@lucern/sdk 0.3.0-alpha.12 → 0.3.0-alpha.14

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (102) hide show
  1. package/README.md +51 -0
  2. package/dist/accessControl.d.ts +1 -0
  3. package/dist/accessControl.js +156 -22
  4. package/dist/accessControl.js.map +1 -1
  5. package/dist/adminClient.js.map +1 -1
  6. package/dist/answersClient.js.map +1 -1
  7. package/dist/audiencesClient.js.map +1 -1
  8. package/dist/auditClient.js.map +1 -1
  9. package/dist/authContext.d.ts +1 -1
  10. package/dist/authContext.js.map +1 -1
  11. package/dist/beliefs/index.d.ts +1 -0
  12. package/dist/beliefs/index.js +206 -40
  13. package/dist/beliefs/index.js.map +1 -1
  14. package/dist/beliefsClient.js.map +1 -1
  15. package/dist/client.d.ts +79 -31
  16. package/dist/client.js +206 -40
  17. package/dist/client.js.map +1 -1
  18. package/dist/contextClient.js.map +1 -1
  19. package/dist/contracts/auth-session.contract.d.ts +1 -1
  20. package/dist/contracts/auth-session.contract.js +13 -1
  21. package/dist/contracts/auth-session.contract.js.map +1 -1
  22. package/dist/contracts/index.js +13 -1
  23. package/dist/contracts/index.js.map +1 -1
  24. package/dist/contradictions/index.d.ts +1 -0
  25. package/dist/contradictions/index.js +206 -40
  26. package/dist/contradictions/index.js.map +1 -1
  27. package/dist/control-plane.d.ts +69 -0
  28. package/dist/control-plane.js +656 -0
  29. package/dist/control-plane.js.map +1 -0
  30. package/dist/coreClient.js.map +1 -1
  31. package/dist/decisions/index.d.ts +1 -0
  32. package/dist/decisions/index.js +206 -40
  33. package/dist/decisions/index.js.map +1 -1
  34. package/dist/decisionsClient.js.map +1 -1
  35. package/dist/edges/index.d.ts +1 -0
  36. package/dist/edges/index.js +206 -40
  37. package/dist/edges/index.js.map +1 -1
  38. package/dist/embeddingsClient.js.map +1 -1
  39. package/dist/eventingClient.js.map +1 -1
  40. package/dist/eventsCore.js.map +1 -1
  41. package/dist/evidence/index.d.ts +1 -0
  42. package/dist/evidence/index.js +206 -40
  43. package/dist/evidence/index.js.map +1 -1
  44. package/dist/evidenceClient.js.map +1 -1
  45. package/dist/functionSurface.d.ts +2 -1
  46. package/dist/functionSurface.js +5 -0
  47. package/dist/functionSurface.js.map +1 -1
  48. package/dist/functionSurfaceClient.js +5 -0
  49. package/dist/functionSurfaceClient.js.map +1 -1
  50. package/dist/gatewayFacades.d.ts +26 -2
  51. package/dist/gatewayFacades.js +135 -7
  52. package/dist/gatewayFacades.js.map +1 -1
  53. package/dist/graphAnalysisClient.js.map +1 -1
  54. package/dist/graphClient.js.map +1 -1
  55. package/dist/graphRecommendationsClient.js.map +1 -1
  56. package/dist/graphStateClassifierClient.js.map +1 -1
  57. package/dist/harnessClient.js.map +1 -1
  58. package/dist/identityClient.d.ts +19 -1
  59. package/dist/identityClient.js +133 -5
  60. package/dist/identityClient.js.map +1 -1
  61. package/dist/index.d.ts +1 -0
  62. package/dist/index.js +232 -49
  63. package/dist/index.js.map +1 -1
  64. package/dist/jobsClient.js.map +1 -1
  65. package/dist/learningClient.js.map +1 -1
  66. package/dist/lenses/index.d.ts +1 -0
  67. package/dist/lenses/index.js +206 -40
  68. package/dist/lenses/index.js.map +1 -1
  69. package/dist/mcpClient.js.map +1 -1
  70. package/dist/modelRuntimeClient.js.map +1 -1
  71. package/dist/nodes/index.d.ts +1 -0
  72. package/dist/nodes/index.js +206 -40
  73. package/dist/nodes/index.js.map +1 -1
  74. package/dist/ontologies/index.d.ts +1 -0
  75. package/dist/ontologies/index.js +206 -40
  76. package/dist/ontologies/index.js.map +1 -1
  77. package/dist/ontologyClient.js.map +1 -1
  78. package/dist/ontologyLinksClient.js.map +1 -1
  79. package/dist/orgGraphSearchClient.js.map +1 -1
  80. package/dist/packsClient.js.map +1 -1
  81. package/dist/policyClient.js.map +1 -1
  82. package/dist/questions/index.d.ts +1 -0
  83. package/dist/questions/index.js +206 -40
  84. package/dist/questions/index.js.map +1 -1
  85. package/dist/reportsClient.js.map +1 -1
  86. package/dist/schemaClient.js.map +1 -1
  87. package/dist/sourcesClient.js.map +1 -1
  88. package/dist/telemetryClient.js.map +1 -1
  89. package/dist/toolRegistryClient.js.map +1 -1
  90. package/dist/topics/index.d.ts +1 -0
  91. package/dist/topics/index.js +206 -40
  92. package/dist/topics/index.js.map +1 -1
  93. package/dist/topicsClient.js.map +1 -1
  94. package/dist/types.d.ts +12 -0
  95. package/dist/version.d.ts +1 -1
  96. package/dist/version.js +1 -1
  97. package/dist/version.js.map +1 -1
  98. package/dist/workflowClient.js.map +1 -1
  99. package/dist/worktrees/index.d.ts +1 -0
  100. package/dist/worktrees/index.js +206 -40
  101. package/dist/worktrees/index.js.map +1 -1
  102. package/package.json +9 -5
@@ -36,14 +36,14 @@ function requireString(value, reason, label) {
36
36
  }
37
37
  return normalized;
38
38
  }
39
- function requirePrincipalType(principalType) {
40
- if (!principalType) {
39
+ function requirePrincipalType(principalType2) {
40
+ if (!principalType2) {
41
41
  throw new LucernSdkAuthContextError(
42
42
  "principal_missing",
43
43
  "Canonical Lucern SDK auth context is missing principalType."
44
44
  );
45
45
  }
46
- return principalType;
46
+ return principalType2;
47
47
  }
48
48
  function requireAuthMode(authMode) {
49
49
  if (!authMode) {
@@ -89,7 +89,7 @@ function normalizeCanonicalLucernAuthContext(input) {
89
89
  );
90
90
  const roles = cleanStringList(input.roles);
91
91
  const scopes = cleanStringList(input.scopes);
92
- const principalType = requirePrincipalType(input.principalType);
92
+ const principalType2 = requirePrincipalType(input.principalType);
93
93
  const authMode = requireAuthMode(input.authMode);
94
94
  const roleBasedInteractiveAuth = authMode === "interactive_user" && roles.length > 0;
95
95
  if (roles.length === 0 || scopes.length === 0 && !roleBasedInteractiveAuth) {
@@ -118,7 +118,7 @@ function normalizeCanonicalLucernAuthContext(input) {
118
118
  principalId,
119
119
  tenantId,
120
120
  workspaceId,
121
- principalType,
121
+ principalType: principalType2,
122
122
  authMode,
123
123
  roles,
124
124
  scopes,
@@ -1107,6 +1107,128 @@ function listResultFromEnvelope(data, legacyKey) {
1107
1107
  );
1108
1108
  }
1109
1109
 
1110
+ // src/control-plane.ts
1111
+ var LucernControlPlaneIdentityError = class extends Error {
1112
+ reason;
1113
+ principalStatus;
1114
+ tenantStatus;
1115
+ workspaceStatus;
1116
+ details;
1117
+ constructor(failure) {
1118
+ super(failure.message);
1119
+ this.name = "LucernControlPlaneIdentityError";
1120
+ this.reason = failure.reason;
1121
+ this.principalStatus = failure.principalStatus;
1122
+ this.tenantStatus = failure.tenantStatus;
1123
+ this.workspaceStatus = failure.workspaceStatus;
1124
+ this.details = failure.details;
1125
+ }
1126
+ };
1127
+ function cleanString3(value) {
1128
+ return typeof value === "string" && value.trim().length > 0 ? value.trim() : void 0;
1129
+ }
1130
+ function stringList(value) {
1131
+ if (!Array.isArray(value)) {
1132
+ return [];
1133
+ }
1134
+ return [
1135
+ ...new Set(
1136
+ value.filter((entry) => typeof entry === "string").map((entry) => entry.trim()).filter(Boolean)
1137
+ )
1138
+ ];
1139
+ }
1140
+ function principalType(value) {
1141
+ switch (value) {
1142
+ case "service":
1143
+ case "service_principal":
1144
+ return "service";
1145
+ case "agent":
1146
+ return "agent";
1147
+ case "group":
1148
+ return "group";
1149
+ case "external_viewer":
1150
+ case "external_stakeholder":
1151
+ return "external_viewer";
1152
+ default:
1153
+ return "human";
1154
+ }
1155
+ }
1156
+ function adminFlags(roles) {
1157
+ const normalized = roles.map((role) => role.toLowerCase());
1158
+ const isPlatformAdmin = normalized.includes("platform_admin");
1159
+ const isTenantAdmin = isPlatformAdmin || normalized.includes("tenant_admin");
1160
+ const isWorkspaceAdmin = isTenantAdmin || normalized.includes("workspace_admin") || normalized.includes("workspace_owner");
1161
+ return { isPlatformAdmin, isTenantAdmin, isWorkspaceAdmin };
1162
+ }
1163
+ function normalizeResolvedInteractivePrincipal(payload) {
1164
+ if ("ok" in payload && payload.ok === false) {
1165
+ throw new LucernControlPlaneIdentityError(payload);
1166
+ }
1167
+ const principalId = cleanString3(payload.principalId);
1168
+ const clerkId = cleanString3(payload.clerkId);
1169
+ const tenantId = cleanString3(payload.tenantId);
1170
+ if (!principalId || !clerkId || !tenantId) {
1171
+ throw new LucernControlPlaneIdentityError({
1172
+ ok: false,
1173
+ reason: "resolver_unavailable",
1174
+ message: "Control-plane principal resolver returned an incomplete principal context.",
1175
+ principalStatus: payload.principalStatus ?? "missing",
1176
+ tenantStatus: payload.tenantStatus,
1177
+ workspaceStatus: payload.workspaceStatus
1178
+ });
1179
+ }
1180
+ const roles = stringList(payload.roles);
1181
+ const scopes = stringList(payload.scopes);
1182
+ const workspaceId = cleanString3(payload.workspaceId) ?? null;
1183
+ const flags = adminFlags(roles);
1184
+ return {
1185
+ principalId,
1186
+ principalType: principalType(payload.principalType),
1187
+ clerkId,
1188
+ tenantId,
1189
+ workspaceId,
1190
+ roles,
1191
+ scopes,
1192
+ groupIds: stringList(payload.groupIds),
1193
+ permittedToolNames: stringList(payload.permittedToolNames),
1194
+ permittedPackKeys: stringList(payload.permittedPackKeys),
1195
+ principalStatus: cleanString3(payload.principalStatus) ?? "active",
1196
+ tenantStatus: cleanString3(payload.tenantStatus) ?? "active",
1197
+ workspaceStatus: cleanString3(payload.workspaceStatus) ?? (workspaceId ? "active" : "none"),
1198
+ isPlatformAdmin: typeof payload.isPlatformAdmin === "boolean" ? payload.isPlatformAdmin : flags.isPlatformAdmin,
1199
+ isTenantAdmin: typeof payload.isTenantAdmin === "boolean" ? payload.isTenantAdmin : flags.isTenantAdmin,
1200
+ isWorkspaceAdmin: typeof payload.isWorkspaceAdmin === "boolean" ? payload.isWorkspaceAdmin : flags.isWorkspaceAdmin,
1201
+ permit: {
1202
+ subject: cleanString3(payload.permit?.subject) ?? principalId,
1203
+ tenant: cleanString3(payload.permit?.tenant) ?? tenantId,
1204
+ ...workspaceId ? { workspace: cleanString3(payload.permit?.workspace) ?? workspaceId } : {}
1205
+ },
1206
+ authMode: "interactive_user",
1207
+ sessionId: payload.sessionId,
1208
+ delegatedBy: payload.delegatedBy,
1209
+ expiresAt: payload.expiresAt
1210
+ };
1211
+ }
1212
+ function createControlPlaneIdentityClient(config = {}) {
1213
+ const gateway = createGatewayRequestClient(config);
1214
+ return {
1215
+ async resolveInteractivePrincipal(input) {
1216
+ return gateway.request({
1217
+ path: "/api/platform/v1/control-plane/identity/resolve-interactive-principal",
1218
+ method: "POST",
1219
+ body: input
1220
+ }).then(
1221
+ (response) => mapGatewayData(response, normalizeResolvedInteractivePrincipal)
1222
+ );
1223
+ }
1224
+ };
1225
+ }
1226
+ function createControlPlaneClient(config = {}) {
1227
+ return {
1228
+ identity: createControlPlaneIdentityClient(config)
1229
+ };
1230
+ }
1231
+
1110
1232
  // src/identityClient.ts
1111
1233
  function createIdentityWhoamiClient(config = {}) {
1112
1234
  const gateway = createGatewayRequestClient(config);
@@ -1174,13 +1296,25 @@ function createIdentityClient(config = {}) {
1174
1296
  (response) => mapGatewayData(response, (data) => ({
1175
1297
  principalId: data.principalId,
1176
1298
  principalType: data.principalType,
1299
+ clerkId: data.clerkId,
1177
1300
  tenantId: data.tenantId ?? null,
1178
1301
  workspaceId: data.workspaceId ?? null,
1179
1302
  scopes: Array.isArray(data.scopes) ? data.scopes : [],
1180
1303
  roles: Array.isArray(data.roles) ? data.roles : [],
1304
+ groupIds: Array.isArray(data.groupIds) ? data.groupIds : [],
1305
+ permittedToolNames: Array.isArray(data.permittedToolNames) ? data.permittedToolNames : [],
1306
+ permittedPackKeys: Array.isArray(data.permittedPackKeys) ? data.permittedPackKeys : [],
1307
+ principalStatus: data.principalStatus,
1308
+ tenantStatus: data.tenantStatus,
1309
+ workspaceStatus: data.workspaceStatus,
1181
1310
  isPlatformAdmin: data.isPlatformAdmin === true,
1182
1311
  isTenantAdmin: data.isTenantAdmin === true,
1183
1312
  isWorkspaceAdmin: data.isWorkspaceAdmin === true,
1313
+ permit: data.permit ?? (data.tenantId ? {
1314
+ subject: data.principalId,
1315
+ tenant: data.tenantId,
1316
+ ...data.workspaceId ? { workspace: data.workspaceId } : {}
1317
+ } : void 0),
1184
1318
  authMode: data.authMode,
1185
1319
  sessionId: data.sessionId,
1186
1320
  delegatedBy: data.delegatedBy,
@@ -1188,6 +1322,19 @@ function createIdentityClient(config = {}) {
1188
1322
  }))
1189
1323
  );
1190
1324
  },
1325
+ /**
1326
+ * Resolve a Clerk subject through the tenant control-plane Permit projection.
1327
+ * @deprecated Prefer lucern.controlPlane.identity.resolveInteractivePrincipal().
1328
+ */
1329
+ async resolveInteractivePrincipal(input) {
1330
+ return gateway.request({
1331
+ path: "/api/platform/v1/control-plane/identity/resolve-interactive-principal",
1332
+ method: "POST",
1333
+ body: input
1334
+ }).then(
1335
+ (response) => mapGatewayData(response, normalizeResolvedInteractivePrincipal)
1336
+ );
1337
+ },
1191
1338
  /**
1192
1339
  * List principals in the current identity scope.
1193
1340
  */
@@ -1384,7 +1531,7 @@ var LucernAccessControlError = class extends LucernSdkAuthContextError {
1384
1531
  this.policyDecision = policyDecision;
1385
1532
  }
1386
1533
  };
1387
- function cleanString3(value) {
1534
+ function cleanString4(value) {
1388
1535
  const normalized = value?.trim();
1389
1536
  return normalized ? normalized : void 0;
1390
1537
  }
@@ -1399,7 +1546,7 @@ function cleanStringList2(values) {
1399
1546
  ];
1400
1547
  }
1401
1548
  function requireString2(value, reason, label) {
1402
- const normalized = cleanString3(value);
1549
+ const normalized = cleanString4(value);
1403
1550
  if (!normalized) {
1404
1551
  throw new LucernAccessControlError(
1405
1552
  reason,
@@ -1408,13 +1555,19 @@ function requireString2(value, reason, label) {
1408
1555
  }
1409
1556
  return normalized;
1410
1557
  }
1411
- function normalizePrincipalType(principalType) {
1412
- if (principalType === "agent") {
1558
+ function normalizePrincipalType(principalType2) {
1559
+ if (principalType2 === "agent") {
1413
1560
  return "agent";
1414
1561
  }
1415
- if (principalType === "service") {
1562
+ if (principalType2 === "service") {
1416
1563
  return "service";
1417
1564
  }
1565
+ if (principalType2 === "group") {
1566
+ return "group";
1567
+ }
1568
+ if (principalType2 === "external_viewer") {
1569
+ return "external_viewer";
1570
+ }
1418
1571
  return "human";
1419
1572
  }
1420
1573
  function aliasKey(alias) {
@@ -1423,15 +1576,15 @@ function aliasKey(alias) {
1423
1576
  function normalizeAliases(input, canonicalClerkUserId) {
1424
1577
  const aliases = /* @__PURE__ */ new Map();
1425
1578
  for (const alias of input ?? []) {
1426
- const externalSubjectId = cleanString3(alias.externalSubjectId);
1579
+ const externalSubjectId = cleanString4(alias.externalSubjectId);
1427
1580
  if (!externalSubjectId) {
1428
1581
  continue;
1429
1582
  }
1430
1583
  const normalized = {
1431
- provider: cleanString3(alias.provider) ?? "clerk",
1432
- providerProjectId: cleanString3(alias.providerProjectId),
1584
+ provider: cleanString4(alias.provider) ?? "clerk",
1585
+ providerProjectId: cleanString4(alias.providerProjectId),
1433
1586
  externalSubjectId,
1434
- status: cleanString3(alias.status)
1587
+ status: cleanString4(alias.status)
1435
1588
  };
1436
1589
  aliases.set(aliasKey(normalized), normalized);
1437
1590
  }
@@ -1476,10 +1629,10 @@ function normalizeCanonicalPrincipalIdentity(input, options = {}) {
1476
1629
  "principal_missing",
1477
1630
  "principalId"
1478
1631
  );
1479
- const principalType = normalizePrincipalType(principalInput.principalType);
1480
- const observedClerkId = cleanString3(options.observedClerkId);
1481
- const canonicalClerkUserId = cleanString3(principalInput.canonicalClerkUserId) ?? cleanString3(principalInput.clerkId);
1482
- if (principalType === "human" && !canonicalClerkUserId) {
1632
+ const principalType2 = normalizePrincipalType(principalInput.principalType);
1633
+ const observedClerkId = cleanString4(options.observedClerkId);
1634
+ const canonicalClerkUserId = cleanString4(principalInput.canonicalClerkUserId) ?? cleanString4(principalInput.clerkId);
1635
+ if (principalType2 === "human" && !canonicalClerkUserId) {
1483
1636
  throw new LucernAccessControlError(
1484
1637
  "clerk_alias_missing",
1485
1638
  "Human principals require one canonical Clerk user id."
@@ -1501,11 +1654,11 @@ function normalizeCanonicalPrincipalIdentity(input, options = {}) {
1501
1654
  }
1502
1655
  return {
1503
1656
  principalId,
1504
- principalType,
1657
+ principalType: principalType2,
1505
1658
  canonicalClerkUserId,
1506
1659
  clerkIdentityAliases: aliases,
1507
- tenantId: cleanString3(principalInput.tenantId),
1508
- workspaceId: cleanString3(principalInput.workspaceId),
1660
+ tenantId: cleanString4(principalInput.tenantId),
1661
+ workspaceId: cleanString4(principalInput.workspaceId),
1509
1662
  roles: cleanStringList2(principalInput.roles),
1510
1663
  scopes: cleanStringList2(principalInput.scopes)
1511
1664
  };
@@ -1530,7 +1683,7 @@ function buildPolicyInput(identity, input) {
1530
1683
  "tenant_missing",
1531
1684
  "tenantId"
1532
1685
  );
1533
- const workspaceId = cleanString3(input.workspaceId ?? identity.workspaceId);
1686
+ const workspaceId = cleanString4(input.workspaceId ?? identity.workspaceId);
1534
1687
  if (resourceRequiresWorkspace(input.resource) && !workspaceId) {
1535
1688
  throw new LucernAccessControlError(
1536
1689
  "workspace_missing",
@@ -2930,12 +3083,12 @@ function createGraphClient(config = {}) {
2930
3083
  }
2931
3084
 
2932
3085
  // src/topicsClient.ts
2933
- function cleanString4(value) {
3086
+ function cleanString5(value) {
2934
3087
  return typeof value === "string" && value.trim().length > 0 ? value.trim() : void 0;
2935
3088
  }
2936
3089
  function normalizeTopicRecord(value) {
2937
3090
  const record = asRecord(value);
2938
- const topicId = cleanString4(record.topicId) ?? cleanString4(record.id) ?? cleanString4(record._id);
3091
+ const topicId = cleanString5(record.topicId) ?? cleanString5(record.id) ?? cleanString5(record._id);
2939
3092
  return withTopicAlias({
2940
3093
  ...record,
2941
3094
  ...topicId ? { topicId } : {}
@@ -4148,7 +4301,7 @@ function createEmbeddingsClient(config = {}) {
4148
4301
  }
4149
4302
 
4150
4303
  // src/contextClient.ts
4151
- function cleanString5(value) {
4304
+ function cleanString6(value) {
4152
4305
  return typeof value === "string" && value.trim().length > 0 ? value.trim() : void 0;
4153
4306
  }
4154
4307
  function cleanNumber(value) {
@@ -4160,11 +4313,11 @@ function cleanBoolean(value) {
4160
4313
  function buildCompileContextRequest(topicIdOrInput = {}, input = {}) {
4161
4314
  const effectiveInput = typeof topicIdOrInput === "string" ? input : topicIdOrInput;
4162
4315
  const payload = {};
4163
- const topicId = typeof topicIdOrInput === "string" ? cleanString5(topicIdOrInput) : cleanString5(effectiveInput.topicId);
4316
+ const topicId = typeof topicIdOrInput === "string" ? cleanString6(topicIdOrInput) : cleanString6(effectiveInput.topicId);
4164
4317
  if (topicId) {
4165
4318
  payload.topicId = topicId;
4166
4319
  }
4167
- const query5 = cleanString5(effectiveInput.query);
4320
+ const query5 = cleanString6(effectiveInput.query);
4168
4321
  if (query5) {
4169
4322
  payload.query = query5;
4170
4323
  }
@@ -4172,7 +4325,7 @@ function buildCompileContextRequest(topicIdOrInput = {}, input = {}) {
4172
4325
  if (budget !== void 0) {
4173
4326
  payload.budget = budget;
4174
4327
  }
4175
- const ranking = cleanString5(effectiveInput.ranking) ?? cleanString5(effectiveInput.rankingProfile);
4328
+ const ranking = cleanString6(effectiveInput.ranking) ?? cleanString6(effectiveInput.rankingProfile);
4176
4329
  if (ranking) {
4177
4330
  payload.ranking = ranking;
4178
4331
  }
@@ -4188,7 +4341,7 @@ function buildCompileContextRequest(topicIdOrInput = {}, input = {}) {
4188
4341
  if (includeEntities !== void 0) {
4189
4342
  payload.includeEntities = includeEntities;
4190
4343
  }
4191
- const mode = cleanString5(effectiveInput.mode);
4344
+ const mode = cleanString6(effectiveInput.mode);
4192
4345
  if (mode) {
4193
4346
  payload.mode = mode;
4194
4347
  }
@@ -4196,11 +4349,11 @@ function buildCompileContextRequest(topicIdOrInput = {}, input = {}) {
4196
4349
  if (includeFailures !== void 0) {
4197
4350
  payload.includeFailures = includeFailures;
4198
4351
  }
4199
- const worktreeId = cleanString5(effectiveInput.worktreeId);
4352
+ const worktreeId = cleanString6(effectiveInput.worktreeId);
4200
4353
  if (worktreeId) {
4201
4354
  payload.worktreeId = worktreeId;
4202
4355
  }
4203
- const sessionId = cleanString5(effectiveInput.sessionId);
4356
+ const sessionId = cleanString6(effectiveInput.sessionId);
4204
4357
  if (sessionId) {
4205
4358
  payload.sessionId = sessionId;
4206
4359
  }
@@ -5277,6 +5430,7 @@ var CONTRACTS = {
5277
5430
  "remove_edges_between": { method: "DELETE", path: "/edges/between", kind: "mutation", idempotent: true, surfaceIntent: "mcp_analysis" },
5278
5431
  "remove_lens_from_topic": { method: "DELETE", path: "/lenses/apply", kind: "mutation", idempotent: true, surfaceIntent: "mcp_workflow" },
5279
5432
  "resolve_effective_ontology": { method: "POST", path: "/ontologies/effective", kind: "query", idempotent: false, surfaceIntent: "mcp_workflow" },
5433
+ "resolve_interactive_principal": { method: "POST", path: "/control-plane/identity/resolve-interactive-principal", kind: "query", idempotent: false, surfaceIntent: "mcp_core" },
5280
5434
  "run_graph_intelligence_query": { method: "POST", path: "/graph-intelligence/run", kind: "query", idempotent: false, surfaceIntent: "mcp_analysis" },
5281
5435
  "search_beliefs": { method: "POST", path: "/beliefs/search", kind: "query", idempotent: false, surfaceIntent: "mcp_core" },
5282
5436
  "search_evidence": { method: "POST", path: "/evidence/search", kind: "query", idempotent: false, surfaceIntent: "mcp_core" },
@@ -5659,6 +5813,9 @@ function createFunctionSurfaceClient(config = {}) {
5659
5813
  resolveEffectiveOntology(input = {}, idempotencyKey) {
5660
5814
  return execute("resolve_effective_ontology", input, idempotencyKey);
5661
5815
  },
5816
+ resolveInteractivePrincipal(input = {}, idempotencyKey) {
5817
+ return execute("resolve_interactive_principal", input, idempotencyKey);
5818
+ },
5662
5819
  runGraphIntelligenceQuery(input = {}, idempotencyKey) {
5663
5820
  return execute("run_graph_intelligence_query", input, idempotencyKey);
5664
5821
  },
@@ -5919,7 +6076,7 @@ var ORG_GRAPH_SEARCH_FIELDS = [
5919
6076
  "cursor",
5920
6077
  "provenanceScope"
5921
6078
  ];
5922
- function cleanString6(value, label) {
6079
+ function cleanString7(value, label) {
5923
6080
  const normalized = value?.trim();
5924
6081
  if (!normalized) {
5925
6082
  throw new Error(`${label} is required`);
@@ -5941,9 +6098,9 @@ function searchBody(input) {
5941
6098
  "orgGraphSearch.search"
5942
6099
  );
5943
6100
  return {
5944
- tenantId: cleanString6(input.tenantId, "tenantId"),
5945
- workspaceId: cleanString6(input.workspaceId, "workspaceId"),
5946
- query: cleanString6(input.query, "query"),
6101
+ tenantId: cleanString7(input.tenantId, "tenantId"),
6102
+ workspaceId: cleanString7(input.workspaceId, "workspaceId"),
6103
+ query: cleanString7(input.query, "query"),
5947
6104
  nodeTypes: input.nodeTypes,
5948
6105
  minConfidence: input.minConfidence,
5949
6106
  limit: input.limit,
@@ -5953,8 +6110,8 @@ function searchBody(input) {
5953
6110
  }
5954
6111
  function listQuery2(input) {
5955
6112
  return {
5956
- tenantId: cleanString6(input.tenantId, "tenantId"),
5957
- workspaceId: cleanString6(input.workspaceId, "workspaceId"),
6113
+ tenantId: cleanString7(input.tenantId, "tenantId"),
6114
+ workspaceId: cleanString7(input.workspaceId, "workspaceId"),
5958
6115
  nodeTypes: input.nodeTypes?.join(","),
5959
6116
  minConfidence: input.minConfidence,
5960
6117
  limit: input.limit,
@@ -5988,8 +6145,8 @@ function createOrgGraphSearchClient(config = {}) {
5988
6145
  return gateway.request({
5989
6146
  path: `/api/platform/v1/org-graph-search/nodes/${nodePath}${toQueryString(
5990
6147
  {
5991
- tenantId: cleanString6(input.tenantId, "tenantId"),
5992
- workspaceId: cleanString6(input.workspaceId, "workspaceId"),
6148
+ tenantId: cleanString7(input.tenantId, "tenantId"),
6149
+ workspaceId: cleanString7(input.workspaceId, "workspaceId"),
5993
6150
  globalId: nodeId ? void 0 : globalId
5994
6151
  }
5995
6152
  )}`
@@ -6954,7 +7111,7 @@ function createToolRegistryClient(config = {}) {
6954
7111
  }
6955
7112
 
6956
7113
  // src/version.ts
6957
- var LUCERN_SDK_VERSION = "0.3.0-alpha.12";
7114
+ var LUCERN_SDK_VERSION = "0.3.0-alpha.14";
6958
7115
 
6959
7116
  // src/workflowClient.ts
6960
7117
  function normalizeLensQuery(value) {
@@ -7431,6 +7588,7 @@ function createLucernClient(config = {}) {
7431
7588
  const ontologyLinksClient = createOntologyLinksClient(gatewayConfig);
7432
7589
  const orgGraphSearchClient = createOrgGraphSearchClient(gatewayConfig);
7433
7590
  const functionSurfaceClient = createFunctionSurfaceClient(gatewayConfig);
7591
+ const controlPlaneClient = createControlPlaneClient(gatewayConfig);
7434
7592
  const toolRegistryClient = createToolRegistryClient(gatewayConfig);
7435
7593
  const modelRuntimeClient = createModelRuntimeClient(gatewayConfig);
7436
7594
  const packsClient = createPacksClient(gatewayConfig);
@@ -9094,9 +9252,16 @@ function createLucernClient(config = {}) {
9094
9252
  disable: packsClient.disable
9095
9253
  },
9096
9254
  nodes: nodesNamespace,
9255
+ controlPlane: {
9256
+ identity: {
9257
+ resolveInteractivePrincipal: controlPlaneClient.identity.resolveInteractivePrincipal
9258
+ },
9259
+ raw: controlPlaneClient
9260
+ },
9097
9261
  identity: {
9098
9262
  ...identityFacade,
9099
9263
  access: accessControlClient,
9264
+ resolveInteractivePrincipal: identityClient.resolveInteractivePrincipal,
9100
9265
  evaluatePolicy: identityClient.evaluatePolicy,
9101
9266
  recordPolicyDecision: identityClient.recordPolicyDecision,
9102
9267
  putSecretReference: identityClient.putSecretReference,
@@ -9141,6 +9306,7 @@ function createLucernClient(config = {}) {
9141
9306
  ontologyLinks: ontologyLinksClient,
9142
9307
  orgGraphSearch: orgGraphSearchClient,
9143
9308
  functionSurface: functionSurfaceClient,
9309
+ controlPlane: controlPlaneClient,
9144
9310
  toolRegistry: toolRegistryClient,
9145
9311
  modelRuntime: modelRuntimeClient,
9146
9312
  packs: packsClient,