof value === "string" && value.trim().length > 0 ? value.trim() : void 0;
1095
+ }
1096
+ function stringList(value) {
1097
+ if (!Array.isArray(value)) {
1098
+ return [];
1099
+ }
1100
+ return [
1101
+ ...new Set(
1102
+ value.filter((entry) => typeof entry === "string").map((entry) => entry.trim()).filter(Boolean)
1103
+ )
1104
+ ];
1105
+ }
1106
+ function principalType(value) {
1107
+ switch (value) {
1108
+ case "service":
1109
+ case "service_principal":
1110
+ return "service";
1111
+ case "agent":
1112
+ return "agent";
1113
+ case "group":
1114
+ return "group";
1115
+ case "external_viewer":
1116
+ case "external_stakeholder":
1117
+ return "external_viewer";
1118
+ default:
1119
+ return "human";
1120
+ }
1121
+ }
1122
+ function adminFlags(roles) {
1123
+ const normalized = roles.map((role) => role.toLowerCase());
1124
+ const isPlatformAdmin = normalized.includes("platform_admin");
1125
+ const isTenantAdmin = isPlatformAdmin || normalized.includes("tenant_admin");
1126
+ const isWorkspaceAdmin = isTenantAdmin || normalized.includes("workspace_admin") || normalized.includes("workspace_owner");
1127
+ return { isPlatformAdmin, isTenantAdmin, isWorkspaceAdmin };
1128
+ }
1129
+ function normalizeResolvedInteractivePrincipal(payload) {
1130
+ if ("ok" in payload && payload.ok === false) {
1131
+ throw new LucernControlPlaneIdentityError(payload);
1132
+ }
1133
+ const principalId = cleanString3(payload.principalId);
1134
+ const clerkId = cleanString3(payload.clerkId);
1135
+ const tenantId = cleanString3(payload.tenantId);
1136
+ if (!principalId || !clerkId || !tenantId) {
1137
+ throw new LucernControlPlaneIdentityError({
1138
+ ok: false,
1139
+ reason: "resolver_unavailable",
1140
+ message: "Control-plane principal resolver returned an incomplete principal context.",
1141
+ principalStatus: payload.principalStatus ?? "missing",
1142
+ tenantStatus: payload.tenantStatus,
1143
+ workspaceStatus: payload.workspaceStatus
1144
+ });
1145
+ }
1146
+ const roles = stringList(payload.roles);
1147
+ const scopes = stringList(payload.scopes);
1148
+ const workspaceId = cleanString3(payload.workspaceId) ?? null;
1149
+ const flags = adminFlags(roles);
1150
+ return {
1151
+ principalId,
1152
+ principalType: principalType(payload.principalType),
1153
+ clerkId,
1154
+ tenantId,
1155
+ workspaceId,
1156
+ roles,
1157
+ scopes,
1158
+ groupIds: stringList(payload.groupIds),
1159
+ permittedToolNames: stringList(payload.permittedToolNames),
1160
+ permittedPackKeys: stringList(payload.permittedPackKeys),
1161
+ principalStatus: cleanString3(payload.principalStatus) ?? "active",
1162
+ tenantStatus: cleanString3(payload.tenantStatus) ?? "active",
1163
+ workspaceStatus: cleanString3(payload.workspaceStatus) ?? (workspaceId ? "active" : "none"),
1164
+ isPlatformAdmin: typeof payload.isPlatformAdmin === "boolean" ? payload.isPlatformAdmin : flags.isPlatformAdmin,
1165
+ isTenantAdmin: typeof payload.isTenantAdmin === "boolean" ? payload.isTenantAdmin : flags.isTenantAdmin,
1166
+ isWorkspaceAdmin: typeof payload.isWorkspaceAdmin === "boolean" ? payload.isWorkspaceAdmin : flags.isWorkspaceAdmin,
1167
+ permit: {
1168
+ subject: cleanString3(payload.permit?.subject) ?? principalId,
1169
+ tenant: cleanString3(payload.permit?.tenant) ?? tenantId,
1170
+ ...workspaceId ? { workspace: cleanString3(payload.permit?.workspace) ?? workspaceId } : {}
1171
+ },
1172
+ authMode: "interactive_user",
1173
+ sessionId: payload.sessionId,
1174
+ delegatedBy: payload.delegatedBy,
1175
+ expiresAt: payload.expiresAt
1176
+ };
1177
+ }
1178
+
1076
1179
  // src/identityClient.ts
1077
1180
  function createIdentityWhoamiClient(config = {}) {
1078
1181
  const gateway = createGatewayRequestClient(config);
@@ -1140,13 +1243,25 @@ function createIdentityClient(config = {}) {
1140
1243
  (response) => mapGatewayData(response, (data) => ({
1141
1244
  principalId: data.principalId,
1142
1245
  principalType: data.principalType,
1246
+ clerkId: data.clerkId,
1143
1247
  tenantId: data.tenantId ?? null,
1144
1248
  workspaceId: data.workspaceId ?? null,
1145
1249
  scopes: Array.isArray(data.scopes) ? data.scopes : [],
1146
1250
  roles: Array.isArray(data.roles) ? data.roles : [],
1251
+ groupIds: Array.isArray(data.groupIds) ? data.groupIds : [],
1252
+ permittedToolNames: Array.isArray(data.permittedToolNames) ? data.permittedToolNames : [],
1253
+ permittedPackKeys: Array.isArray(data.permittedPackKeys) ? data.permittedPackKeys : [],
1254
+ principalStatus: data.principalStatus,
1255
+ tenantStatus: data.tenantStatus,
1256
+ workspaceStatus: data.workspaceStatus,
1147
1257
  isPlatformAdmin: data.isPlatformAdmin === true,
1148
1258
  isTenantAdmin: data.isTenantAdmin === true,
1149
1259
  isWorkspaceAdmin: data.isWorkspaceAdmin === true,
1260
+ permit: data.permit ?? (data.tenantId ? {
1261
+ subject: data.principalId,
1262
+ tenant: data.tenantId,
1263
+ ...data.workspaceId ? { workspace: data.workspaceId } : {}
1264
+ } : void 0),
1150
1265
  authMode: data.authMode,
1151
1266
  sessionId: data.sessionId,
1152
1267
  delegatedBy: data.delegatedBy,
@@ -1154,6 +1269,19 @@ function createIdentityClient(config = {}) {
1154
1269
  }))
1155
1270
  );
1156
1271
  },
1272
+ /**
1273
+ * Resolve a Clerk subject through the tenant control-plane Permit projection.
1274
+ * @deprecated Prefer lucern.controlPlane.identity.resolveInteractivePrincipal().
1275
+ */
1276
+ async resolveInteractivePrincipal(input) {
1277
+ return gateway.request({
1278
+ path: "/api/platform/v1/control-plane/identity/resolve-interactive-principal",
1279
+ method: "POST",
1280
+ body: input
1281
+ }).then(
1282
+ (response) => mapGatewayData(response, normalizeResolvedInteractivePrincipal)
1283
+ );
1284
+ },
1157
1285
  /**
1158
1286
  * List principals in the current identity scope.
1159
1287
  */
@@ -1342,12 +1470,12 @@ function createIdentityClient(config = {}) {
1342
1470
  }
1343
1471
 
1344
1472
  // src/topicsClient.ts
1345
- function cleanString3(value) {
1473
+ function cleanString4(value) {
1346
1474
  return typeof value === "string" && value.trim().length > 0 ? value.trim() : void 0;
1347
1475
  }
1348
1476
  function normalizeTopicRecord(value) {
1349
1477
  const record = asRecord(value);
1350
- const topicId = cleanString3(record.topicId) ?? cleanString3(record.id) ?? cleanString3(record._id);
1478
+ const topicId = cleanString4(record.topicId) ?? cleanString4(record.id) ?? cleanString4(record._id);
1351
1479
  return withTopicAlias({
1352
1480
  ...record,
1353
1481
  ...topicId ? { topicId } : {}